<div style="text-align:center"> <h1> MedC2: Technical Challenge & Sol </h1> <a href="mailto:g.gustin@medc2.com">Author: Guillaume Gustin </a> </div> ## Introduction To help us in our ambitious projects, MedC2 is looking for a new team member taking the lead role of *Digital Health Full tack Developer*. His/her responsibilities will mainly be coding, maintaining, expanding our ehealth apps in a fast-paced environment. In addition, he should be able to translate user requirements into the overall architecture and work proactively as part of a scrum team of 3-4 developers. The main technical skills are: - A strong knowledge of at least one backend MVC framework (ideally in Node.js, e.g. Express) - A good knowledge of at least one frontend Javascript framework (ideally Angular, Ionic) - A basic understanding of interoperability requirements and standards in Healthcare To make sure you might be a fit for that position, we would like to challenge you! Are you ready ?  --- :::danger ### Deliverables At the end of this challenge, you'll be asked to share with us: 1. A *PDF report* under the title: `"medc2_technical_challenge_<your_name>.pdf"` gathering the answers to the questions, as well as any comment describing the design choices you've made throughout this challenge and how we can test your solution. 2. The access to your source code, preferably hosted in a **Github** repository 3. The URL allowing us to test your real-life PWA prototype ::: :::warning ⚠️ This document is confidential and should not be shared ::: ## 1. The Interoperability Magic Making the exchange of healthcare information safer and faster has been a primary goal in the healthcare industry. Healthcare is currently buried under mountains of data, but much of it is unorganized or out of reach. People responsible for emergency care may not have the patient history they need which might force them to resort to guessing or basing their treatment on the information the patient provides. If the patient is unable to give any history or allergy information, the problem gets worse. **FHIR (Fast Healthcare Interoperability Resources) if used as a standard, removes these problems and puts a patient’s history at the doctor’s fingertips.** [[Source]](https://datica.com/blog/it-developers-guide-to-fhir-for-healthcare)  :::info In the following exercise, you are expected to: - Document yourself about the FHIR standard if non-familiar - Setup your own FHIR server ::: --- #### Q1.1 Give a JSON example of the FHIR representation of a Questionnaire (e.g. Patient Reported Outcomes) #### Q1.2 Give a JSON example of the FHIR representation of a Blood Pressure Measurement #### Q1.3 Clone an existing FHIR server project and run it locally. Briefly describe your choice and the steps you followed (max 250 words). --- :::info #### Remarks 💡 Hint : Do not reinvent the weel and re-use <u>[Open Source FHIR implementations](https://wiki.hl7.org/index.php?title=Open_Source_FHIR_implementations) </u> ☝️ **NB** At MedC2, we love Node.js and MongoDB but we, of course, stay open-minded ::: ## 2. Deploy it in the Cloud There has been a massive shift in the generation, consumption, storage, and sharing of healthcare data. From conventional storage to digitalization of healthcare data, the healthcare industry has sure come a long way in optimizing its data management practices. For an industry that has historically lagged behind its contemporaries, the healthcare segment is leading on cloud adoption. Healthcare providers are now leveraging this technology to gain efficiencies, optimize workflows, lower the costs associated with healthcare delivery and offer personalization in care plans to improve outcomes. Nowadays, Cloud computing appears like a wise choice to scale up a digital health project. [[Source]](https://www.healthitoutcomes.com/doc/ways-cloud-computing-is-impacting-healthcare-0001) --- #### Q2.1 Deploy your FHIR server from Exercise 1 on a Cloud provider of your choice. Briefly describe your decision and the deployment steps. (max 250 words) #### Q2.2 Add a FHIR Patient Resource with details including your personal information (e.g. name, first name, mail address). How can we test your server? #### Q2.3 More than ever (#covid), Cloud security is a MUST. What could be done to enhance security of your architecture and deal with sensitive health data (max 250 words)? --- :::info #### Remarks ☝️ **NB** At MedC2, we love using Google Cloud Platform but we, of course, stay open-minded 💡 Hint: Btw Postman is cool </u> ::: ## 3. Develop a basic PWA These days Progressive Web Apps (PWA) are become very trendy. With the