onc_certification_g10_test_kit 3.0.0 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/onc_certification_g10_test_kit/base_token_refresh_group.rb +2 -0
- data/lib/onc_certification_g10_test_kit/bulk_data_group_export_stu2.rb +1 -1
- data/lib/onc_certification_g10_test_kit/export_kick_off_performer.rb +3 -2
- data/lib/onc_certification_g10_test_kit/onc_program_procedure.yml +1501 -658
- data/lib/onc_certification_g10_test_kit/profile_selector.rb +3 -1
- data/lib/onc_certification_g10_test_kit/single_patient_api_group.rb +3 -0
- data/lib/onc_certification_g10_test_kit/single_patient_us_core_4_api_group.rb +3 -0
- data/lib/onc_certification_g10_test_kit/single_patient_us_core_5_api_group.rb +5 -2
- data/lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group.rb +1 -2
- data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb +3 -0
- data/lib/onc_certification_g10_test_kit/smart_invalid_token_refresh_test.rb +37 -0
- data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb +3 -0
- data/lib/onc_certification_g10_test_kit/version.rb +1 -1
- data/lib/onc_certification_g10_test_kit/visual_inspection_and_attestations_group.rb +36 -0
- data/lib/onc_certification_g10_test_kit/well_known_capabilities_test.rb +1 -1
- metadata +9 -8
@@ -2,7 +2,7 @@ procedure:
|
|
2
2
|
- section: Paragraph (g)(10)(iii) - Application registration
|
3
3
|
steps:
|
4
4
|
- group: Application Registration
|
5
|
-
id: APP-
|
5
|
+
id: APP-REG-1
|
6
6
|
SUT: |
|
7
7
|
The health IT developer demonstrates the Health IT Module supports
|
8
8
|
application registration with an authorization server for the purposes
|
@@ -16,13 +16,13 @@ procedure:
|
|
16
16
|
registration functions to enable authentication and authorization in §
|
17
17
|
170.315(g)(10)(v).
|
18
18
|
inferno_tests:
|
19
|
-
-
|
19
|
+
- 9.10.01
|
20
20
|
inferno_supported: 'yes'
|
21
21
|
inferno_notes: |
|
22
22
|
This requires a visual inspection and attestation because it is not
|
23
23
|
possible to automate without any standard method required for application
|
24
24
|
registration.
|
25
|
-
- id: APP-
|
25
|
+
- id: APP-REG-2
|
26
26
|
SUT: |
|
27
27
|
The health IT developer demonstrates the Health IT Module supports
|
28
28
|
application registration with an authorization server for the purposes
|
@@ -35,8 +35,8 @@ procedure:
|
|
35
35
|
access for multiple patients including support for application
|
36
36
|
registration functions to enable authentication and authorization in §
|
37
37
|
170.315(g)(10)(v).
|
38
|
-
inferno_tests:
|
39
|
-
-
|
38
|
+
inferno_tests:
|
39
|
+
- 9.10.02
|
40
40
|
inferno_supported: 'yes'
|
41
41
|
inferno_notes: |
|
42
42
|
This requires a visual inspection and attestation because it is not
|
@@ -45,36 +45,53 @@ procedure:
|
|
45
45
|
- section: Paragraph (g)(10)(iv) – Secure connection
|
46
46
|
steps:
|
47
47
|
- group: Secure connection
|
48
|
-
id:
|
49
|
-
SUT: |
|
48
|
+
id: SEC-CNN-1
|
49
|
+
SUT: |
|
50
50
|
For all transmissions between the Health IT Module and the
|
51
|
-
application, the health IT developer demonstrates the use of a
|
52
|
-
|
53
|
-
|
54
|
-
|
51
|
+
application, the health IT developer demonstrates the use of a secure
|
52
|
+
and trusted connection in accordance with the implementation
|
53
|
+
specifications adopted in § 170.215(a)(2) and § 170.215(a)(3),
|
54
|
+
including:
|
55
55
|
* Using TLS version 1.2 or higher; and
|
56
|
-
* Conformance to FHIR Communications Security requirements.
|
56
|
+
* Conformance to FHIR® Communications Security requirements.
