davinci_pdex_test_kit 0.12.3 → 0.13.1

data/lib/davinci_pdex_test_kit/pdex_payer_server/visual_inspection_and_attestation/member_auth.rb

@@ -11,7 +11,7 @@ module DaVinciPDexTestKit
       information exchange using SMART on FHIR and OAuth 2.0 by satisfying the following criteria.
 
       The Health IT Module is acting as the **source** Health Plan, and is the Health Plan the member would like to get data from.
-      The **target** Health Plan is the Health PLan the member would like to share data to.
+      The **target** Health Plan is the Health Plan the member would like to share data to.
 
       1. **Client Authorization Credentials**
           The Health IT Module issues the target Health Plan OAuth 2.0 client application credentials during client registration.
@@ -41,17 +41,61 @@ module DaVinciPDexTestKit
                           'hl7.fhir.us.davinci-pdex_2.0.0@25',
                           'hl7.fhir.us.davinci-pdex_2.0.0@26'
 
+    input :pdex_member_authorized_exchange_test_options,
+          title: 'Supports Payer-to-Payer member-authorized exchange',
+          description: %(
+            I attest that the Health IT Module supports Payer-to-Payer member-authorized
+              information exchange using SMART on FHIR and OAuth 2.0 by satisfying the following criteria.
+
+              The **source** Health Plan is the Health Plan the member would like to get data from, and the **target**
+              Health Plan is the Health plan the member would like to share data to.
+
+              1. **Client Authorization Credentials**
+                  The Health IT Module issues the target Health Plan OAuth 2.0 client application credentials during client registration.
+
+              1. **Member Consent Flow**
+                  After the member authenticates to the Health IT Module's authorization server, the system presents an Authorization
+                  screen enabling the member to approve sharing with the target Health Plan.
+
+                  The Authorization process aligns with applicable privacy policy and regulations, allowing members to
+                  select what data may be shared.
+
+              4. **Token Issuance**
+                  Upon successful authorization, the Health IT Module issues an Access Token to the target Health Plan.
+                  The scopes associated with the Access Token are limited to the information and permissions authorized by the member.
+
+              6. **Refresh Token Handling**:
+                  Any Access Token subsequently issued by the Health IT Module using a Refresh Token enforces the same scope and member-specific
+                  restrictions as the original authorization.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :pdex_member_authorized_exchange_test_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+
     run do
-      identifier = SecureRandom.hex(32)
+      assert pdex_member_authorized_exchange_test_options == 'true', %(
+        The following was not satisfied:
 
-      wait(
-        identifier:,
-        message: <<~MESSAGE
-          I attest that the Health IT Module supports Payer-to-Payer member-authorized
+          The Health IT Module supports Payer-to-Payer member-authorized
           information exchange using SMART on FHIR and OAuth 2.0 by satisfying the following criteria.
 
-          The **source** Health Plan is the Health Plan the member would like to get data from, and the **etarget**
-          Health Plan is the Health PLan the member would like to share data to.
+          The Health IT Module is acting as the **source** Health Plan, and is the Health Plan the member would like to get data from.
+          The **target** Health Plan is the Health plan the member would like to share data to.
 
           1. **Client Authorization Credentials**
               The Health IT Module issues the target Health Plan OAuth 2.0 client application credentials during client registration.
@@ -71,11 +115,9 @@ module DaVinciPDexTestKit
               Any Access Token subsequently issued by the Health IT Module using a Refresh Token enforces the same scope and member-specific
               restrictions as the original authorization.
 
