From 2c81e3f7ee83cc70e7ef5caf565e1dde55d17535 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Fri, 20 Jun 2025 09:43:44 +0200 Subject: [PATCH 01/16] MSC4302: Exchanging FHIR resources via Matrix events Signed-off-by: Johannes Marbach --- proposals/4302-🔥-resources.md | 83 ++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 proposals/4302-🔥-resources.md diff --git a/proposals/4302-🔥-resources.md b/proposals/4302-🔥-resources.md new file mode 100644 index 000000000..2779a09aa --- /dev/null +++ b/proposals/4302-🔥-resources.md @@ -0,0 +1,83 @@ +# MSC4302: Exchanging FHIR resources via Matrix events + +[FHIR] (pronounced 🔥) is a globally established standard for exchanging healthcare information +electronically. The base building block of FHIR are so called resources, such as [`Patient`]. These +resources can be serialised into JSON or XML which allows them to be transmitted via the [`m.file`] +message type. This is insufficient, however, because a generic MIME type of `application/xml` or +`application/json` doesn't let clients recognise the content as FHIR before downloading it. The +`m.file` mechanism also doesn't allow clients to infer any details about the types of resources +contained in the file ahead of downloading it. Furthermore, in many cases FHIR resources are small +enough to be inlined into Matrix events which significantly simplifies client-side processing. + +This proposal introduces an event type for transmitting FHIR resources and type information over +Matrix in either inlined or uploaded form. + +## Proposal + +A new event type `m.fhir.resource` is introduced with the following properties in `content`: + +- `canonical_url` (string, required): The resource's [canonical URL], that is the globally unique + identifier defining its schema. MAY contain a version suffix separated by `|` as per the FHIR + specification. +- `m.fhir.resource` (object): The serialised JSON if it fits within the [64 KiB event size limit]. + Required if `m.file` is missing. +- `m.file` (object): An [MSC3551] content block describing an uploaded JSON or XML serialisation of + the resource if it is too large to be inlined. Required if `m.fhir.resource` is missing. + +``` json5 +{ + "type": "m.fhir.resource", + "content": { + "canonical_url": "http://hl7.org/fhir/patient.html|4.0.1", + "m.fhir.resource": { + "resourceType" : "Patient", + "name" : [{ + "use" : "official", + "given" : ["John", "James"], + "family" : "Doe" + }], + "gender" : "male", + "birthDate" : "1970-01-01", + // further properties as per the Patient schema + }, + "m.file": { + "url": "mxc://example.org/abcd1234", + "mimetype": "application/json", + // further properties as per MSC3551 + } +} +``` + +## Potential issues + +FHIR includes generic resources such as [`Bundle`] which wrap other resources. The `canonical_url` +will not help clients understand the wrapped content without downloading it in these cases. +Dedicated event types may be introduced in future to cater to these situations. + +## Alternatives + +A dedicated MIME type such as `application/fhir+xml` would allow clients to recognise an uploaded +file as FHIR ahead of the download. It would not provide clients with information about the types of +contained resources, however. Since FHIR supports a vast number of resources it doesn't appear +practical to introduce dedicated mimetypes per resource, version and serialisation format + +## Security considerations + +None. + +## Unstable prefix + +While this MSC is not considered stable, the event type `m.fhir.resource` should be referred to as +`de.gematik.msc4302.fhir.resource`. + +## Dependencies + +None. + + [FHIR]: https://hl7.org/fhir/ + [`Patient`]: http://hl7.org/fhir/R4/patient.html + [`m.file`]: https://spec.matrix.org/v1.14/client-server-api/#mfile + [canonical URL]: https://build.fhir.org/references.html#canonical + [64 KiB event size limit]: https://spec.matrix.org/v1.14/client-server-api/#size-limits + [MSC3551]: https://github.com/matrix-org/matrix-spec-proposals/pull/3551 + [`Bundle`]: http://hl7.org/fhir/StructureDefinition/Bundle From 766514246475010cb7cdff027d0b15352e287357 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Fri, 20 Jun 2025 19:54:11 +0200 Subject: [PATCH 02/16] Remove the fun --- proposals/{4302-🔥-resources.md => 4302-fhir-resources.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename proposals/{4302-🔥-resources.md => 4302-fhir-resources.md} (100%) diff --git a/proposals/4302-🔥-resources.md b/proposals/4302-fhir-resources.md similarity index 100% rename from proposals/4302-🔥-resources.md rename to proposals/4302-fhir-resources.md From 404ce36a7bba794506e03b936dd7d473c07e02ee Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Mon, 23 Jun 2025 09:07:25 +0200 Subject: [PATCH 03/16] Rearrange points from introduction and alternatives section to better convey the motivation --- proposals/4302-fhir-resources.md | 45 ++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index 2779a09aa..ae86be1c8 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -1,16 +1,19 @@ # MSC4302: Exchanging FHIR resources via Matrix events [FHIR] (pronounced 🔥) is a globally established standard for exchanging healthcare information -electronically. The base building block of FHIR are so called resources, such as [`Patient`]. These +electronically. The base building blocks of FHIR are so called resources, such as [`Patient`]. These resources can be serialised into JSON or XML which allows them to be transmitted via the [`m.file`] -message type. This is insufficient, however, because a generic MIME type of `application/xml` or -`application/json` doesn't let clients recognise the content as FHIR before downloading it. The -`m.file` mechanism also doesn't allow clients to infer any details about the types of resources -contained in the file ahead of downloading it. Furthermore, in many cases FHIR resources are small -enough to be inlined into Matrix events which significantly simplifies client-side processing. - -This proposal introduces an event type for transmitting FHIR resources and type information over -Matrix in either inlined or uploaded form. +message type with a MIME type of `application/fhir+json` or `application/fhir+xml`. The generic MIME +type doesn't provide clients with any information about what resources are contained in the file, +however, and requires them to download it for further processing. This is suboptimal because clients +may want to render only some resources, such as [Questionnaire], with a rich UI. Furthermore, even +if a client chooses to present all FHIR resources as opaque files, users would benefit from getting +some information about a file's content without having to download it. Finally, FHIR resources may +in certain cases be small enough to be inlined into Matrix events which would significantly simplify +client-side processing. + +To address these shortcomings, this proposal introduces an event type for transmitting FHIR +resources and type information over Matrix in either inlined or uploaded form. ## Proposal @@ -28,7 +31,7 @@ A new event type `m.fhir.resource` is introduced with the following properties i { "type": "m.fhir.resource", "content": { - "canonical_url": "http://hl7.org/fhir/patient.html|4.0.1", + "canonical_url": "http://hl7.org/fhir/patient.html|4.0.1", "m.fhir.resource": { "resourceType" : "Patient", "name" : [{ @@ -56,10 +59,16 @@ Dedicated event types may be introduced in future to cater to these situations. ## Alternatives -A dedicated MIME type such as `application/fhir+xml` would allow clients to recognise an uploaded -file as FHIR ahead of the download. It would not provide clients with information about the types of -contained resources, however. Since FHIR supports a vast number of resources it doesn't appear -practical to introduce dedicated mimetypes per resource, version and serialisation format +Dedicated MIME types per resource, version and serialisation format could be introduced. Since FHIR +supports a vast number of resources this doesn't appear practical, however. + +[RFC 2045] allows MIME types to include modifying parameters. The canonical URL could, therefore, be +included alongside the media type[^1]. + + Content-type: application/fhir+json; canonical_url="http://hl7.org/fhir/patient.html|4.0.1" + +This would allow reusing the `m.file` message type but leaks the resource type to the home server in +[`POST /_matrix/media/v3/upload`]. ## Security considerations @@ -74,10 +83,18 @@ While this MSC is not considered stable, the event type `m.fhir.resource` should None. +[^1]: This could also be done by reusing the `profile` parameter from [RFC 6906]. Since the term + "profile" already has a specific meaning within the FHIR standard, this could be confusing, + however. + [FHIR]: https://hl7.org/fhir/ [`Patient`]: http://hl7.org/fhir/R4/patient.html [`m.file`]: https://spec.matrix.org/v1.14/client-server-api/#mfile + [Questionnaire]: https://www.hl7.org/fhir/questionnaire.html [canonical URL]: https://build.fhir.org/references.html#canonical [64 KiB event size limit]: https://spec.matrix.org/v1.14/client-server-api/#size-limits [MSC3551]: https://github.com/matrix-org/matrix-spec-proposals/pull/3551 [`Bundle`]: http://hl7.org/fhir/StructureDefinition/Bundle + [RFC 2045]: https://datatracker.ietf.org/doc/html/rfc2045#section-5 + [`POST /_matrix/media/v3/upload`]: https://spec.matrix.org/v1.14/client-server-api/#post_matrixmediav3upload + [RFC 6906]: https://datatracker.ietf.org/doc/html/rfc6906 From d7a27eac25c8ea5071da72f8c1f00fd82bc6b72f Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Tue, 15 Jul 2025 10:44:34 +0200 Subject: [PATCH 04/16] Remove surplus spaces --- proposals/4302-fhir-resources.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index ae86be1c8..738025936 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -33,14 +33,14 @@ A new event type `m.fhir.resource` is introduced with the following properties i "content": { "canonical_url": "http://hl7.org/fhir/patient.html|4.0.1", "m.fhir.resource": { - "resourceType" : "Patient", - "name" : [{ - "use" : "official", - "given" : ["John", "James"], - "family" : "Doe" + "resourceType": "Patient", + "name": [{ + "use": "official", + "given": ["John", "James"], + "family": "Doe" }], - "gender" : "male", - "birthDate" : "1970-01-01", + "gender": "male", + "birthDate": "1970-01-01", // further properties as per the Patient schema }, "m.file": { From 9b23cc963bd8a91c5c37da1556abf332a89a544b Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Tue, 15 Jul 2025 10:45:42 +0200 Subject: [PATCH 05/16] Use correct mimetype in example --- proposals/4302-fhir-resources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index 738025936..efb0cabaa 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -45,7 +45,7 @@ A new event type `m.fhir.resource` is introduced with the following properties i }, "m.file": { "url": "mxc://example.org/abcd1234", - "mimetype": "application/json", + "mimetype": "application/fhir+json", // further