The FHIR gateway now supports the history operation at the instance level

Added warning message to the conversion results returned to an hl7v2 endpoint client when the value populated in OBR.24 could not be mapped to an element of Table 0074.

Prior Auth Support (PAS) module now has two additional properties for specifying NPI systems, which will be used to search Practitioner and Organization resources. Additionally, property identifier_code_system has been removed from configuration.

Add Prior Auth custom troubleshooting log handler.

Added support for Provider Access Da Vinci data export, via the $davinci-data-export operation.

Added a troubleshooting log for request partition routing.

The configuration bundle zip download now includes a summary of registered hooks.

If a Camel Message Body implements IModelJson (i.e. it is a Java class that supports JSON serialization), the body will now be serialized to JSON and made available to the Camel Script as a JSON object.

Previously when a Camel Script expected Java Bundle input, it needed to have the input=bundle parameter on the Camel Script URI. This is no longer required. Bundle types are now automatically detected and made available to the JavaScript Execution Environment.

FHIR Path expressions can now be evaluated on FHIR resources within the Java Execution Environment. See the FHIR Model API documentation for details on how to do this.

Modified Camel JavaScript integration to give Camel Scripts access to Exchange Headers and Properties by including includeExchange=true in the Camel Script URI. See the Script section of Smile Camel Processors for details of how this works.

Added P2P export type to $davinci-data-export operation.

The Module Config page of the Web Application Console now displays the interceptors that are registered on that module.

Fixed an issue where the FHIR Gateway blocks responses containing an OperationOutcome in a search

Previously, configuring the system in Mass Ingestion Mode while providing JS update callbacks would prevent an HL7v2 endpoint module from booting. This combination of configuration is now allowed.

Previously in some situations when exporting a CDA document that contained a Vital Signs section, an additional component entry with an empty observation element was created. This has been fixed.

Previously, the Observation resources generated by the CDA Exchange+ module were not following the guidance in the FHIR specification regarding the Assertion pattern. This has been fixed. Now, when the Assertion pattern is encountered in a CDA document, the generated Observation will represent it as a clinical finding using the Case 4 pattern from the guidance.

Fix Camel module startup exception when some route included Hl7v2 javascript function processor.

Attempting to edit/save modules in the admin console would not work if using Safari browser. This has been fixed.

Exported configurations would include S3 Secret Keys, they are now redacted like passwords and other sensitive data.

Previously, properties related to Inbound SMART on FHIR configured on a FHIR endpoint would not be propagated in the response to a capabilities discovery (GET /.well-known/smart-configuration). This issue is fixed.

The db.connectionpool.default_query_timeout_seconds configuration was not being respected for Mongo databases. This has been corrected.

Previously, when importing a CDA document, if the Mental Status section contained Mental Status Observation entries or Assessment Scale Observation entries at the root of the section, these observations would be parsed correctly, but not linked from the Composition. This has been corrected.

Previously, the CDA Exchange+ module would fail to export a CDA document if the source bundle contained an Encounter resource with a hospitalization element, but that hospitalization did not contain a dischargeDisposition code. This has been fixed.

Previously, when parsing an unknown field of a HL7v2 message, if only one component is in the field and it is requested as the first component, e.g. as 'OBX-23-1' the parser would throw an error. Now it correctly returns the value.

Previously, the CDA Exchange+ module was transforming the contents of Admission Medications, Medications Administered, and Discharge Medications sections to MedicationStatement resources when conforming to a US Core or USCDI IG. This has been changed to produce MedicationRequest resources instead, to better align with IG guidance.

Previously, calling XmlDocumentProxy#getXPathElements(xpath) in the JSEE would return an empty list even if matching nodes existed, if the XML document contained an unqualified xmlns attribute anywhere but the root of the document. This has been corrected.