-          [Click here](#{resume_pass_url}?token=#{identifier}) if the system **meets** these requirements.
-
-          [Click here](#{resume_fail_url}?token=#{identifier}) if the system **does not meet** these requirements.
-        MESSAGE
       )
+      pass pdex_member_authorized_exchange_test_note if pdex_member_authorized_exchange_test_note.present?
     end
+
   end
 end

data/lib/davinci_pdex_test_kit/pdex_payer_server/visual_inspection_and_attestation/mtls.rb

@@ -9,7 +9,7 @@ module DaVinciPDexTestKit
     description <<~DESCRIPTION
       The Health IT Module attests that the system supports secure payer-to-payer exchange for $member-match as follows:
 
-      The **source** Health Plan is the Health Plan the member would like to get data from, and the **etarget**
+      The **source** Health Plan is the Health Plan the member would like to get data from, and the **target**
       Health Plan is the Health Plan the member would like to share data to.
 
       1. **Secure mTLS Connection** — Establishes a mutual TLS (mTLS) connection with the target Health Plan.
@@ -30,15 +30,50 @@ module DaVinciPDexTestKit
                           'hl7.fhir.us.davinci-pdex_2.0.0@33',
                           'hl7.fhir.us.davinci-pdex_2.0.0@34'
 
+    input :pdex_payer_to_payer_mtls_options,
+          title: 'Supports mTLS for secure $member-match payer-to-payer exchange',
+          description: %(
+            I attest that the Health IT Module supports secure payer-to-payer exchange for $member-match as follows:
+
+              The **source** Health Plan is the Health Plan the member would like to get data from, and the **target**
+              Health Plan is the Health Plan the member would like to share data to.
+
+              1. **Secure mTLS Connection** — Establishes a mutual TLS (mTLS) connection with the target Health Plan.
+
+              2. **Client Registration** — Supports OAuth 2.0 Dynamic Client Registration for the target Health Plan over the mTLS-secured connection.
+
+              3. **Token Acquisition** — Accepts a Client Credentials grant request by the target Health Plan over mTLS to issue an OAuth 2.0 access
+              token for the $member-match operation.
+
+              4. **Scoped Access Token for Matched Patient** — If a Patient ID is matched, returns an OAuth 2.0 access token to the target Health Plan
+              that is scoped to that member to enable further data exchange.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :pdex_payer_to_payer_mtls_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+
     run do
-      identifier = SecureRandom.hex(32)
+      assert pdex_payer_to_payer_mtls_options == 'true', %(
+        The following was not satisfied:
 
-      wait(
-        identifier:,
-        message: <<~MESSAGE
-          I attest that the Health IT Module supports secure payer-to-payer exchange for $member-match as follows:
+          The Health IT Module attests that the system supports secure payer-to-payer exchange for $member-match as follows:
 
-          The **source** Health Plan is the Health Plan the member would like to get data from, and the **etarget**
+          The **source** Health Plan is the Health Plan the member would like to get data from, and the **target**
           Health Plan is the Health Plan the member would like to share data to.
 
           1. **Secure mTLS Connection** — Establishes a mutual TLS (mTLS) connection with the target Health Plan.
@@ -51,11 +86,9 @@ module DaVinciPDexTestKit
           4. **Scoped Access Token for Matched Patient** — If a Patient ID is matched, returns an OAuth 2.0 access token to the target Health Plan
           that is scoped to that member to enable further data exchange.
 
-          [Click here](#{resume_pass_url}?token=#{identifier}) if the system **meets** these requirements.
-
-          [Click here](#{resume_fail_url}?token=#{identifier}) if the system **does not meet** these requirements.
-        MESSAGE
       )
+      pass pdex_payer_to_payer_mtls_note if pdex_payer_to_payer_mtls_note.present?
     end
+
   end
 end

data/lib/davinci_pdex_test_kit/pdex_payer_server/visual_inspection_and_attestation/payer_consent_compliance.rb

@@ -14,20 +14,40 @@ module DaVinciPDexTestKit
 
     verifies_requirements 'hl7.fhir.us.davinci-pdex_2.0.0@45'
 
-    run do
-      identifier = SecureRandom.hex(32)
+    input :pdex_payer_consent_compliance_test_options,
+          title: 'Constrains response based on access permissions',
+          description: %(
+            The developer of the Health IT Module attests that the Health IT Module constrains the data returned from the server to a requester
+              based upon the access permissions of the requester.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :pdex_payer_consent_compliance_test_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
 
