Since November 11, 2024, the new production server of Service Unit Terminological Services (SU-TermServ) is operational. With this, the SU-TermServ now provides a powerful platform for delivering terminology services within the Medical Informatics Initiative (MII) and the Network of University Medicine (NUM). The new server is accessible at the address https://ontoserver.mii-termserv.de/fhir ๐ for FHIR clients.
Previously, SU-TermServ provided services at the address https://terminology-highmed.medic.medfak.uni-koeln.de/fhir ๐. This server originated from the HiGHmed project. With the start of the current funding phase of the MII in January 2023, the operation of this server was professionalized, and the target audience was officially expanded to the entire MII and NUM through an independent 2b project.
Shutdown of the old server
The old HiGHmed server will continue to operate until the end of 2024 and will then be shut down in the first weeks of the new year. Please migrate to the new services. All previous FHIR resources should remain available. If you experience issues connecting to the new service, please contact us in our Zulip channel or via email.
The Ballot Server will continue to operate in the future to provide a public platform for the further development of the resources.
You will need a corresponding certificate to access the server. An IP Allow List will no longer be supported in the future, but we can issue our own certificates if needed.
Authentication
All endpoints secured by Mutual TLS are marked with a lock ๐.
Services on the server
Ontoserver
The terminology server uses the software Ontoserver to provide terminologies and ontologies. The server is accessible at the address https://ontoserver.mii-termserv.de/fhir ๐. As a FHIR terminology server, Ontoserver implements the sub-specification of the FHIR Terminology Module in the version of FHIR R4. For more information on using these services, please refer to the slides from our last workshop in July 2024 and our onboarding slides. Documentation for Ontoserver, including a Postman collection for testing, can also be found from the manufacturer.
In addition to FHIR services, Ontoserver also provides the syndication function. This allows Ontoserver instances to be networked to provide resources from an upstream instance (i.e., the SU-TermServ instance) to downstream instances (e.g., within the data integration centers). The syndication feed can be found in XML format at https://ontoserver.mii-termserv.de/synd/syndication.xml ๐. Syndication uses the Atom format according to RFC 4287, while the syndication-specific adjustments were specified by the Australian National Clinical Terminology Service (NCTS). The Australian Digital Health Agency also provides a syndication client library for Java and .NET to consume the syndication feed in other applications than Ontoserver.
Launchpad
At www.ontoserver.mii-termserv.de, you can find an overview of the provided services and other software that can communicate with the Ontoserver. No authentication via mTLS is required here.
Canonical Resource Management Infrastructure (CRMI)
With the Canonical Resource Management Infrastructure Implementation Guide, the Clinical Decision Support working group of HL7 International has specified profiles, operations, and guidelines for dealing with canonical resources (FHIR knowledge artifacts, particularly ValueSets and Profiles).
For the work of SU-TermServ, the following aspects of this Implementation Guide are particularly relevant:
- In the sections Packaging and Publishing, the packaging and distribution of FHIR resources through FHIR-NPM packages [Specification] are described.
- Within the section Distribution, rules are specified for identifying dependencies between the resources (Dependency Tracing).
- The specification within the part Syndication of the distribution concept describes an adaptation of the syndication concept using Atom feeds. Compared to the syndication concept of the Ontoserver, a package-based syndication is described here rather than a resource-based one.
- Through the extension
http://hl7.org/fhir/StructureDefinition/cqf-scope, the linkage between the resources and the packages through which they are published is to be established as described. - The Implementation Guide also specifies rules for the versioning of artifacts and packages here.
The SU-TermServ has fully implemented the packaging of the resources, taking into account the dependencies identified by the Dependency Tracing rules (as extensively described in our previous blog post commenting on the previous server). Additionally, the syndication profile was implemented based on the NPM packages.
