Roadmap
v1.1.0 — Consent Manager + ATNA Audit
Status: In active development · Target: Q3 2026
Consent Manager (14 tasks, 5 phases)
| Phase | Tasks | What gets built |
|---|---|---|
| Foundation | T1–T4 | ConsentRecord JPA, ConsentService, FHIR Consent mapper, AuditService |
| Enforcement | T5–T6 | ConsentEnforcementInterceptor, SmartConsentCustomizer |
| OAuth2 screen | T7–T8 | requireAuthorizationConsent(true), Thymeleaf consent screen |
| Patient portal | T9–T11 | Dashboard, revocation flow, history + audit trail |
| API + admin | T12–T14 | FHIR REST API, org-level policy engine, integration tests |
Regulatory coverage: HIPAA, HTI-1/TEFCA, GDPR/EHDS, DISHA, My Health Record
ATNA Audit
- IHE ATNA-compliant FHIR AuditEvent logging
- Async
@EventListener— never blocks request path - Every auth event, consent decision, and FHIR access logged
- Queryable via FHIR API
v1.2.0 — Referral Module
Status: Planned · Target: Q4 2026
- FHIR ServiceRequest + Task workflow
- Cross-facility referral with status tracking
- Integrates with Consent Manager for access control
Versioning policy
We track HAPI FHIR stable releases. When HAPI releases a new minor version, we validate and publish a matching platform release within 2–4 weeks. Security patches are released within 24 hours of a confirmed vulnerability for Enterprise and Government customers.
Version format: {hapi-major}.{hapi-minor}.{platform-patch}
Example: Platform 7.4.2 = HAPI FHIR 7.4.x, platform patch 2.
Long-term alignment
| Framework | Target version | Timeline |
|---|---|---|
| SMART App Launch v3.0 (when published) | Full support | Within 90 days of HL7 publication |
| IHE MHD | v4.2 | v1.3.0 |
| SMART Backend Services | v2.0 | v1.3.0 |
| FHIR R5 | Optional overlay | v2.0.0 |