-      wait(
-        identifier:,
-        message: <<~MESSAGE
-          The developer of the Health IT Module attests that the Health IT Module constrains the data returned from the server to a requester
-          based upon the access permissions of the requester.
+    run do
+      assert pdex_payer_consent_compliance_test_options == 'true', %(
+        The following was not satisfied:
 
-          [Click here](#{resume_pass_url}?token=#{identifier}) if the system **meets** this requirement.
+          The Health IT Module constrains the data returned from the server to a requester based upon the access permissions of the requester.
 
-          [Click here](#{resume_fail_url}?token=#{identifier}) if the system **does not meet** this requirement.
-        MESSAGE
       )
+      pass pdex_payer_consent_compliance_test_note if pdex_payer_consent_compliance_test_note.present?
     end
+
   end
 end

data/lib/davinci_pdex_test_kit/pdex_payer_server/visual_inspection_and_attestation/prior_authorization_decisions.rb

@@ -14,22 +14,42 @@ module DaVinciPDexTestKit
 
     verifies_requirements 'hl7.fhir.us.davinci-pdex_2.0.0@56'
 
-    run do
-      identifier = SecureRandom.hex(32)
+    input :pdex_prior_authorization_decisions_test_options,
+          title: 'Makes available pending and active prior authorization decisions',
+          description: %(
+            The developer of the Health IT Module attests that the Health IT Module makes available pending and active prior authorization decisions
+              and related clinical documentation and forms for items and services, not including prescription drugs, including the date the prior authorization was approved,
+              the date the authorization ends, as well as the units and services approved and those used to date, no later than one (1) business day after a provider initiates
+              a prior authorization for the beneficiary or there is a change of status for the prior authorization.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :pdex_prior_authorization_decisions_test_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
 
-      wait(
-        identifier:,
-        message: <<~MESSAGE
-          The developer of the Health IT Module attests that the Health IT Module makes available pending and active prior authorization decisions
-          and related clinical documentation and forms for items and services, not including prescription drugs, including the date the prior authorization was approved,
-          the date the authorization ends, as well as the units and services approved and those used to date, no later than one (1) business day after a provider initiates
-          a prior authorization for the beneficiary or there is a change of status for the prior authorization.
+    run do
+      assert pdex_prior_authorization_decisions_test_options == 'true', %(
+        The following was not satisfied:
 
-          [Click here](#{resume_pass_url}?token=#{identifier}) if the system **meets** this requirement.
+          The Health IT Module makes available pending and active prior authorization decisions and related clinical documentation and forms for items and services.
 
-          [Click here](#{resume_fail_url}?token=#{identifier}) if the system **does not meet** this requirement.
-        MESSAGE
       )
+      pass pdex_prior_authorization_decisions_test_note if pdex_prior_authorization_decisions_test_note.present?
     end
+
   end
 end

data/lib/davinci_pdex_test_kit/pdex_payer_server/visual_inspection_and_attestation/provenance_records.rb

@@ -18,23 +18,46 @@ module DaVinciPDexTestKit
     verifies_requirements 'hl7.fhir.us.davinci-pdex_2.0.0@12',
                           'hl7.fhir.us.davinci-pdex_2.0.0@13'
 
-    run do
-      identifier = SecureRandom.hex(32)
+    input :pdex_provenance_test_options,
+          title: 'Includes and generates provenance records as required',
+          description: %(
+            The developer of the Health IT Module attests that the system:
+
+              - Incorporates provenance records received as part of any FHIR data exchange.
+              - Generates provenance records for each non-Provenance resource, at a minimum identifying the
+                Health Plan as the Transmitter of the data in PDex exchanges.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :pdex_provenance_test_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
 
-      wait(
-        identifier:,
-        message: <<~MESSAGE
-          The developer of the Health IT Module attests that the system:
+    run do
+      assert pdex_provenance_test_options == 'true', %(
+        The following was not satisfied:
 
+          The Health IT Module
           - Incorporates provenance records received as part of any FHIR data exchange.
           - Generates provenance records for each non-Provenance resource, at a minimum identifying the
             Health Plan as the Transmitter of the data in PDex exchanges.
 