Update $member-match response to conform with HRex Member Match Operation. Return MemberIdentifier as Identifier resource and MemberId as Reference as specified in https://build.fhir.org/ig/HL7/davinci-ehrx/OperationDefinition-member-match.html

Update $invoke-export to handle the case member-match response does not return a memberId

Previously, the hl7v2 inbound mapper would not create an issue when processing a coded element with a missing code system or a missing required code (conversion from CE, CWE or IS to Coding or CodeableConceot). Two new properties have been introduced for the hl7v2 listener module which will issue error/warning for these cases. The properties are disabled by default.

Added $replace-references operation to change resource pointed by references.

This feature introduces method hasDeceasedBooleanType() and hasDeceasedDateTimeType() invokable on a Patient resource within the JavaScript environment. We have provided the methods to eliminate the need for redundant boiler place code commonly required to assess the element type of property patient.deceased. Please see documentation for further details and examples.

Added documentation for module dependencies. See an example here and see a full list of module dependencies here.

A new Consent Module has been added to the list of Experimental Features. This module adds a Consent resource-driven framework on top of the existing code-driven Consent Service. See the Consent Module Overview page for more details.

Default templates have been created for each resource type to generate narrative for every section within the CDA Exchange+ module. To use the generative narrative feature see the documentation here.

Gateway consent has been added, allowing to apply consent to routes before sending requests to targets.

The following OpenTelemetry metrics have been added to monitor the number of successful and failed authentication attempts: smilecdr.authentication.success_count, smilecdr.authentication.failure_count

The HL7 v2.x inbound processor now supports mapping AL1-6 (Identification Date) to AllergyIntolerance.onsetDateTime.

A new experimental option has been added to the FHIR Endpoint module which provides a virtualized view of an MDM-enabled repository. See MDM Virtualized Endpoint for more information.

The Package Registry Endpoint module now supports searching for packages by author.

In the CDA Exchange+ module, new parsing of Encounter and Note resources has been added for entryRelationship nodes in the Immunization section.

A new setting has been added to the FHIR Storage (RDBMS) module which allows full resource contents to not be indexed by the Full-Text engine when Full-Text indexing is enabled. Disabling this setting can save space if the Full-Text engine is only required for terminology purposes.

Added the FHIRGW_TRANSACTION_POST_SELECT_ROUTE pointcut to the Gateway Interceptor template in the CDR Interceptor Starter Project.

Introduce new custom interceptor PRIOR_AUTH_CRD_GATHER_CONTEXT to determine/identifier payer memberId for Prior Auth CRD module.

Added configuration property to Cluster Manager configuration that allows to specify optional prefix for the broker channels (ActiveMQ Queues and Kafka Topics). This will cause the given prefix to be prepended to the names of non-customizable channels being used by Smile CDR.

MegaScale search now supports searching multiple partitions at once provided all of those partitions map to the same database.

When performing a Federated OAuth2/OIDC Login, Smile CDR will now supply PKCE parameters to the federated provider, providing an additional element of security to this exchange.

CDS Hooks Prefetch Requests are now being logged in transaction logs.

A new MDM mode configuration item was added (default MATCH_AND_LINK). When the MDM module is run in MATCH_ONLY mode then MDM operations are disabled and no MDM processing occurs. This is useful if, for example, you want to use the Patient/$match operation without having the overhead of creating links and golden resources.

The CDA Exchange+ module allows the default narrative templates to be overridden by providing a set of custom Thymeleaf templates in the Narrative Generator module. See the documentation for more details.

Two new settings have been added which can be used to configure the timeout and size of the Validation Support Cache. This cache now also exports OpenTelemetry metrics around its current size.

Changed the CDA Exchange+ narrative templates selection criteria to use the coding that is provided in Composition.section.code. See the documentation for more details.

Changed the CDA Exchange+ section narrative generator to flatten subsection resources into the list of resources used when generating narrative content.

Functionality has been added to filter transaction logs by module id. See the Optional Module ID Filtering section of the Transaction Log page for more details.

The CDA Exchange+ module now supports exporting C-CDA Discharge Summary documents.

The CDA Exchange+ module now provides the operation $smile-generate-cda for generating CDA documents from document Bundles, from Compositions, or through the use of JS scripts. See the documentation for details.