properties as per MSC3551 } } From aac4de1980bc542209373a7c38a7adfd67f412cd Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Thu, 6 Nov 2025 13:11:49 +0100 Subject: [PATCH 06/16] Avoid emoji Signed-off-by: Johannes Marbach --- proposals/4302-fhir-resources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index efb0cabaa..884df51f9 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -1,6 +1,6 @@ # MSC4302: Exchanging FHIR resources via Matrix events -[FHIR] (pronounced 🔥) is a globally established standard for exchanging healthcare information +[FHIR] (pronounced "fire") is a globally established standard for exchanging healthcare information electronically. The base building blocks of FHIR are so called resources, such as [`Patient`]. These resources can be serialised into JSON or XML which allows them to be transmitted via the [`m.file`] message type with a MIME type of `application/fhir+json` or `application/fhir+xml`. The generic MIME From 15ef3efdb32dac8c3308282d739dc1abf5141416 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Thu, 6 Nov 2025 15:49:54 +0100 Subject: [PATCH 07/16] Refine introduction and motivation Signed-off-by: Johannes Marbach --- proposals/4302-fhir-resources.md | 64 ++++++++++++++++++++++++-------- 1 file changed, 48 insertions(+), 16 deletions(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index 884df51f9..0a9a739eb 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -1,19 +1,48 @@ # MSC4302: Exchanging FHIR resources via Matrix events +## A brief abstract of FHIR, resources and profiles + [FHIR] (pronounced "fire") is a globally established standard for exchanging healthcare information -electronically. The base building blocks of FHIR are so called resources, such as [`Patient`]. These -resources can be serialised into JSON or XML which allows them to be transmitted via the [`m.file`] -message type with a MIME type of `application/fhir+json` or `application/fhir+xml`. The generic MIME -type doesn't provide clients with any information about what resources are contained in the file, -however, and requires them to download it for further processing. This is suboptimal because clients -may want to render only some resources, such as [Questionnaire], with a rich UI. Furthermore, even -if a client chooses to present all FHIR resources as opaque files, users would benefit from getting -some information about a file's content without having to download it. Finally, FHIR resources may -in certain cases be small enough to be inlined into Matrix events which would significantly simplify -client-side processing. - -To address these shortcomings, this proposal introduces an event type for transmitting FHIR -resources and type information over Matrix in either inlined or uploaded form. +electronically. The base building blocks of FHIR are so-called *resources*. Resources have a type +that defines their base schema. This schema can be further customised through one or more +*profiles*. + +As an example, [`Patient`] is the resource type for patients which defines several fields. Among +these are the *optional* property `birthDate` for the person's date of birth and `photo` for any +number of pictures of the person. + +[`TIPatient`] is a profile on `Patient` defined by Germany's national health agency, gematik, for +use within their own network (TI). It customises the schema of `Patient` in several ways, such as +making `birthDate` required rather than optional. + +[`EPAPatient`], in turn, is another profile on `Patient` defined by gematik, specifically for use in +Germany's digital patient file (EPA). `EPAPatient` builds on top of `TIPatient` and adds furhter +customisations like, for instance, the requirement for the elements of `photo` to include the field +`contentType` if the picture is supplied inline as Base64. + +As a result, the valid schema of a FHIR resource for a patient within Germany's digital patient file +is determined by the combination of the resource type `Patient` and the profiles `TIPatient` and +`EPAPatient`. + +Both resource types and profiles can be uniquely identified by their [canonical URL]. + +## The problems of using FHIR resources in Matrix + +FHIR resources can be serialised into JSON or XML which can be transmitted via the [`m.file`] +message type with a MIME type of `application/fhir+json` or `application/fhir+xml`. However, the +generic MIME type doesn't let clients understand what resource is contained in the file without +downloading it. This is suboptimal because clients may want to render a rich UI for certain resource +types and profiles. An example of this is the [`Questionnaire`] resource which represents a form +that can be filled out by the recipient and responded to with a [`QuestionnaireResponse`] resource. + +Similarly, clients that connect external systems to Matrix may want to automatically process certain +resources. For instance, an anamnesis bot may want to export received `QuestionnaireResponse`s into +a surgery's patient management system. Again, the generic MIME type forces such clients to download +the file to determine if it is indeed a `QuestionnaireResponse`. + +These problems would be obliterated if FHIR resources were inlined into Matrix events. However, this +isn't always possible due to the [64 KiB event size limit]. Additionally, no suitable event type or +content block exists, as of writing. ## Proposal @@ -89,10 +118,13 @@ None. [FHIR]: https://hl7.org/fhir/ [`Patient`]: http://hl7.org/fhir/R4/patient.html - [`m.file`]: https://spec.matrix.org/v1.14/client-server-api/#mfile - [Questionnaire]: https://www.hl7.org/fhir/questionnaire.html + [`TIPatient`]: https://simplifier.net/packages/de.gematik.ti/1.1.1/files/2968490 + [`EPAPatient`]: https://simplifier.net/packages/de.gematik.epa/1.2.0/files/2968520/~overview [canonical URL]: https://build.fhir.org/references.html#canonical - [64 KiB event size limit]: https://spec.matrix.org/v1.14/client-server-api/#size-limits + [`m.file`]: https://spec.matrix.org/v1.14/client-server-api/#mfile + [`Questionnaire`]: https://www.hl7.org/fhir/questionnaire.html + [`QuestionnaireResponse`]: https://build.fhir.org/questionnaireresponse.html + [64 KiB event size limit]: https://spec.matrix.org/v1.16/client-server-api/#size-limits [MSC3551]: https://github.com/matrix-org/matrix-spec-proposals/pull/3551 [`Bundle`]: http://hl7.org/fhir/StructureDefinition/Bundle [RFC 2045]: https://datatracker.ietf.org/doc/html/rfc2045#section-5 From 2ac1f65cf40c17cf51c5fb6b630754c1bb853f94 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Thu, 6 Nov 2025 15:55:00 +0100 Subject: [PATCH 08/16] Clarify that the canonical URL only fixes the base schema Signed-off-by: Johannes Marbach --- proposals/4302-fhir-resources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index 0a9a739eb..411a77dc4 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -49,7 +49,7 @@ content block exists, as of writing. A new event type `m.fhir.resource` is introduced with the following properties in `content`: - `canonical_url` (string, required): The resource's [canonical URL], that is the globally unique - identifier defining its schema. MAY contain a version suffix separated by `|` as per the FHIR + identifier defining its base schema. MAY contain a version suffix separated by `|` as per the FHIR specification. - `m.fhir.resource` (object): The serialised JSON if it fits within the [64 KiB event size limit]. Required if `m.file` is missing. From 3da04d1c5717b48c139a364af3157de25d441d37 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Thu, 6 Nov 2025 15:55:41 +0100 Subject: [PATCH 09/16] Use the correct canonical URL for Patient Signed-off-by: Johannes Marbach --- proposals/4302-fhir-resources.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index 411a77dc4..7e13cc7ee 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -60,7 +60,7 @@ A new event type `m.fhir.resource` is introduced with the following properties i { "type": "m.fhir.resource", "content": { - "canonical_url": "http://hl7.org/fhir/patient.html|4.0.1", + "canonical_url": "http://hl7.org/fhir/StructureDefinition/Patient|4.0.1", "m.fhir.resource": { "resourceType": "Patient", "name": [{ @@ -117,7 +117,7 @@ None. however. [FHIR]: https://hl7.org/fhir/ - [`Patient`]: http://hl7.org/fhir/R4/patient.html + [`Patient`]: http://hl7.org/fhir/StructureDefinition/Patient [`TIPatient`]: https://simplifier.net/packages/de.gematik.ti/1.1.1/files/2968490 [`EPAPatient`]: https://simplifier.net/packages/de.gematik.epa/1.2.0/files/2968520/~overview [canonical URL]: https://build.fhir.org/references.html#canonical From b8cf6e4073e368e75d4edaab2f4457613ebcf668 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Fri, 7 Nov 2025 08:42:51 +0100 Subject: [PATCH 10/16] Add profiles to metadata Signed-off-by: Johannes Marbach --- proposals/4302-fhir-resources.md | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index 7e13cc7ee..f963bb688 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -46,21 +46,31 @@ content block exists, as of writing. ## Proposal -A new event type `m.fhir.resource` is introduced with the following properties in `content`: +To enable the efficient exchange of FHIR resources in either inline or file form, a new event type +`m.fhir.resource` is introduced. This type mandates the following properties in `content`: - `canonical_url` (string, required): The resource's [canonical URL], that is the globally unique identifier defining its base schema. MAY contain a version suffix separated by `|` as per the FHIR specification. -- `m.fhir.resource` (object): The serialised JSON if it fits within the [64 KiB event size limit]. - Required if `m.file` is missing. -- `m.file` (object): An [MSC3551] content block describing an uploaded JSON or XML serialisation of - the resource if it is too large to be inlined. Required if `m.fhir.resource` is missing. +- `profiles`: (array of strings): The canonical URLs of the profiles the resource conforms to (if + any). The order of elements in the array is arbitrary, similar to FHIR's own [`Meta.profile`] + property. +- `m.fhir.resource` (object, required if `m.file` is missing): The serialised JSON if it fits within + the [64 KiB event size limit]. +- `m.file` (object, required if `m.fhir.resource` is missing): An [MSC3551] content block describing + an uploaded JSON or XML serialisation of the resource if it is too large to be inlined. ``` json5 { "type": "m.fhir.resource", "content": { + // Metadata to help identify the resource "canonical_url": "http://hl7.org/fhir/StructureDefinition/Patient|4.0.1", + "profiles": [ + "https://gematik.de/fhir/epa/StructureDefinition/epa-patient|1.2.0", + "https://gematik.de/fhir/ti/StructureDefinition/ti-patient|1.1.1" + ], + // Either: The resource in inline form "m.fhir.resource": { "resourceType": "Patient", "name": [{ @@ -72,6 +82,7 @@ A new event type `m.fhir.resource` is introduced with the following properties i "birthDate": "1970-01-01", // further