Authentification ๐
Authentication with the new server is now only possible via mTLS. The previous option for authentication via an IP allow-list is no longer supported due to the resulting maintenance effort. Instead, we now provide the option to issue certificates from our own certificate chain for both individuals and organizations. Please contact SU-TermServ via email or MII-Zulip.
The issuers accepted by us are always listed on the Ontoserver page. We currently support the following issuers:
- GรANT
- Sectigo Organization Validation Secure Server CA
- USERTrust
- DFN-PKI
- our own CA
We have no requirements regarding supported certificate profile. In particular, we support the use of server certificates that are also used for HTTPS, and personal certificates for, e.g., document signing and signed/encrypted emails via S/MIME.
All certificates must be issued for entities in Germany; this information can be found in the Distinguished Name of the certificate. We check for the presence of the attribute C=DE. Access for entities outside the Federal Republic of Germany is not possible due to our contractual situation with CSIRO, the manufacturer of Ontoserver.
Current situation with GรANT and Sectigo (updated on 2024-12-16)
The DFN has announced that Sectigo has terminated its contractual relationship with the GรANT consortium due to differences.
On December 13, 2024, DFN announced that a new contractual relationship has been established with the Greek provider HARICA as a transitional solution. More information can be found regularly updated on the DFN pages regarding the current situation and on the services offered by HARICA in particular. We will, of course, accept HARICA certificates for authentication as soon as more information is available.
As of the current knowledge on December 16, 2024, it will no longer be possible to request certificates through Sectigo as of January 10, 2025 or earlier.
DFN recommends still to extend all certificates before their expiration date in the coming weeks until the end of the year, in order to postpone necessary tasks into the future.
The security of access to our services is not at any time compromised by this changeover. We will inform about further steps through the channels of the coordination office and on this website.
Write Access
You are not able to create resources on the server. Further authentication is necessary for this, which is only granted to employees of the SU-TermServ project. However, if you have a need for resources that is shared by other parties within MII and NUM, you can discuss with us to create your own FHIR packages (we can, of course, provide support in this), which can then be uploaded by us. More information is available here.
Updates
SU-TermServ is involved in the further development of the core dataset modules and is thus informed about new releases. Stable package versions will be repackaged by us shortly and then made available on the server. By default, we only support the latest version, but older packages will remain available on our GitLab area, so they can also be used by the sites if needed. If an urgent need for the simultaneous provision of individual packages is identified, this can also be implemented.
Due to the repackaging by SU-TermServ, some dependencies, i.e., external terminologies, are covered by new packages. We will update these packages as follows:
- ICD-10-GM, OPS, Alpha-ID at the turn of the year
- The International Edition of SNOMED CT biannually with the January and July versions
- The Germany Edition of SNOMED CT biannually in the rhythm of BfArM, currently in May and November
- LOINC upon release
Other external dependencies, such as the key tables of KBV, the German base profiles, or the DICOM value sets, will be updated when new versions are released, and dependent packages will be tested for compatibility with the new versions. Necessary adjustments will be communicated with the responsible parties, and a strategy for updates will be developed together.
Migration
If you are already connected to our services, specifically to the FHIR endpoint https://terminology-highmed.medic.medfak.uni-koeln.de/fhir ๐ and/or to Syndication https://terminology-highmed.medic.medfak.uni-koeln.de/synd/syndication.xml ๐, an adjustment on your side is required.
The new FHIR endpoint is https://ontoserver.mii-termserv.de/fhir ๐, and the syndication feed can be accessed at https://ontoserver.mii-termserv.de/synd/syndication.xml ๐.
If you are already using a certificate for authentication, you can also use it for the new serverโif not, please contact us!
If you have been using the IP allow-list because you could not obtain a certificate through GรANT, please contact us so that we can issue you a corresponding certificate from our CA. The validity of this certificate will currently not be longer than until the end of 2027.
At the turn of the year, we will then shut down the old server and inform you accordingly.
Please also consider the current situation regarding Sectigo and GรANT outlined above.