The CDA Exchange+ module now provides configuration parameters to allow fine-grain control of which generated resources get persisted during the cda export process.

Upgraded the Clinical Reasoning module to the latest release of 3.15.0. Many caregaps request errors that previously resulted in HTTP status code of 500 now result in 400 instead.

Upgrade the Clinical Reasoning module to the latest release of 3.15.0. CMPI now supports the delete operation

Upgrade the Clinical Reasoning module to the latest release of 3.15.0. Please review associated ticket for detailed list of changes which including changes to error handling, measure scoring and support for Organization subjects.

The Apache Camel version used in the Camel module has been upgraded from 4.4.1 to 4.8.2. See the Apache Camel 4.X Upgrade Guide for more details.

Adds a Development Forecast section to the docs page.

The JvmStatsMonitor which emits occasional status updates to the system log will now include details about the HTTP and FHIR Storage throughput across the entire cluster.

When starting the Cluster Manager module, the FHIR Storage (RDBMS) module, or any other module using a database, the system logs will now include a statement describing the connection pool sizes and a few other useful troubleshooting details.

Several improvements have been made to the /endpoint-health endpoint exposed by HTTP endpoint modules such as the FHIR Endpoint module:

• The response will only indicate a failure if multiple HTTP 5xx failures have been retreturned and no successful responses have been returned over a 5 minute period. The previous behavior returned a failure if a single HTTP 5xx response had been returned, which was overly sensitive.
• The response will include the ID of any failing health checks
• A system log entry will be written any time this endpoint returns a non-successful response

Ensure that $qpp-build always downloads a QPP spec file from github CMSgov if the file has not been added to the cdr binary build. This means no need for an explicit release once a QPP spec file becomes available for a new year, such as 2026.

The CDA Exchange+ module now offers the option of importing a CDA document as a single FHIR document Bundle. See the documentation for more details.

Added pointcut AUDIT_EVENT_PRE_PERSIST to the CDR Interceptor framework. It allows clients to provide key/value pairs as additional information to be logged with a specific audit event. Upon returning from the pointcut invocation, the key/value pairs are serialized onto a JSON string and attached to the audit event before submission to the persistence and/or broker layer. User provided information is made available for viewing through the web and admin console. Refer to our documentation for an example of the pointcut implementation.

Add a new pointcut CONSENT_ACTIVE_CONSENT_RESOURCES_RESOLVE to contribute Consent resources to the Consent Module from arbitrary sources.

Prior Auth CRD now generates transaction logs before and after $apply operation for more traceability.

A new processor has been added to the Camel module which provides manual commits to Kafka-based routes. This can be used to achieve guaranteed delivery of data. Documentation examples have been provided showing how to achieve this.

Clinical Reasoning version bump to 3.17. Introduction of new feature that allows for containing dQM $evaluate-measure and $evaluate-measures operations to not fail on a single encountered processing error, enabling users to get visibility on results of successfully processable resources and sources of encountered errors to follow up on.

The CDA Exchange module has been deprecated, and replaced by the CDA Exchange+ module.

Previously, directly accessing array resource.contained from the JavaScript environment would generate an internal error if the element was not instantiated. This issue is fixed.

Resolved a number of No prototype for... warning messages that would appear in the Smile logs upon startup. Also clarified the wording of and added more details to a few warning messages.

Fixed an issue where transaction log entries relating to performing a create/read/update/search using the JSEE Fhir API would previously always have event type ETL_IMPORTER, regardless of which context the script was executed in. This has been corrected.

Previously, the $submit-attachment operation required a client-assigned ID for the DocumentReference attachment. This has now been changed such that the server will generate an ID when no ID is provided.