properties as per the Patient schema }, + // Or: A file representing the resource "m.file": { "url": "mxc://example.org/abcd1234", "mimetype": "application/fhir+json", @@ -125,6 +136,7 @@ None. [`Questionnaire`]: https://www.hl7.org/fhir/questionnaire.html [`QuestionnaireResponse`]: https://build.fhir.org/questionnaireresponse.html [64 KiB event size limit]: https://spec.matrix.org/v1.16/client-server-api/#size-limits + [`Meta.profile`]: http://hl7.org/fhir/resource-definitions.html#Meta.profile [MSC3551]: https://github.com/matrix-org/matrix-spec-proposals/pull/3551 [`Bundle`]: http://hl7.org/fhir/StructureDefinition/Bundle [RFC 2045]: https://datatracker.ietf.org/doc/html/rfc2045#section-5 From 8f10ca04bc85304ca141f4530cf5f3084c5425a3 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Fri, 7 Nov 2025 09:06:33 +0100 Subject: [PATCH 11/16] Add security consideration about triggering downloads maliciously Signed-off-by: Johannes Marbach --- proposals/4302-fhir-resources.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index f963bb688..9e10ddb30 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -112,7 +112,10 @@ This would allow reusing the `m.file` message type but leaks the resource type t ## Security considerations -None. +Malicious clients could attempt to trick other clients into automatically downloading files by +faking the metadata in `m.fhir.resource` events. As a minimal defense, clients SHOULD sanity-check +the size of the downloaded file by issuing a HEAD request and refuse to download large files without +explicit user consent. ## Unstable prefix From d5e81a7767e878a03ace9c2657dca496e5043166 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Fri, 7 Nov 2025 09:10:43 +0100 Subject: [PATCH 12/16] Fix typo Signed-off-by: Johannes Marbach --- proposals/4302-fhir-resources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index 9e10ddb30..dd78f95b7 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -16,7 +16,7 @@ use within their own network (TI). It customises the schema of `Patient` in seve making `birthDate` required rather than optional. [`EPAPatient`], in turn, is another profile on `Patient` defined by gematik, specifically for use in -Germany's digital patient file (EPA). `EPAPatient` builds on top of `TIPatient` and adds furhter +Germany's digital patient file (EPA). `EPAPatient` builds on top of `TIPatient` and adds further customisations like, for instance, the requirement for the elements of `photo` to include the field `contentType` if the picture is supplied inline as Base64. From 1d3004c6ed9edc1d34cc1dae143fdd3f1c777979 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Fri, 7 Nov 2025 15:32:11 +0100 Subject: [PATCH 13/16] Switch from patient to questionnaire in the introduction Signed-off-by: Johannes Marbach --- proposals/4302-fhir-resources.md | 46 ++++++++++++-------------------- 1 file changed, 17 insertions(+), 29 deletions(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index dd78f95b7..1eede1247 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -2,27 +2,16 @@ ## A brief abstract of FHIR, resources and profiles -[FHIR] (pronounced "fire") is a globally established standard for exchanging healthcare information -electronically. The base building blocks of FHIR are so-called *resources*. Resources have a type -that defines their base schema. This schema can be further customised through one or more -*profiles*. +[FHIR] (pronounced "fire") is a globally established standard for the digital exchange of +healthcare-related information. The base building block of FHIR are so-called *resources*. Resources +have a type that defines their base schema. This schema can be further customised through one or +more *profiles*. -As an example, [`Patient`] is the resource type for patients which defines several fields. Among -these are the *optional* property `birthDate` for the person's date of birth and `photo` for any -number of pictures of the person. - -[`TIPatient`] is a profile on `Patient` defined by Germany's national health agency, gematik, for -use within their own network (TI). It customises the schema of `Patient` in several ways, such as -making `birthDate` required rather than optional. - -[`EPAPatient`], in turn, is another profile on `Patient` defined by gematik, specifically for use in -Germany's digital patient file (EPA). `EPAPatient` builds on top of `TIPatient` and adds further -customisations like, for instance, the requirement for the elements of `photo` to include the field -`contentType` if the picture is supplied inline as Base64. - -As a result, the valid schema of a FHIR resource for a patient within Germany's digital patient file -is determined by the combination of the resource type `Patient` and the profiles `TIPatient` and -`EPAPatient`. +As an example, [`Questionnaire`] is the resource type for medical forms that can be used for various +purposes. This type defines several fields such as an *optional* `title` property containing a human +friendly name for the form. [`ISiKFormularDefinition`], in turn, is a profile on `Questionnaire` +created by Germany's national health agency, gematik, for use within hospitals. It customises the +schema of `Questionnaire` in several ways, such as making `title` required rather than optional. Both resource types and profiles can be uniquely identified by their [canonical URL]. @@ -31,13 +20,14 @@ Both resource types and profiles can be uniquely identified by their [canonical FHIR resources can