-          [Click here](#{resume_pass_url}?token=#{identifier}) if the system **meets** these requirements.
-
-          [Click here](#{resume_fail_url}?token=#{identifier}) if the system **does not meet** these requirements.
-        MESSAGE
       )
+      pass pdex_provenance_test_note if pdex_provenance_test_note.present?
     end
+
   end
 end

data/lib/davinci_pdex_test_kit/pdex_payer_server/visual_inspection_and_attestation/read_and_search_hrex.rb

@@ -16,20 +16,41 @@ module DaVinciPDexTestKit
     verifies_requirements 'hl7.fhir.us.davinci-pdex_2.0.0@17',
                           'hl7.fhir.us.davinci-pdex_2.0.0@18'
 
-    run do
-      identifier = SecureRandom.hex(32)
+    input :pdex_coverage_interaction_support_test_options,
+          title: 'Supports Read and Search for the HRex Coverage resource',
+          description: %(
+            I attest that the Health IT Module supports both the FHIR Read and Search
+              operations for the Coverage resource using the HRex Coverage profile.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :pdex_coverage_interaction_support_test_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
 
-      wait(
-        identifier:,
-        message: <<~MESSAGE
-          I attest that the Health IT Module supports both the FHIR Read and Search
-          operations for the Coverage resource using the HRex Coverage profile.
+    run do
+      assert pdex_coverage_interaction_support_test_options == 'true', %(
+        The following was not satisfied:
 
-          [Click here](#{resume_pass_url}?token=#{identifier}) if the system **meets** these requirements.
+          The Health IT Module supports the FHIR Read and Search operations for the Coverage resource,
+          using the HRex Coverage profile.
 
-          [Click here](#{resume_fail_url}?token=#{identifier}) if the system **does not meet** these requirements.
-        MESSAGE
       )
+      pass pdex_coverage_interaction_support_test_note if pdex_coverage_interaction_support_test_note.present?
     end
+
   end
 end

data/lib/davinci_pdex_test_kit/pdex_payer_server/visual_inspection_and_attestation/resources_in_capability_statement.rb

@@ -16,20 +16,41 @@ module DaVinciPDexTestKit
     verifies_requirements 'hl7.fhir.us.davinci-pdex_2.0.0@15',
                           'hl7.fhir.us.davinci-pdex_2.0.0@19'
 
-    run do
-      identifier = SecureRandom.hex(32)
+    input :pdex_capability_statement_declaration_test_options,
+          title: 'Declares resources and operations in CapabilityStatement',
+          description: %(
+            The developer of the Health IT Module attests that all FHIR resources and operations
+              available via a FHIR API endpoint are declared in the system's CapabilityStatement.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :pdex_capability_statement_declaration_test_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
 
-      wait(
-        identifier:,
-        message: <<~MESSAGE
-          The developer of the Health IT Module attests that all FHIR resources and operations
-          available via a FHIR API endpoint are declared in the system's CapabilityStatement.
+    run do
+      assert pdex_capability_statement_declaration_test_options == 'true', %(
+        The following was not satisfied:
 
-          [Click here](#{resume_pass_url}?token=#{identifier}) if the system **meets** these requirements.
+          The Health IT Module declares all FHIR resources and operations available via its API
+          in its FHIR CapabilityStatement, in accordance with PDex requirements.
 