The Fhir interface, which provides access to persistence module functionality, will now be exposed to JavaScript environments in modules that extend or depend on persistence module. Specifically, the following JS functions have now been fixed to provide access to Fhir API: onAuthenticationSuccess, authenticate, authenticateAnonymous, onTokenGenerating, onTokenGenerated, onPostAuthorize, onSmartLoginPreContextSelection, getUserName, repositoryValidationProvideRules

Prior to this change, Gateway DELETE operations would return the OperationOutcome of the delete called on the first target, irrespective of the success/failure of the delete operation. This means that a SUCCESSFUL_DELETE_NOT_FOUND result was often returned when the resource actually was found and deleted. Now, if the resource was actually deleted on one of the targets, the OperationOutcome of that target is returned to the caller with the proper SUCCESSFUL_DELETE result so that the caller can detect the resource was successfully deleted.

Prior to this change, Gateway target http headers added by FHIRGW_XXX_TARGET_PREINVOKE interceptors would persist between targets, so if the interceptor added an http-header for one target call, that header would still be present in calls to subsequent target calls. This has been corrected so each target call has an independent set of additional headers.

Previously, if the payload of rest-hook subscription message exceeded the broker's maximum message size, an exception would be thrown. Now, the message is delivered successfully.

Previously, HTTP 400 - Bad Request exceptions thrown in Hybrid Providers were not propagated back to Gateway Clients. Additionally, HTTP 401 - Unauthorized responses from Gateway Search targets would return the incorrect status code. These have both been fixed.

Previously, when performing a Gateway Read, if two targets return the same HTTP status code but have different error messages, then only the first message was returned. This has been fixed so that all error messages are returned as issues in the Operation Outcome. Additionally, when Gateway Read targets return an Authorization exception, the OperationOutcome resource associated with the exception was returned to the client. The associated OperationOutcome resource will no longer be returned to prevent leaking target details to the client.

Hl7V2 library was updated to version 2.6.0, which allows to define client socket timeout.

Prior to this change, hypertext links to JSON examples would return an error page when invoked from the Web Admin documentation. This issue has been fixed.

Prior to this change, exporting the Plan of Treatment section in the CDA Exchange+ module the ServiceRequest resources were being exported as Planned Observations templates. This issue has been fixed to export as Planned Act now.

Previously, attempting to restart the Persistence module would result in a NullPointerException when partition selection mode was set to PATIENT_ID, mass ingestion was enabled, and at least one Search Parameter was disabled. This has now been fixed.

Updated bootstrap (frontend) dependency due to vulnerabilities.

Previously, the CDA Exchange+ mappings for the Note Activity entry contained some errors that were causing generated documents to fail validation. These errors have been fixed.

Mapping errors in the CDA Exchange+ module that were resulting in empty <entryRelationship> elements in the Medication and Procedure sections of an exported C-CDA document have been fixed.

Previously, when use_standalone_medications_with_component_code was configured in Hl7v2_in module, and input message contained RXC and RXE matching records, a dangling medication ingredient reference was created. This has been fixed in the following way: 1. When RCX and RXE records match, no medication component or medication ingredient reference is created. 2. When RCX and RXE records don't match (even by the display field), a medication component is created for the ingredient and the medication references it from the medication ingredient.

Add configuration for hapi-fhir storage property bundleBatchPoolSize.

Fixed a regression where an OAuth token request with an invalid token would incorrectly return a 401 Unauthorized error. It now correctly returns a 400 Bad Request error.

Previously, $evaluate-measure without an async header with reportType SUBJECT and a null subject failed with a 500 status code and a cryptic error message. This has been fixed with a 400 status code and a clear error message.

When partition mode by URL is enabled, requests to {fhir_endpoint}/.well-known/smart-configuration would not work, ignoring DEFAULT partitions. Ie, {fhir_endpoint}/DEFAULT/.well-known/smart-configuration and {fhir_endpoint}/.well-known/smart-configuration both should work, but neither did. This has been fixed.

The error message for an invalid module ID has now been improved to include the expected module ID pattern. Additionally, using a module ID with the '-' character would throw an error in the WAC, but be allowed from the .properties file. This has now been fixed by allowing module IDs with the '-' character from the Web UI.

