Muokkaa

Jaa


Deploy the FHIR service by using the Azure portal

The Azure portal provides a web interface with guided workflows, making it an efficient tool for deploying the FHIR® service, and ensuring accurate configuration within Azure Health Data Services.

Prerequisites

  • Verify you have an Azure subscription and permissions for creating resource groups and deploy resources.

  • Deploy a workspace for Azure Health Data Services. For steps, see Deploy workspace in the Azure portal.

Create a new FHIR service

  1. From your Azure Health Data Services workspace, choose Create FHIR service.

  2. Choose Add FHIR service.

  3. On the Create FHIR service page, complete the fields on each tab.

    • Basics tab: Give the FHIR service a friendly and unique name. Select the FHIR version (STU3 or R4), and then choose Next: Additional settings.

      Screenshot showing how to create a FHIR service from the Basics tab.

    • Additional settings tab (optional): This tab allows you to:

      • View authentication settings: The default configuration for the FHIR service is Use Azure RBAC for assigning data plane roles. When configured in this mode, the authority for the FHIR service is set to the Microsoft Entra tenant for the subscription.

      • Integration with non-Microsoft Entra ID (optional): Use this option when you need to configure up to two additional identity providers other than Microsoft Entra ID to authenticate and access FHIR resources with SMART on FHIR scopes.

      • Setting versioning policy (optional): The versioning policy controls the history setting for FHIR service at the system level or individual resource type level. For more information, see FHIR versioning policy and history management. Choose Next: Security.

    • On the Security settings tab, review the fields.

      By default, data is encrypted with Microsoft-managed keys. For additional control over encryption keys, you can supply customer-managed keys to use for encryption of data. Customer-managed keys must be stored in an Azure Key Vault. You can either create your own keys and store them in a key vault, or use the Azure Key Vault APIs to generate keys. For more information, see Configure customer-managed keys for the FHIR service. Choose Next: Tags.

    • On the Tags tab (optional), enter any tags.

      Tags are name and value pairs used for categorizing resources and aren't required. For more information, see Use tags to organize your Azure resources and management hierarchy.

    • Choose Review + Create to begin the validation process. Wait until you receive confirmation that the deployment completed successfully. Review the confirmation screen, and then choose Create to begin the deployment.

    The deployment process might take several minutes. When the deployment completes, you see a confirmation message.

    Screenshot showing successful deployment.

  4. Validate the deployment. Fetch the capability statement from your new FHIR service. Fetch a capability statement by browsing to https://<WORKSPACE-NAME>-<FHIR-SERVICE-NAME>.fhir.azurehealthcareapis.com/metadata.

Troubleshoot FHIR service deployment

Below are the error messages along with recommended actions to resolve the problems during deployment.

What should I do if I accidentally deployed the Azure API for FHIR into the wrong subscription, deleted it, and am now facing a deployment failure in the correct subscription with a message stating that the resource name is not available?

Once a service name has been used, it cannot be reused in a different subscription, even after deletion. This restriction is in place to prevent impersonation and primarily impacts Azure API for FHIR.

If deployed to the wrong subscription, you can move the resource to the desired subscription instead of deleting and recreating it. Move Azure Resources

How can I delete a service and then re-add it with the same settings?

To replicate settings between FHIR instance, you can follow below steps

  • Create standard ARM templates with the configurations.

  • Create a service and add configuration as per requirement.

Access the FHIR service by using Postman

Note

FHIR® is a registered trademark of HL7 and is used with the permission of HL7.