|
57
57
|
TLV: |
|
58
58
|
For all transmissions between the Health IT Module and the
|
59
59
|
application, the tester verifies the use of a secure and trusted
|
60
60
|
connection in accordance with the implementation specifications
|
61
61
|
adopted in § 170.215(a)(2) and § 170.215(a)(3), including:
|
62
62
|
* Using TLS version 1.2 or higher; and
|
63
|
-
* Conformance to FHIR Communications Security requirements.
|
63
|
+
* Conformance to FHIR® Communications Security requirements.
|
64
64
|
inferno_supported: 'yes'
|
65
65
|
inferno_tests:
|
66
|
-
- 1.
|
67
|
-
- 1.
|
66
|
+
- 1.3.01
|
67
|
+
- 1.3.04
|
68
|
+
- 1.4.01
|
69
|
+
- 1.4.04
|
68
70
|
- 2.1.01
|
69
71
|
- 2.1.04
|
70
|
-
-
|
71
|
-
-
|
72
|
+
- 2.2.01
|
73
|
+
- 2.2.04
|
74
|
+
- 3.3.03
|
75
|
+
- 3.3.06
|
76
|
+
- 3.4.03
|
77
|
+
- 3.4.06
|
72
78
|
- 4.1.01
|
73
79
|
- 5.1.01
|
74
|
-
- 5.2.01
|
75
|
-
- 5.3.01
|
76
80
|
- 6.1.01
|
77
|
-
-
|
81
|
+
- 7.1.01
|
82
|
+
- 7.2.01
|
83
|
+
- 7.3.01
|
84
|
+
- 8.1.01
|
85
|
+
- 8.2.01
|
86
|
+
- 8.3.01
|
87
|
+
- 9.1.01
|
88
|
+
- 9.1.04
|
89
|
+
- 9.2.01
|
90
|
+
- 9.2.04
|
91
|
+
- 9.8.03
|
92
|
+
- 9.8.06
|
93
|
+
- 9.9.03
|
94
|
+
- 9.9.06
|
78
95
|
inferno_notes: |
|
79
96
|
Inferno tests that all endpoints provided support at least TLS
|
80
97
|
version 1.2, and rejects all requests for TLS version 1.1 or below.
|
@@ -87,62 +104,64 @@ procedure:
|
|
87
104
|
- section: Paragraph (g)(10)(v)(A) – Authentication and authorization for patient and user scopes
|
88
105
|
steps:
|
89
106
|
- group: Authentication and Authorization for Patient and User Scopes
|
90
|
-
id:
|
91
|
-
SUT: |
|
107
|
+
id: AUT-PAT-1
|
108
|
+
SUT: |
|
92
109
|
The health IT developer demonstrates the ability of the Health IT
|
93
|
-
Module to support the following for “EHR-Launch,” “
|
94
|
-
and “Both” (“EHR-Launch” and “Standalone-Launch”) as
|
95
|
-
|
96
|
-
170.215(a)(3).
|
110
|
+
Module to support the following for “EHR-Launch,” “Standalone-Launch,”
|
111
|
+
and “Both” (“EHR-Launch” and “Standalone-Launch”) as specified in the
|
112
|
+
implementation specification adopted in § 170.215(a)(3).
|
97
113
|
TLV: |
|
98
|
-
The tester verifies the ability of the Health IT Module to support
|
99
|
-
|
114
|
+
The tester verifies the ability of the Health IT Module to support the
|
115
|
+
following for “EHR-Launch,” “Standalone-Launch,” and “Both”
|
100
116
|
(“EHR-Launch” and “Standalone-Launch”) as specified in the
|
101
117
|
implementation specification adopted in § 170.215(a)(3).
|
102
118
|
inferno_supported: 'yes'
|
103
119
|
inferno_tests:
|
104
|
-
- 1.
|
105
|
-
-
|
120
|
+
- 1.3.01 - 1.3.07
|
121
|
+
- 1.4.01 - 1.4.07
|
122
|
+
- 3.3.01 - 3.3.09
|
123
|
+
- 3.4.01 - 3.4.09
|
106
124
|
inferno_notes: |
|
107
125
|
Complete demonstration of these capabilities are accomplished
|
108
126
|
through subsequent steps in the test procedure.
