A robust, secure, and modern backend for exchanging patient electronic health records (EHR) across different hospital networks. Built with FastAPI and SQLite, it provides consent-gated data access, global patient identity resolution, and tamper-proof audit trails.
- 🏥 Multi-Hospital Network Ecosystem: Allows diverse clinical institutions to interoperate securely via API keys.
- 🪪 Master Patient Index (MPI): Maps decentralized, local hospital IDs to a centralized global patient UUID for consistent identification.
- 🔐 Consent-Gated Data Access: Hospitals can only access records from other hospitals if an active, non-expired Consent grant exists for that specific patient.
- 📜 FHIR R4 Standardized Payloads: Constructs patient data, observations, and algorithmic encounters into strictly formatted HL7 FHIR-like JSON bundles (without heavy external library dependencies).
- ⛓️ Tamper-Proof Audit Logging: Replaces complex blockchain infrastructure by computing and verifying local SHA-256 cryptographic hashes for every data access, consent update, and access denial.
The system consolidates 5 core microservices from the MVP specification into a streamlined monolithic architecture for rapid MVP deployment:
- Hospital Registry: Manages registered institutions and API credentials.
- MPI Service: Handles global identity resolution.
- Patient Data Service: Manages local data ingestion (demographics, encounters, observations).
- Consent Service: Handles granting, revoking, and validating cross-hospital access.
- Audit / Anti-Tamper Service: Logs events and computes cryptographic hashes to detect manipulation.
- FHIR Service: Compiles the data layer into compliant
BundleJSON responses.
- Python 3.10+
pip(Python package manager)
-
Clone the repository and navigate to the backend directory:
cd backend -
Create and activate a virtual environment:
python -m venv venv source venv/bin/activate # On Windows use: venv\Scripts\activate
-
Install dependencies:
pip install -r requirements.txt
-
Environment Variables: Copy the example configuration:
cp .env.example .env
(The backend works out-of-the-box with the defaults provided in
.env)
To quickly test the platform, run the seed script. It provisions 3 hospitals, 7 patients, 15 clinical records, and multiple cross-network consent rules:
python -m app.seedStart the FastAPI application:
uvicorn app.main:app --port 8000 --reloadOnce the server is running, the interactive interactive Swagger UI documentation is available at:
All API endpoints (except the public registry list and health checks) require two custom headers identifying the acting hospital:
X-Hospital-ID: (e.g.,HOSP_001)X-API-Key: (e.g.,key_001)
- Check System Health:
GET / - View Available Hospitals:
GET /api/hospitals - View Owned Patients:
GET /api/patients(Requires Auth) - Fetch FHIR Bundle Across Network:
GET /api/bundle/{global_patient_id}(Will return200 OKand a compiled FHIR dict if Consent is active. Will cleanly return403 Forbiddenif missing/revoked). - Verify Audit Integrity:
GET /api/audit/verify/{event_id}
- Language: Python 3
- Framework: FastAPI
- ORM: SQLAlchemy
- Database: SQLite
- Data Validation: Pydantic