combined features of websites and native apps, PWAs are becoming a norm for multi-device web applications allowing developers to build fast-loading dynamic apps without using hybrid frameworks. Combined with [Firebase](https://themesfinity.com/in-a-nutshell-firebase/#:~:text=It%20is%20a%20NoSQL%20cloud,a%20key%20or%20a%20value), which offers a comprehensive Backend-as-a-Service, and cloud serverless functions, it has become faster than ever to bootstrap any small cross-platform prototype. :::info > *In the following exercise, let us imagine we decide to extend FHIR interoperability capabilities and pull the administrative data for non-healthcare purposes (which may probably lead to privacy concerns in real-life btw) to build an app to compare job applicant's profiles. Soft and hard skills data, linked to the Candidate ID, would be stored in another Database: Cloud Firestore.* In this section, you are expected to develop a basic PWA complying with the following requirements: - The app must include (at least) two pages accessible through bottom tabs: 1. The first page should allow to search for a specific Candidate profile stored in your FHIR architecture, based on his ID (former "patient profile id"), and nicely display basic contact details. 2. The second page should allow to compare two candidates profiles side by side by skills, by making use of a radar chart and pulling data from Cloud Firestore. - The app must respect the <u>[PWA specifications](https://web.dev/lighthouse-pwa/)</u> #### Example Mockups | Screen 1 | Screen 2 | | -------- | -------- | | <img width="600px" src="https://i.imgur.com/bzCvqx1.png"> | <img width="600px" src="https://i.imgur.com/hv9haAs.png"> ::: :::info 🛠 **Resources/Hints/Links** * Start a Angular-Ionic project with tabs ```bash ionic start myResumeApp tabs --type=ionic-angular ``` > ☝️ NB: At MedC2, we prefer using **Angular** and **Ionic** on top of **Firebase** to fastly develop high-fidelity prototypes, but we stay open-minded on the technical stack :-) * Pssst, you may be interested by a [JavaScript client for FHIR](https://github.com/FHIR/fhir.js). * Do not forget to add (at least) a second Patient Resource under another ID on your FHIR server (cfr Exercise 1) * Define Typescript interfaces representing *Hard Skills* and *Soft Skills* (e.g. as defined [here](https://www.indeed.com/career-advice/resumes-cover-letters/hard-skills-vs-soft-skills)). Then, populate Cloud Firestore with *Hard Skills* and *Soft Skills* values and create the corresponding Angular Service to fetch them. Make sure you link the *Skills* instances with IDs existing in your FHIR server. 👉 [This link is, I think, a nice introduction to Angular x Firestore](https://www.mode2.com/news/part-two-angular-with-firestore-intro/) 👉 **Bonus**: When populating the DB, be creative and try to self-assess your own skills under your ID 😊 * [Have you heard about ng2-charts library ?](https://www.positronx.io/angular-chart-js-tutorial-with-ng2-charts-examples/) * [Ensure you add PWA capabilities and deploy on Firebase Hosting](https://medium.com/@AnkitMaheshwariIn/build-a-progressive-web-app-pwa-with-ionic-4-ionic-framework-and-firebase-48183519c01) </u> * Optional: [Add photos to your Patient Resources](https://stackoverflow.com/questions/43482358/fhir-patient-how-to-upload-and-retrieve-patient-photo) * Optional: [Add Dark Mode support](https://petercoding.com/ionic/2020/02/15/implementing-dark-mode-in-ionic-5/) ::: --- #### Q3.1 Deploy your PWA app and give us access to the URL, the source code, and the Firebase project by adding g.gustin@medc2.com and thomas.kleyntssens@comunicare.be in the collaborators. #### Q3.2 According to you, what could be done to enhance the security of the app ? (At least 2 measures, max 200 words) --- ## 4. Build a serverless Fibonacci Web Service The Fibonacci numbers are the numbers in the following integer sequence: ``` 0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, ... ``` In mathematical terms, the sequence `Fn` of Fibonacci numbers is defined by the recurrence relation `Fn = Fn-1 + Fn-2` with seed values `F0 = 0 and F1 = 1` The Fibonacci pattern is seen in many natural phenomenon, for example in the smallest nautilus and even in the shape of the largest galaxy’s. The sequence also has directly connected with the golden ratio and is used throughout history in many works of art such as the Mona Lisa, but it doesn’t stop here, the Fibonacci sequence can even be heard in music. [[Source]](https://www.fibonicci.com/fibonacci/the-sequence/) --- #### Q4.1 There are 3 different ways of implementing the Fibonacci