|
109
|
-
- id:
|
127
|
+
- id: AUT-PAT-2
|
110
128
|
SUT: |
|
111
|
-
[EHR-Launch] The health IT developer demonstrates the ability of
|
112
|
-
|
113
|
-
“launch-ehr" “SMART on FHIR Core Capability” SMART EHR Launch
|
114
|
-
|
129
|
+
[EHR-Launch] The health IT developer demonstrates the ability of the
|
130
|
+
Health IT Module to initiate a “launch sequence” using the
|
131
|
+
“launch-ehr" “SMART on FHIR® Core Capability” SMART EHR Launch mode
|
132
|
+
detailed in the implementation specification adopted in §
|
115
133
|
170.215(a)(3), including:
|
116
134
|
* Launching the registered launch URL of the application; and
|
117
135
|
* Passing the parameters: “iss” and “launch”.
|
118
136
|
TLV: |
|
119
|
-
[EHR-Launch] The tester verifies the ability of the Health IT
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
170.215(a)(3), including:
|
137
|
+
[EHR-Launch] The tester verifies the ability of the Health IT Module
|
138
|
+
to initiate a “launch sequence” using the “launch-ehr" “SMART on FHIR®
|
139
|
+
Core Capability” SMART EHR Launch mode detailed in the implementation
|
140
|
+
specification adopted in § 170.215(a)(3), including:
|
124
141
|
* Launching the registered launch URL of the application; and
|
125
142
|
* Passing the parameters: “iss” and “launch”.
|
126
143
|
inferno_supported: 'yes'
|
127
144
|
inferno_tests:
|
128
|
-
- 3.
|
129
|
-
- 3.
|
130
|
-
|
145
|
+
- 3.3.01 - 3.3.02
|
146
|
+
- 3.3.04
|
147
|
+
- 3.4.01 - 3.4.02
|
148
|
+
- 3.4.04
|
149
|
+
- id: AUT-PAT-3
|
131
150
|
SUT: |
|
132
|
-
[Standalone-Launch] The health IT developer demonstrates the
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
adopted in § 170.215(a)(3).
|
151
|
+
[Standalone-Launch] The health IT developer demonstrates the ability
|
152
|
+
of the Health IT Module to launch using the “launch-standalone" “SMART
|
153
|
+
on FHIR® Core Capability” SMART Standalone Launch mode detailed in the
|
154
|
+
implementation specification adopted in § 170.215(a)(3).
|
137
155
|
TLV: |
|
138
156
|
[Standalone-Launch] The tester verifies the ability of the Health IT
|
139
|
-
Module to launch using the “launch-standalone" “SMART on FHIR
|
140
|
-
|
157
|
+
Module to launch using the “launch-standalone" “SMART on FHIR® Core
|
158
|
+
Capability” SMART Standalone Launch mode detailed in the
|
141
159
|
implementation specification adopted in § 170.215(a)(3).
|
142
160
|
inferno_supported: 'yes'
|
143
161
|
inferno_tests:
|
144
|
-
- 1.
|
145
|
-
|
162
|
+
- 1.3.02
|
163
|
+
- 1.4.02
|
164
|
+
- id: AUT-PAT-4
|
146
165
|
SUT: |
|
147
166
|
[Standalone-Launch] The health IT developer demonstrates the ability
|
148
167
|
of the Health IT Module to support SMART’s public client profile.
|
@@ -151,43 +170,62 @@ procedure:
|
|
151
170
|
Module to support SMART’s public client profile.