be serialised into JSON or XML which can be transmitted via the [`m.file`] message type with a MIME type of `application/fhir+json` or `application/fhir+xml`. However, the generic MIME type doesn't let clients understand what resource is contained in the file without -downloading it. This is suboptimal because clients may want to render a rich UI for certain resource -types and profiles. An example of this is the [`Questionnaire`] resource which represents a form -that can be filled out by the recipient and responded to with a [`QuestionnaireResponse`] resource. +downloading it. This is suboptimal because clients may want to apply special display logic for +certain resource types and profiles. Using the example of `Questionnaire`s, clients may want to +render the resource as an interactive form for the user to fill out and send back a +[`QuestionnaireResponse`] resource. Similarly, clients that connect external systems to Matrix may want to automatically process certain resources. For instance, an anamnesis bot may want to export received `QuestionnaireResponse`s into -a surgery's patient management system. Again, the generic MIME type forces such clients to download +a surgery's patient management system. Again, the generic MIME type forces such a client to download the file to determine if it is indeed a `QuestionnaireResponse`. These problems would be obliterated if FHIR resources were inlined into Matrix events. However, this @@ -131,13 +121,11 @@ None. however. [FHIR]: https://hl7.org/fhir/ - [`Patient`]: http://hl7.org/fhir/StructureDefinition/Patient - [`TIPatient`]: https://simplifier.net/packages/de.gematik.ti/1.1.1/files/2968490 - [`EPAPatient`]: https://simplifier.net/packages/de.gematik.epa/1.2.0/files/2968520/~overview + [`Questionnaire`]: http://hl7.org/fhir/StructureDefinition/Questionnaire + [`ISiKFormularDefinition`]: https://gematik.de/fhir/isik/StructureDefinition/ISiKFormularDefinition [canonical URL]: https://build.fhir.org/references.html#canonical [`m.file`]: https://spec.matrix.org/v1.14/client-server-api/#mfile - [`Questionnaire`]: https://www.hl7.org/fhir/questionnaire.html - [`QuestionnaireResponse`]: https://build.fhir.org/questionnaireresponse.html + [`QuestionnaireResponse`]: http://hl7.org/fhir/StructureDefinition/QuestionnaireResponse [64 KiB event size limit]: https://spec.matrix.org/v1.16/client-server-api/#size-limits [`Meta.profile`]: http://hl7.org/fhir/resource-definitions.html#Meta.profile [MSC3551]: https://github.com/matrix-org/matrix-spec-proposals/pull/3551 From 00f3d2824e09af4d854ab7da18e5b0977a15c258 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Fri, 7 Nov 2025 15:36:54 +0100 Subject: [PATCH 14/16] Also use questionnaire in the example Signed-off-by: Johannes Marbach --- proposals/4302-fhir-resources.md | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index 1eede1247..d02a421a7 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -55,22 +55,15 @@ To enable the efficient exchange of FHIR resources in either inline or file form "type": "m.fhir.resource", "content": { // Metadata to help identify the resource - "canonical_url": "http://hl7.org/fhir/StructureDefinition/Patient|4.0.1", + "canonical_url": "http://hl7.org/fhir/StructureDefinition/Questionnaire|4.0.1", "profiles": [ - "https://gematik.de/fhir/epa/StructureDefinition/epa-patient|1.2.0", - "https://gematik.de/fhir/ti/StructureDefinition/ti-patient|1.1.1" + "https://gematik.de/fhir/isik/StructureDefinition/ISiKFormularDefinition|5.0.0" ], // Either: The resource in inline form "m.fhir.resource": { - "resourceType": "Patient", - "name": [{ - "use": "official", - "given": ["John", "James"], - "family": "Doe" - }], - "gender": "male", - "birthDate": "1970-01-01", - // further properties as per the Patient schema + "resourceType": "Questionnaire", + "title": "Dr. Dre's anamnesis questionnaire for new patients", + // further properties as per the questionnaire's schema }, // Or: A file representing the resource "m.file": { From 1b2db295c7e9da0e5a2e0614384930f7e83201c4 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Mon, 10 Nov 2025 11:14:23 +0100 Subject: [PATCH 15/16] Replace canonical_url and profiles with more specific metadata about the structure definition Signed-off-by: Johannes Marbach --- proposals/4302-fhir-resources.md | 130 +++++++++++++++++++++---------- 1 file changed, 91 insertions(+), 39 deletions(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index d02a421a7..77c22d000 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -7,13 +7,44 @@ healthcare-related information. The base building block of FHIR are so-called *r have a type that defines their base schema. This schema can be further customised through one or more *profiles*. -As an example, [`Questionnaire`] is the resource type for medical forms that can be used for various -purposes. This type defines several fields such as an *optional* `title` property containing a human -friendly name for the form. [`ISiKFormularDefinition`], in turn, is a profile on `Questionnaire` -created by Germany's national health agency, gematik, for use within hospitals. It customises the -schema of `Questionnaire` in several ways, such as making `title` required rather than optional. +As an example, [`Questionnaire`] is the resource type for generic medical forms. This type defines +several fields such as an *optional* `title` property containing a human readable name for the form. +[`ISiKFormularDefinition`], in turn, is a profile on `Questionnaire` created by Germany's national +health agency, gematik, for use within hospitals. It customises the schema of `Questionnaire` in +several ways, such as making `title` required rather than optional. -Both resource types and profiles can be uniquely identified by their [canonical URL]. +Profiles can extend either resource types or other profiles, meaning it is possible to build chains +of profiles. Both resource types and profiles are described via [`StructureDefinition`]s which are +uniquely identified by their [canonical URL]. + +``` json5 +{ + // This is the profile ISiKFormularDefinition v5.0.0, created by gematik GmbH + "resourceType": "StructureDefinition", + "id": "ISiKFormularDefinition", + "url": "https://gematik.de/fhir/isik/StructureDefinition/ISiKFormularDefinition", + "version": "5.0.0", + "publisher": "gematik GmbH", + // It extends the base type Questionnaire from FHIR v4.0.1 + "type": "Questionnaire", + "fhirVersion": "4.0.1", + // It is based directly on the base type without intermediary profiles + "baseDefinition": "http://hl7.org/fhir/StructureDefinition/Questionnaire", + // It changes the base type, among others, by making the title field mandatory + "differential": { + "element": [{ + "id": "Questionnaire.title", + "min": 1, + "mustSupport": true, + ... + }, ...]}, + ... +} +``` + +While the above example is trivial, the customisations achievable via profiling can be extensive. As +a result, it is crucial for implementations to understand what profiles are being used when +exchanging data. ## The problems of using FHIR resources in Matrix @@ -27,24 +58,31 @@ render the resource as an interactive form for the user to fill out and send bac Similarly, clients that connect external systems to Matrix may want to automatically process certain resources. For instance, an anamnesis bot may want to export received `QuestionnaireResponse`s into -a surgery's patient management system. Again, the generic MIME type forces such a client to download -the file to determine if it is indeed a `QuestionnaireResponse`. +a hospital's patient management system. Again, the generic MIME type forces such a client to +download the file to determine if it is indeed a `QuestionnaireResponse`. -These problems would be obliterated if FHIR resources were inlined into Matrix events. However, this -isn't always possible due to the [64 KiB event size limit]. Additionally, no suitable event type or -content block exists, as of writing. +These problems would be mitigated to some extent if FHIR resources were inlined into Matrix events. +However, serialized resources contain only limited information about the underlying +`StructureDefinition`. Most importantly the base resource type is missing, making it difficult for +implementations that support a base type but not a specific profile to fall back in a reasonable +way. Furthermore, inlining isn't always possible due to the [64 KiB event size limit] and no +suitable event type or content block exists, as of writing. ## Proposal -To enable the efficient exchange of FHIR resources in either inline or file form, a new event type -`m.fhir.resource` is introduced. This type mandates the following properties in `content`: - -- `canonical_url` (string, required): The resource's [canonical URL], that is the globally unique - identifier defining its base schema. MAY contain a version suffix separated by `|` as per the FHIR - specification. -- `profiles`: (array of strings): The canonical URLs of the profiles the resource conforms to (if - any). The order of elements in the array is arbitrary, similar to FHIR's own [`Meta.profile`] - property. +To enable the compatible and efficient exchange of FHIR resources in either inline or file form, a +new event type `m.fhir` is introduced. This type mandates the following properties in `content`: + +- `m.fhir.structure_definition` (object, required): Information about the resource's + `StructureDefinition`. + - `url` (string, required): The [canonical URL] of the most specific `StructureDefinition` + describing the resource. This is equivalent to [`StructureDefinition.url`]. + - `version` (string, required): The version of the `StructureDefinition`. This is equivalent to + [`StructureDefinition.version`]. + - `type` (string, required): The `StructureDefinition`'s base type. This is equivalent to + [`StructureDefinition.type`]. + - `fhir_version` (string, required): The version of the FHIR specification on which the + `StructureDefinition` is based. This is equivalent to [`StructureDefinition.fhirVersion`]. - `m.fhir.resource` (object, required if `m.file` is missing): The serialised JSON if it fits within the [64 KiB event size limit]. - `m.file` (object, required if `m.fhir.resource` is missing): An [MSC3551] content block describing @@ -52,13 +90,15 @@ To enable the efficient exchange of FHIR resources in either inline or file form ``` json5 { - "type": "m.fhir.resource", + "type": "m.fhir", "content": { // Metadata to help identify the resource - "canonical_url": "http://hl7.org/fhir/StructureDefinition/Questionnaire|4.0.1", - "profiles": [ - "https://gematik.de/fhir/isik/StructureDefinition/ISiKFormularDefinition|5.0.0" - ], + "m.fhir.structure_definition": { + "url": "https://gematik.de/fhir/isik/StructureDefinition/ISiKFormularDefinition", + "version": "5.0.0", + "type": "Questionnaire", + "fhir_version": "4.0.1", + }, // Either: The resource in inline form "m.fhir.resource": { "resourceType": "Questionnaire", @@ -74,36 +114,44 @@ To enable the efficient exchange of FHIR resources in either inline or file form } ``` +The `url` and `version` properties, on the one hand, allow implementations with support for the +particular profile to activate dedicated display or processing logic. The `type` and `fhir_version` +properties, on the other hand, enable implementations *without* support for the specific profile to +offer fallback behaviour if they have generic support for the resource's base type. + ## Potential issues -FHIR includes generic resources such as [`Bundle`] which wrap other resources. The `canonical_url` -will not help clients understand the wrapped content without downloading it in these cases. -Dedicated event types may be introduced in future to cater to these situations. +FHIR includes generic resources such as [`Bundle`] which wrap other resources. The metadata in +`m.fhir.structure_definition` will not help clients understand the wrapped content without +downloading it in these cases. Dedicated event types or further metadata fields may be introduced in +future to cater to these situations. ## Alternatives Dedicated MIME types per resource, version and serialisation format could be introduced. Since FHIR -supports a vast number of resources this doesn't appear practical, however. +supports a vast number of resources and profiles this doesn't appear practical, however. -[RFC 2045] allows MIME types to include modifying parameters. The canonical URL could, therefore, be -included alongside the media type[^1]. +[RFC 2045] allows MIME types to include modifying parameters. The contents of +`m.fhir.structure_definition` could, therefore, be included alongside the media type[^1]. - Content-type: application/fhir+json; canonical_url="http://hl7.org/fhir/patient.html|4.0.1" +``` http +Content-type: application/fhir+json; url="https://gematik.de/fhir/isik/StructureDefinition/ISiKFormularDefinition"; ... +``` -This would allow reusing the `m.file` message type but leaks the resource type to the home server in +This would allow reusing the `m.file` message type but leaks metadata to the home server in [`POST /_matrix/media/v3/upload`]. ## Security considerations Malicious clients could attempt to trick other clients into automatically downloading files by -faking the metadata in `m.fhir.resource` events. As a minimal defense, clients SHOULD sanity-check -the size of the downloaded file by issuing a HEAD request and refuse to download large files without -explicit user consent. +faking the metadata in `m.fhir.structure_definition`. As a minimal defense, clients SHOULD +sanity-check the size of the downloaded file by issuing a HEAD request and refuse to automatically +download large files without explicit user consent. ## Unstable prefix -While this MSC is not considered stable, the event type `m.fhir.resource` should be referred to as -`de.gematik.msc4302.fhir.resource`. +While this MSC is not considered stable, the event type `m.fhir` should be referred to as +`de.gematik.msc4302.fhir`. ## Dependencies @@ -116,11 +164,15 @@ None. [FHIR]: https://hl7.org/fhir/ [`Questionnaire`]: http://hl7.org/fhir/StructureDefinition/Questionnaire [`ISiKFormularDefinition`]: https://gematik.de/fhir/isik/StructureDefinition/ISiKFormularDefinition + [`StructureDefinition`]: https://build.fhir.org/structuredefinition.html [canonical URL]: https://build.fhir.org/references.html#canonical [`m.file`]: https://spec.matrix.org/v1.14/client-server-api/#mfile [`QuestionnaireResponse`]: http://hl7.org/fhir/StructureDefinition/QuestionnaireResponse [64 KiB event size limit]: https://spec.matrix.org/v1.16/client-server-api/#size-limits - [`Meta.profile`]: http://hl7.org/fhir/resource-definitions.html#Meta.profile + [`StructureDefinition.url`]: https://build.fhir.org/structuredefinition-definitions.html#StructureDefinition.url + [`StructureDefinition.version`]: https://build.fhir.org/structuredefinition-definitions.html#StructureDefinition.version + [`StructureDefinition.type`]: https://build.fhir.org/structuredefinition-definitions.html#StructureDefinition.type + [`StructureDefinition.fhirVersion`]: https://build.fhir.org/structuredefinition-definitions.html#StructureDefinition.fhirVersion [MSC3551]: https://github.com/matrix-org/matrix-spec-proposals/pull/3551 [`Bundle`]: http://hl7.org/fhir/StructureDefinition/Bundle [RFC 2045]: https://datatracker.ietf.org/doc/html/rfc2045#section-5 From d2936722206d44f9ebbcebc97c7985937765518b Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Mon, 1 Dec 2025 10:26:58 +0100 Subject: [PATCH 16/16] Use vendor prefix for everything that begins with m. Signed-off-by: Johannes Marbach --- proposals/4302-fhir-resources.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/proposals/4302-fhir-resources.md b/proposals/4302-fhir-resources.md index 77c22d000..e5c4825df 100644 --- a/proposals/4302-fhir-resources.md +++ b/proposals/4302-fhir-resources.md @@ -150,8 +150,13 @@ download large files without explicit user consent. ## Unstable prefix -While this MSC is not considered stable, the event type `m.fhir` should be referred to as -`de.gematik.msc4302.fhir`. +While this MSC is not considered stable, the following identifiers should be used: + +- `m.fhir` → `de.gematik.msc4302.fhir` +- `m.fhir.structure_definition` → `de.gematik.msc4302.fhir.structure_definition` +- `m.fhir.resource` → `de.gematik.msc4302.fhir.resource` + +Note that `m.file` has its own prefixing requirements as per [MSC3551]. ## Dependencies