Governance for FHIR Validation Using MedCom FHIR Standards

Table of contents

1 Introduction
2 Validation in Vendor Systems
- 2.1 FHIR Messaging - Validation Governance
  - 2.1.1 Sender-side validation
  - 2.1.2 Receiver-side validation
- 2.2 FHIR Documents - Validation Governance
3 Validation in MedCom FHIR test server
- 3.1 Guide: how to post JSON and XML to MedCom’s FHIR test server
  - 3.1.1 JSON
  - 3.1.2 XML

1 Introduction

To ensure interoperability and robustness in FHIR-based exchanges within the Danish healthcare domain, MedCom defines the following governance for validation. The governance ensures that exchanged FHIR content is syntactically valid, semantically conformant, and fully compliant with the relevant profiles.

Notice that the governance principles for MedCom FHIR Messaging differ from those for MedCom FHIR Documents, and vendors SHALL ensure that the appropriate rules are applied depending on the communication method. You can read more about FHIR validation in general on HL7 FHIR’s official web page: Validating Resources.

2 Validation in Vendor Systems

Vendors SHALL implement FHIR validation as part of their own solutions and apply it in production environments to ensure continuous conformance with MedCom’s FHIR standards.

Vendors SHALL use a FHIR validator that is based on an officially maintained HL7 FHIR implementation. The selected validator SHALL be capable of validating resources against all required Implementation Guides, including profiles, extensions, and terminology bindings. MedCom does not recommend a specific solution.

The list below shows examples of FHIR validators commonly used in the international community. The list is provided for guidance only, to help vendors identify tools suitable for their own technical environment. MedCom has not tested these validators and cannot guarantee their behaviour. MedCom encourages vendors to contact FHIR@medcom.dk with comments or suggestions regarding the list.

Notice that the validation behaviour may show minor variations between different validator implementations and programming languages - for example between C# and Java. In case of disagreement about validation results, MedCom SHALL be contacted via email (FHIR@medcom.dk) to clarify.

Vendors SHALL maintain logs for troubleshooting.

THE LIST IS UNDER DEVELOPMENT.

2.1 FHIR Messaging - Validation Governance

This governance applies specifically to MedCom FHIR Messaging and aligns with MedCom’s general principles for Reliable Messaging.

2.1.1 Sender-side validation

The sender SHALL validate outgoing FHIR messages against the relevant FHIR Implementation Guide(s) (IG) before transmission. This includes Acknowledgements.
Messages with validation errors SHALL NOT be sent unless explicitly approved by the responsible authority within the sending organization.

2.1.2 Receiver-side validation

The receiver SHALL validate all incoming messages before further processing.
Receivers SHALL accept non-critical warnings but SHALL reject messages that violate mandatory constraints and rules.
The sender SHALL validate received acknowledgements and ensure that they correctly reference the original message. If an Acknowledgement fails validation, the receiver SHALL contact the sending system through alternative communication channels to inform them that their acknowledgement messages are not conformant.

2.2 FHIR Documents - Validation Governance

This governance applies specifically to MedCom FHIR Documents. This governance is under development. Once finalized, the governance will be published on this site.

3 Validation in MedCom FHIR test server

MedCom provides a FHIR server that can be used to validate implementations against MedCom’s FHIR standards. This server is intended for testing only and SHALL NOT be used for production transactions, nor contain any real-world or personally identifiable data.

There is a limit to how many times a vendor can execute test scripts in Touchstone. Therefore, MedCom recommends using the test server first to perform general validation before running the tests in Touchstone. The test server cannot validate the specific use case covered by the test script, but it can be used to identify and correct general issues. Read more about how to use Touchstone here.

Some MedCom Implementation Guides exist in multiple versions on the test server to cover all MedCom standards. The validation server always uses the latest profile version by default. If your implementation is based on an earlier version, specify it by appending the version number to the canonical URL in resource.meta.profile using the format |n.n.n.

Example:

"profile" : [
    "http://medcomfhir.dk/ig/core/StructureDefinition/medcom-core-patient|3.0.1"
]

Notice that JSON resources can be validated directly in the browser, while XML resources must be submitted using a client tool such as Postman. You can find a guide on how to post JSON and XML below.

3.1 Guide: how to post JSON and XML to MedCom’s FHIR test server

If you do not have a user account for MedCom’s FHIR test server, contact FHIR@medcom.dk and request access. Include the names and email addresses of the people who need access.

There are two ways to validate using MedCom’s FHIR test server:

By posting JSON directly through a web browser.
By posting XML (or JSON) using a client tool such as Postman.

This section provides a step-by-step guide for both the browser-based and Postman-based validation methods. Other client tools may also be used.

3.1.1 JSON

1) Go to https://medcomfhir.dk and log in. 2) Select the “Bundle” section to get access to the Bundle operations. 3) Choose the POST /Bundle/%Validate operation and click “Try it out”. 4) Paste your FHIR Bundle (JSON format) into the request body and click “Execute”. 5) Review the validation result (OperationOutcome) under the “Responses” section.

3.1.2 XML

Part 1: Setup in Postman

Install Postman.
Create a new workspace and import these three files (WILL BE AVAILALBE SOON) by clicking Import in Postman.
Open the MedCom FHIR collection.
Go to the Authorization tab and select Auth Type: OAuth 2.0.

Under Configure New Token, fill in:

Token name: token
Grant type: Password Credentials
Access Token URL: https://keycloak.hosting.kitkube.dk/auth/realms/
medcom/protocol/openid-connect/token
Client ID: hapifhir-userclient
Username and password: Your MedCom FHIR server login
Scope: openid
Client authentication: Send as Basic Auth header

Click Get New Access Token, then Proceed and Use Token.
The token appears under Current Token and expires after a short time. Click Refresh to renew it or click Get New Token if it has expired.

Part 2: Post Bundle to the Server

In the MedCom FHIR collection, select the POST request.
Enter the following endpoint in the request URL field: https://fhir.medcom.dk/fhir/Bundle/$validate

Under Headers, add:

Content-Type: application/fhir+xml
Accept: application/fhir+xml

Under Body, choose Raw, select XML, and paste your FHIR Bundle.
Click Send to execute the request.
Review the validation result (OperationOutcome) in the response.

About

Support or contact

MedCom is responsible for this page. If you have any questions regarding this page, please contact fhir@medcom.dk or write to MedCom's stream on Zulip.

Version of this documentation

The version of this documentation is: Version 2.0.1 You can find the release note of the version here.

"FHIR® is the registered trademark of HL7 and is used with the permission of HL7. Use of the FHIR trademark does not constitute endorsement of this implementation guide by HL7, nor affirmation that this content is conformant to the various applicable standards"

Tilgængelighedserklæring