-          [Click here](#{resume_fail_url}?token=#{identifier}) if the system **does not meet** these requirements.
-        MESSAGE
       )
+      pass pdex_capability_statement_declaration_test_note if pdex_capability_statement_declaration_test_note.present?
     end
+
   end
 end

data/lib/davinci_pdex_test_kit/pdex_payer_server/workflow_member_match_group.rb

@@ -61,18 +61,20 @@ module DaVinciPDexTestKit
 
       test from: :pdex_member_match_profile_validation do
         id :pdex_one_match_profile_validation
-        title '[USER INPUT VALIDATION] Member match request for exactly one match is valid'
+        title 'Member match request for exactly one match is valid'
         description %{
           This test validates the conformity of the user input to the
           [HRex Member Match Request Profile](https://hl7.org/fhir/us/davinci-hrex/STU1/StructureDefinition-hrex-parameters-member-match-in.html),
           ensuring subsequent tests can accurately simulate content. It also checks conformance to the [Parameters Resource](https://hl7.org/fhir/R4/parameters.html),
           mandatory elements, and terminology.
         }
+        simulation_verification
       end
 
       test from: :pdex_member_match_local_ref_validation do
         id :pdex_member_match_local_ref
-        title '[USER INPUT VALIDATION] Member match request only uses local references'
+        title 'Member match request only uses local references'
+        simulation_verification
       end
 
       test from: :pdex_coverage_to_link_minimal_validation

data/lib/davinci_pdex_test_kit/pdex_payer_server_suite.rb

@@ -1,5 +1,7 @@
 require 'us_core_test_kit/generated/v3.1.1/us_core_test_suite'
 
+require_relative 'remove_input'
+
 require_relative 'pdex_payer_server/workflow_member_match_group'
 require_relative 'pdex_payer_server/workflow_clinical_data_group'
 require_relative 'pdex_payer_server/workflow_everything_group'
@@ -69,8 +71,13 @@ module DaVinciPDexTestKit
       igs 'hl7.fhir.us.davinci-pdex#2.0.0'
       # hrex 1.0.0 and other dependencies will auto-load
 
+      validation_context do
+        snomedCT '731000124108'
+      end
+
       # Copy messages limit from Bulk Data Export tests
-      message_filters = VALIDATION_MESSAGE_FILTERS + VERSION_SPECIFIC_MESSAGE_FILTERS
+      message_filters = VALIDATION_MESSAGE_FILTERS + VERSION_SPECIFIC_MESSAGE_FILTERS +
+                        USCoreTestKit::USCoreV311::USCoreTestSuite::VALIDATION_MESSAGE_FILTERS
 
       $num_messages = 0
       $capped_message = false
@@ -214,5 +221,6 @@ module DaVinciPDexTestKit
     group from: :pdex_server_visual_inspection_and_attestation do
       optional
     end
+    RemoveInput::recursive_remove_input(groups.last, :url)
   end
 end

data/lib/davinci_pdex_test_kit/pdex_provider_client_suite.rb

@@ -51,10 +51,13 @@ module DaVinciPDexTestKit
         igs 'hl7.fhir.us.davinci-pdex#2.0.0'
         # hrex 1.0.0 and other dependencies will auto-load
 
+        validation_context do
+          snomedCT '731000124108'
+        end
+
         exclude_message do |message|
           message.message.match?(/\A\S+: \S+: URL value '.*' does not resolve/)
         end
-
       end
 
       requirement_sets(

data/lib/davinci_pdex_test_kit/remove_input.rb

@@ -0,0 +1,10 @@
+module DaVinciPDexTestKit
+  module RemoveInput
+    module_function
+    def recursive_remove_input(runnable, input)
+      runnable.inputs.delete(input)
+      runnable.input_order.delete(input)
+      runnable.children.each { |child_runnable| recursive_remove_input(child_runnable, input) }
+    end
+  end
+end

data/lib/davinci_pdex_test_kit/version.rb

@@ -1,4 +1,4 @@
 module DaVinciPDexTestKit
-  VERSION = '0.12.3'.freeze
-  LAST_UPDATED = '2025-07-09'.freeze
+  VERSION = '0.13.1'.freeze
+  LAST_UPDATED = '2026-06-01'.freeze
 end