Cloud Healthcare API

About

The Cloud Healthcare API provides a managed solution for storing and accessing healthcare data in Google Cloud, providing a critical bridge between existing care systems and applications hosted on Google Cloud. It supports healthcare data standards such as HL7® FHIR®, HL7® v2, and DICOM®. It provides a fully managed, highly scalable, enterprise-grade development environment for building clinical and analytics solutions securely on Google Cloud.

A dataset is a container in your Google Cloud project that holds modality-specific healthcare data. Datasets contain other data stores, such as FHIR stores and DICOM stores, which in turn hold their own types of healthcare data.

A single dataset can contain one or many data stores, and those stores can all service the same modality or different modalities as application needs dictate. Using multiple stores in the same dataset might be appropriate in various situations.

If you are new to the Healthcare API, you can try to create and view datasets and stores using curl.

Available Tools

• get-healthcare-dataset Retrieves a dataset’s details.

• list-fhir-stores Lists the available FHIR stores in the healthcare dataset.

• list-dicom-stores Lists the available DICOM stores in the healthcare dataset.

Requirements

IAM Permissions

The Healthcare API uses Identity and Access Management (IAM) to control user and group access to Healthcare resources like projects, datasets, and stores.

Authentication via Application Default Credentials (ADC)

By default, Toolbox will use your Application Default Credentials (ADC) to authorize and authenticate when interacting with the Healthcare API.

When using this method, you need to ensure the IAM identity associated with your ADC (such as a service account) has the correct permissions for the queries you intend to run. Common roles include roles/healthcare.fhirResourceReader (which includes permissions to read and search for FHIR resources) or roles/healthcare.dicomViewer (for retrieving DICOM images). Follow this guide to set up your ADC.

Authentication via User’s OAuth Access Token

If the useClientOAuth parameter is set to true, Toolbox will instead use the OAuth access token for authentication. This token is parsed from the Authorization header passed in with the tool invocation request. This method allows Toolbox to make queries to the Healthcare API on behalf of the client or the end-user.

When using this on-behalf-of authentication, you must ensure that the identity used has been granted the correct IAM permissions.

Example

Initialize a Healthcare source that uses ADC:

sources:
  my-healthcare-source:
    kind: "healthcare"
    project: "my-project-id"
    region: "us-central1"
    dataset: "my-healthcare-dataset-id"
    # allowedFhirStores: # Optional: Restricts tool access to a specific list of FHIR store IDs.
    #   - "my_fhir_store_1"
    # allowedDicomStores: # Optional: Restricts tool access to a specific list of DICOM store IDs.
    #   - "my_dicom_store_1"
    #   - "my_dicom_store_2"

Initialize a Healthcare source that uses the client’s access token:

sources:
  my-healthcare-client-auth-source:
    kind: "healthcare"
    project: "my-project-id"
    region: "us-central1"
    dataset: "my-healthcare-dataset-id"
    useClientOAuth: true
    # allowedFhirStores: # Optional: Restricts tool access to a specific list of FHIR store IDs.
    #   - "my_fhir_store_1"
    # allowedDicomStores: # Optional: Restricts tool access to a specific list of DICOM store IDs.
    #   - "my_dicom_store_1"
    #   - "my_dicom_store_2"

Reference