algorithm. Which are they ? Implement `fib1(n)`,`fib2(n)`,`fib3(n)` that return `Fn`. #### Q4.2 What are the time and space complexity of each of these algorithms ? --- :::info Serverless applications have gained a lot of importance over time. It allows focussing on your app code/tests without worrying about configurations, deployment process or scalability. In this exercise, we ask you to build a RESTful Web Service complying with the following statements: - The web service accepts a number, n, as input and returns the first n Fibonacci numbers, starting from 0 (i.e. given n = 5, appropriate output would represent the sequence [0, 1, 1, 2, 3]) - Given a negative number, it will respond with an appropriate error - The service should include some units and/or functional tests ::: #### Q4.3 Implement a serverless web service in `Node.js` over `Express.js` with Firebase Cloud functions. How can we call your API endpoints ? :::warning ## Parts of Solution (to be hidden for candidates) ### Exercice 1 * https://www.hl7.org/fhir/questionnaire-cqf-example.json.html * http://hl7.org/fhir/us/patient-reported-outcomes/2018Sep/guidance.html * [MongoDB Atlas + FHIR](https://www.mongodb.com/blog/post/building-fhir-applications-with-mongodb-atlas) ### Exercice 2 * [Quickstart for Node.js in the standard environment](https://cloud.google.com/appengine/docs/standard/nodejs/quickstart) * [Install the latest Cloud SDK version](https://cloud.google.com/sdk/docs) * Add patient record ```bash curl -X PUT -H "Content-Type: application/fhir+json" -H "Cache-Control: no-cache" --data @createpatient.json http://my-fhir-server.com/4_0_0/Patient/example ``` where `@createpatient.json` is the customised FHIR Patient profile and `my-fhir-server.com` the cloud domain. * Read patient record ```bash curl -X GET http://my-fhir-server.com/4_0_0/Patient/example ``` OR * [Link: use Postman to deal with the FHIR server](https://docs.microsoft.com/en-us/azure/healthcare-apis/access-fhir-postman-tutorial) #### Architecture  #### Security MongoDB * **Network Isolation** MongoDB Atlas dedicated clusters are deployed in a unique Virtual Private Cloud (VPC) with dedicated firewalls. Access must be granted by an IP access list or VPC Peering. * **Role-based access management** * **End-to-end encryption** - All network traffic is encrypted using Transport layer Security (TLS) - Client-side encryption to encrypt sensitive data before it leaves the application and lands in the cloud. #### Security GCP * https://cloud.google.com/context-aware-access/docs/securing-app-engine ## Exercise 3 * [Radar chart with Stackblitz](https://stackblitz.com/edit/ng2-charts-radar-template) ### 3.2 * [Role-based access control](https://firebase.google.com/docs/firestore/solutions/role-based-access) * [Use Angular Route-Guards](https://medium.com/javascript-in-plain-english/use-angular-route-guards-to-secure-angular-pages-by-allow-deny-or-redirect-to-other-page-view-f2537583e9a) * Client-side encryption ```javascript= import * as CryptoJS from 'crypto-js'; encryptData(data) { try { return CryptoJS.AES.encrypt(JSON.stringify(data), this.encryptSecretKey).toString(); } catch (e) { console.log(e); } } decryptData(data) { try { const bytes = CryptoJS.AES.decrypt(data, this.encryptSecretKey); if (bytes.toString()) { return JSON.parse(bytes.toString(CryptoJS.enc.Utf8)); } return data; } catch (e) { console.log(e); } } ``` * NB: [Managing Encryption Keys With AWS KMS In Node.js](https://hackernoon.com/managing-encryption-keys-with-aws-kms-in-node-js-c320c860019a) ## Exercise 4 #### Q4.1 Three different ways of implementing Fibonacci algorithm ```javascript= function loopFib(num) { var num1=0; var num2=1; var sum; var i=0; for (i = 0; i < num; i++) { sum=num1+num2; num1=num2; num2=sum; } return num2; } function naiveFib(nbr) { if(nbr < 2){ return nbr; } return fibonacci(nbr - 1) + fibonacci(nbr - 2); } var memoFib = function(n) { let memo = {} function fib(n) { if (n in memo) { return memo[n] } else { if (n <= 1) { memo[n] = n } else { memo[n] = fib(n - 1) + fib(n - 2) } return memo[n] } } return fib(n); } console.log(memoFib(8)) ``` * https://repl.it/@GuillaumeGst/Fibo3Ways * https://medium.com/javascript-in-plain-english/three-ways-to-write-a-fibonacci-function-in-javascript-a711db62788e ### 4.2 Recursion — Big O(2^N) Memoization — O(N) — time, O(N) — space Bottoms Up — O(N) — time, O(1) — space ### 4.3 Serverless API * https://dev.to/levivm/creating-a-serverless-rest-api-using-google-cloud-functions-firebasefirestore-in-10-min-37km * https://codeburst.io/building-a-serverless-api-using-firebase-cloud-functions-e5a6be42144c :::