|
152
171
|
inferno_supported: 'yes'
|
153
172
|
inferno_tests:
|
154
|
-
-
|
155
|
-
-
|
156
|
-
|
173
|
+
- 9.1.02 - 9.1.03
|
174
|
+
- 9.1.05 - 9.1.09
|
175
|
+
- 9.2.02 - 9.2.03
|
176
|
+
- 9.2.05 - 9.2.09
|
177
|
+
- id: AUT-PAT-5
|
157
178
|
SUT: |
|
158
|
-
[Both] The health IT developer demonstrates the ability of the
|
159
|
-
|
160
|
-
|
161
|
-
|
179
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
180
|
+
IT Module to support the following as detailed in the implementation
|
181
|
+
specification adopted in § 170.215(a)(3) and standard adopted in §
|
182
|
+
170.215(a)(1):
|
162
183
|
* The “.well-known/smart-configuration.json” path; and
|
163
|
-
* A FHIR “CapabilityStatement”.
|
184
|
+
* A FHIR® “CapabilityStatement”.
|
164
185
|
TLV: |
|
165
186
|
[Both] The tester verifies the ability of the Health IT Module to
|
166
|
-
support the following as detailed in the implementation
|
167
|
-
|
168
|
-
170.215(a)(1):
|
187
|
+
support the following as detailed in the implementation specification
|
188
|
+
adopted in § 170.215(a)(3) and standard adopted in § 170.215(a)(1):
|
169
189
|
* The “.well-known/smart-configuration.json” path; and
|
170
|
-
* A FHIR “CapabilityStatement”.
|
190
|
+
* A FHIR® “CapabilityStatement”.
|
171
191
|
inferno_supported: 'yes'
|
172
192
|
inferno_tests:
|
173
193
|
- 1.1.01 - 1.1.03
|
174
194
|
- 3.1.01 - 3.1.03
|
175
|
-
- id:
|
195
|
+
- id: AUT-PAT-24
|
196
|
+
SUT: |
|
197
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
198
|
+
IT Module to support a “.well-known/smart-configuration.json” path as
|
199
|
+
detailed in the implementation specification adopted in §
|
200
|
+
170.215(a)(3) and standard adopted in § 170.215(a)(1).
|
201
|
+
TLV: |
|
202
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
203
|
+
support a “.well-known/smart-configuration.json” path as detailed in
|
204
|
+
the implementation specification adopted in § 170.215(a)(3) and
|
205
|
+
standard adopted in § 170.215(a)(1).
|
206
|
+
inferno_supported: 'yes'
|
207
|
+
inferno_tests:
|
208
|
+
- 1.2.01 - 1.2.03
|
209
|
+
- 3.2.01 - 3.2.03
|
210
|
+
- id: AUT-PAT-6
|
176
211
|
SUT: |
|
177
212
|
[Both] The health IT developer demonstrates the ability of the
|
178
|
-
“.well-known/smart-configuration.json” path to support at least
|
179
|
-
|
180
|
-
|
213
|
+
“.well-known/smart-configuration.json” path to support at least the
|
214
|
+
following as detailed in the implementation specification adopted in §
|
215
|
+
170.215(a)(3):
|
181
216
|
* “authorization_endpoint”;
|
182
217
|
* “token_endpoint”; and
|
183
|
-
* “capabilities” (including support for all the “SMART on FHIR Core
|
218
|
+
* “capabilities” (including support for all the “SMART on FHIR® Core
|
219
|
+
Capabilities”).
|
184
220
|
TLV: |
|
185
|
-
[Both] The tester verifies the ability of the
|
186
|
-
path to support at least the
|
187
|
-
adopted in §
|
221
|
+
[Both] The tester verifies the ability of the
|
222
|
+
“.well-known/smart-configuration.json” path to support at least the
|
223
|
+
following as detailed in the implementation specification adopted in §
|
224
|
+
170.215(a)(3):
|
188
225
|
* “authorization_endpoint”;
|
189
226
|
* “token_endpoint”; and
|
190
|
-
* “capabilities” (including support for all the “SMART on FHIR Core
|
227
|
+
* “capabilities” (including support for all the “SMART on FHIR® Core
|
228
|
+
Capabilities”).
|
191
229
|
inferno_supported: 'yes'
|
192
230
|
inferno_tests:
|
193
231
|
- 1.1.02
|
@@ -198,21 +236,68 @@ procedure:
|
|
198
236
|
Inferno additionally checks that the "authorization endpoint" and the
|
199
237
|
"token endpoint" are consistent between the Capability Statement and
|
200
238
|
the well-known endpoint.