Previously in the CDA Exchange+ module when importing an id node that only contains a root attribute value no code system was being added to the FHIR resource. This has been fixed by adding the system urn:ietf:rfc:3986 as defined by the FHIR specification.

Previously in the CDA Exchange+ module, when exporting CodeableConcept data that has both a coding and a data absent reason extension the export would not render the translation of code. This has now been fixed.

Previously, environment variables similar to a configuration setting could override the property file. E.g. the issuer.url for the Smart Outbound Security module was being overwritten by a ISSUER_URL environment variable. This has been corrected.

The smile documentation main header navigation menu has been updated to reflect the navigation items seen on the Smile Digital Health website

As of this release, the Device resource is now in the Patient compartment via the field Device.patient for the FHIR R4 release and below. This is a deviation from the official HL7 FHIR specification, but has been made in response to many customer requests. This means that Device resources will be included when adding compartment based user permissions, search narrowing, and patient-scoped bulk exports.

The fields <manufacturerModelName> and <softwareName> have been set as mandatory when exporting a C-CDA document with a Device for its author.

Previously, the CDA Exchange+ module was not mapping the address associated with an authoring device. This address will now be captured in a contained Location resource.

A previous documentation update incorrectly marked the JSON Admin API endpoints for creating, updating, viewing and deleting CDA template scripts as deprecated. These endpoints are still supported, and the deprecation warning has been removed.

Previously, when invoking the $docref operation, the version of the CDA document in the returned DocumentReference would not include any changes that were carried out by the post-processing script, although the version of the document persisted to the repository as a Binary resource would. This has been fixed so that the post-processing changes are included in both versions of the document.

Corrected a bug in the PartitionSecurityInterceptor which was causing custom default partition IDs to fail to validate. This only affected people running in CUSTOM and PATIENT_ID partitioning modes.

Previously, in the Composition resource created during the CDA export process, the field Composition.section.code.coding.system was being populated with an OID rather than the expected URI. This has been fixed.

Fixed demoskin html field definitions which were unaligned after bootstrap migration.

Previously, running $evaluate-measures with evaluate_measure.use_part_of_organizations enabled in non-async (low latency) for subject or subject-list mode would fail to retrieve patients related to organizations related to organizations by partOf. This has been fixed.

Stopped modules used to show up as 'healthy' during health checks. This has been change so that stopped modules are 'unhealthy'.

Previously, the CDA Exchange+ module would use a nullFlavor attribute to mark the absence of narrative in an otherwise empty section. This has been replaced with human readable placeholder text.

Update property settings in PAS module

Fixed an issue where using the $apply-codesystem-delta-add operation fails when hibernate search is enabled.

Fixed gateway failure to sort when null sort fields were present.

QueryDsl dependency has been changed to a new fork, and updated to 6.10.1, to remediate CVE-2024-49203.

Previously, the CDA Exchange+ module would fail to import a document if one of the sections was lacking any templateId elements. This has been fixed.

On the site documentation, redirect user to versioned table of contents if the page they are navigating from does not exist in the requested version.

Previously, the CDA Exchange+ module might fail to import a document if it contained a Medication Activity entry where the effectiveTime field had nullFlavor for both the start and end times of the interval. This has been fixed.

Previously, the CDA Exchange+ module would fail to import a CDA file having a list of <entryRelationship> elements with multiple nested entries of the same type, where those nested entries also contain lists of <entryRelationship> elements. This has been fixed.

Previously, the CDA Exchange+ module would fail to populate the subject of some Encounter resources. This has been fixed.

Fixed broken documentation links.

The endpoints template/{template_id}/apply and {resource_type}/{resource_id}/apply have been removed from the JSON Admin API. The functionality previously offered through those endpoints is now available through the $smile-generate-cda operation.

The AWS Healthlake Module has been removed from Smile CDR. Installations which have this module configured will no longer boot this module.

Smile CDR stopped collecting internal metrics in 2024.02.R01 in favour of using OpenTelemetry. As of 2025.02.R01, the tables used for built-in metrics collection have been removed.