Building FHIR Applications with MongoDB Atlas

MongoDB Atlas makes it very easy to manage data of healthcare and FHIR applications. MongoDB was included in the press release by the Department of Human and Health Service’s Office of the National Coordinator for Health Information Technology which announced the winner of the “Secure API Server Showdown” challenge.

After a vigorous competition, the team at Asymmetrik was awarded winner of the reference implementation of a secure open source FHIR server based on MongoDB. For a deeper dive, the source code is available for developers and architects under the MIT license.

FHIR® (Fast Healthcare Interoperability Resources) is a next-generation standards framework created by HL7 which promises to ease interoperability in the healthcare industry and builds on previous efforts. MongoDB and FHIR both support the JSON format, the de facto standard extensively used in modern application development due to its’ ability to support rich data structures and objects prevalent in healthcare, such as patients, claims, policies, treatments and so on.

Why Consider MongoDB Atlas for Managing FHIR Data?

MongoDB Atlas is a fully-managed cloud database developed by the same people that build MongoDB. Atlas handles all the complexity of deploying, managing, and healing your MongoDB deployments on the cloud service provider of your choice (AWS, Azure, and GCP). It is built on the notion of security by default, provides always-on encryption at rest, TLS1.1 or higher for encryption in motion, encryption in use, creation of MongoDB clusters in fully isolated VPCs, an always-on Atlas auditing feed, and simple enablement of database-level auditing. For a full list of MongoDB Atlas features, please refer to the documentation.

One of the many reasons Atlas is the database of choice for companies managing healthcare-related data is because of our high compliance standards. Not only is Atlas HIPAA ready, but it’s compliant with GDPR, ISO27001, PCI, and SOC 2 Type II. We don’t compromise on security, and neither should you.

FHIR Application Architecture with MongoDB Atlas

Using MongoDB Atlas is the fastest way to build FHIR applications. A sample illustration of this architecture is shown below.

The MongoDB Atlas customer creates a cloud account in AWS/Azure/GCP (dotted blue line) and deploys a FHIR application server and dashboard. The MongoDB Atlas customer then creates an appropriate MongoDB cluster (M10+) which is deployed in a fully isolated virtual private cloud (VPC), and connects the cluster with the FHIR server using always-on TLS and authentication over one of several networking options 1) IP whitelist 2) VPC peering. Optionally, the MongoDB Atlas customer can use the keys under their own management to encrypt cluster data files, or encrypt certain fields within a JSON document within the FHIR server before sending them to MongoDB Atlas for storage.

The MongoDB Atlas customer can further utilize services such as Charts to create personalized dashboards for its users, use Stitch to manage authentication of its FHIR application users, or Atlas Search to allow its users to perform unstructured search queries. If the users of an application store data within their own repositories, a MongoDB Atlas customer can leverage Data Lake to query that data in place upon permission of such application users.

How to create a FHIR application with MongoDB Atlas

1. Create an account with MongoDB Atlas.
2. Create a free-tier MongoDB cluster.

3. Create a database user “fhirtest”. Note the credentials of the user.

4. Configure IP white list for accessing this cluster (assuming you will run the FHIR server on your local machine).

5. Clone the FHIR server repository on your local machine

git clone https://github.com/Asymmetrik/node-fhir-server-mongo

6. Configure the MongoDB Atlas cluster user in the repository

• Replace Line 10 of node-fhir-server-mongo/src/config.js with:

connection: 'mongodb+srv://${env.MONGO_HOSTNAME}/fhir?retryWrites=true&w=majority'

• In node-fhir-server-mongo/env.json, update line 4 under MONGO_HOSTNAME section as follows:

“default”: “fhirtest:<password>@<cluster_host_name>”

7. Start the FHIR server

npm start

8. Add patient record

curl -X PUT -H "Content-Type: application/fhir+json" -H "Cache-Control: no-cache" --data @createpatient.json http://localhost:3000/4_0_0/Patient/example

where @createpatient.json is: (COPY PASTE first example from github above)

9. Read patient record

curl -X GET http://localhost:3000/4_0_0/Patient/example

In this blog post, we described what FHIR is and how easy it is to build FHIR applications with MongoDB Atlas. If you are looking to encrypt certain fields in FHIR data before storing them in MongoDB Atlas, consider using MongoDB’s client-side field level encryption. Also, consider using various authentication providers using MongoDB Stitch for FHIR application user authentication, or even bring FHIR server parsing functionality within MongoDB Stitch Functions.