|
201
|
-
- id:
|
239
|
+
- id: AUT-PAT-25
|
202
240
|
SUT: |
|
203
241
|
[Both] The health IT developer demonstrates the ability of the
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
242
|
+
“.well-known/smart-configuration.json” path to support at least the
|
243
|
+
following as detailed in the implementation specification adopted in §
|
244
|
+
170.215(a)(3):
|
245
|
+
* “authorization_endpoint”;
|
246
|
+
* “token_endpoint”;
|
247
|
+
* “capabilities” including support for “launch-ehr",
|
248
|
+
“launch-standalone”, “client-public”,
|
249
|
+
“client-confidential-symmetric", “sso-openid-connect",
|
250
|
+
“context-banner”, “context-style”, “context-ehr-patient",
|
251
|
+
“context-standalone-patient", “permission-offline”,
|
252
|
+
“permission-patient”, “permission-user”, “authorize-post”,
|
253
|
+
“permission-v2”;
|
254
|
+
* “grant_types_supported” with support for “authorization_code” and
|
255
|
+
“client_credentials”; and
|
256
|
+
* “code_challenge_methods_supported” with support for “S256” and shall
|
257
|
+
not include support for “plain”
|
258
|
+
|
259
|
+
Additionally, the following “capabilities” must be supported if using
|
260
|
+
US Core 5.0.1:
|
261
|
+
* "context-ehr-encounter"
|
262
|
+
TLV: |
|
263
|
+
[Both] The tester verifies the ability of the
|
264
|
+
“.well-known/smart-configuration.json” path to support at least the
|
265
|
+
following as detailed in the implementation specification adopted in §
|
266
|
+
170.215(a)(3):
|
267
|
+
* “authorization_endpoint”;
|
268
|
+
* “token_endpoint”;
|
269
|
+
* “capabilities” including support for “launch-ehr",
|
270
|
+
“launch-standalone”, “client-public”,
|
271
|
+
“client-confidential-symmetric", “sso-openid-connect",
|
272
|
+
“context-banner”, “context-style”, “context-ehr-patient",
|
273
|
+
“context-standalone-patient", “permission-offline”,
|
274
|
+
“permission-patient”, “permission-user”, “authorize-post”,
|
275
|
+
“permission-v2”;
|
276
|
+
* “grant_types_supported” with support for “authorization_code” and
|
277
|
+
“client_credentials”; and
|
278
|
+
* “code_challenge_methods_supported” with support for “S256” and shall
|
279
|
+
not include support for “plain”
|
280
|
+
|
281
|
+
Additionally, the following “capabilities” must be supported if using
|
282
|
+
US Core 5.0.1:
|
283
|
+
* "context-ehr-encounter"
|
284
|
+
inferno_supported: 'yes'
|
285
|
+
inferno_tests:
|
286
|
+
- 1.2.01 - 1.2.03
|
287
|
+
- 3.2.01 - 3.2.03
|
288
|
+
- id: AUT-PAT-7
|
289
|
+
SUT: |
|
290
|
+
[Both] The health IT developer demonstrates the ability of the FHIR®
|
291
|
+
“CapabilityStatement” to support at least the following components as
|
292
|
+
detailed in the implementation specification adopted in §
|
293
|
+
170.215(a)(3) and standard adopted in § 170.215(a)(1), including:
|
208
294
|
* “authorize”; and
|
209
295
|
* “token”.
|
210
296
|
TLV: |
|
211
|
-
[Both] The tester verifies the ability of the FHIR
|
212
|
-
“CapabilityStatement” to support at least the following
|
213
|
-
|
214
|
-
|
215
|
-
170.215(a)(1), including:
|
297
|
+
[Both] The tester verifies the ability of the FHIR®
|
298
|
+
“CapabilityStatement” to support at least the following components as
|
299
|
+
detailed in the implementation specification adopted in §
|
300
|
+
170.215(a)(3) and standard adopted in § 170.215(a)(1), including:
|
216
301
|
* “authorize”; and
|
217
302
|
* “token”.
|
218
303
|
inferno_supported: 'yes'
|
@@ -223,12 +308,12 @@ procedure:
|
|
223
308
|
Inferno additionally checks that the "authorization endpoint" and the
|
224
309
|
"token endpoint" are consistent between the Capability Statement and
|
225
310
|
the well-known endpoint.
|
226
|
-
- id:
|
311
|
+
- id: AUT-PAT-8
|
227
312
|
SUT: |
|
228
|
-
[Both] The health IT developer demonstrates the ability of the
|
229
|
-
|
230
|
-
|
231
|
-
|
313
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
314
|
+
IT Module to receive an authorization request according to the
|
315
|
+
implementation specification adopted in § 170.215(a)(3), including
|
316
|
+
support for the following parameters:
|
232
317
|
* “response_type”;
|
233
318
|
* “client_id”;
|
234
319
|
* “redirect_uri”;
|
@@ -249,138 +334,284 @@ procedure:
|
|
249
334
|
* “state”; and
|
250
335
|
* “aud”.
|
251
336
|
inferno_supported: 'yes'
|
252
|
-
inferno_tests:
|
253
|
-
- 1.
|
254
|
-
- 3.
|
255
|
-
- id:
|
337
|
+
inferno_tests:
|
338
|
+
- 1.3.02 - 1.3.03
|
339
|
+
- 3.3.04 - 3.3.05
|
340
|
+
- id: AUT-PAT-26
|
341
|
+
SUT: |
|
342
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
343
|
+
IT Module to receive an authorization request according to the
|
344
|
+
implementation specification adopted in § 170.215(a)(3), including
|
345
|
+
support for the following parameters:
|
346
|
+
* “response_type”;
|
347
|
+
* “client_id”;
|
348
|
+
* “redirect_uri”;
|
349
|
+
* “launch” (for EHR-Launch mode only);
|
350
|
+
* “scope”;
|
351
|
+
* “state”;
|
352
|
+
* “aud”;
|
353
|
+
* “code_challenge”; and
|
354
|
+
* “code_challenge_method”
|
355
|
+
TLV: |
|
356
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
357
|
+
receive an authorization request according to the implementation
|
358
|
+
specification adopted in § 170.215(a)(3), including support for the
|
359
|
+
following parameters:
|
360
|
+
* “response_type”;
|
361
|
+
* “client_id”;
|
362
|
+
* “redirect_uri”;
|
363
|
+
* “launch” (for EHR-Launch mode only);
|
364
|
+
* “scope”;
|
365
|
+
* “state”;
|
366
|
+
* “aud”;
|
367
|
+
* “code_challenge”; and
|
368
|
+
* “code_challenge_method”
|
369
|
+
inferno_supported: 'yes'
|
370
|
+
inferno_tests:
|
371
|
+
- 1.4.02 - 1.4.03
|
372
|
+
- 3.4.04 - 3.4.05
|
373
|
+
- id: AUT-PAT-27
|
374
|
+
SUT: |
|
375
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
376
|
+
IT Module’s Authorization Server to support the use of the HTTP GET
|
377
|
+
and POST methods at the Authorization Endpoint as detailed in the
|
378
|
+
implementation specification adopted in § 170.215(a)(3).
|
379
|
+
TLV: |
|
380
|
+
[Both] The tester verifies the ability of the Health IT Module’s
|
381
|
+
Authorization Server to support the use of the HTTP GET and POST
|
382
|
+
methods at the Authorization Endpoint as detailed in the
|
383
|
+
implementation specification adopted in § 170.215(a)(3).
|
384
|
+
inferno_supported: 'yes'
|
385
|
+
inferno_tests:
|
386
|
+
- 1.4.05 - 1.4.07
|
387
|
+
- 3.4.07 - 3.4.09
|
388
|
+
- id: AUT-PAT-9
|
389
|
+
SUT: |
|
390
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
391
|
+
IT Module to support the receipt of the following scopes and
|
392
|
+
capabilities according to the implementation specification adopted in
|
393
|
+
§ 170.215(a)(3) and standard adopted in § 170.215(b):
|
394
|
+
* “openid” (to support “sso-openid-connect” “SMART on FHIR® Core
|
395
|
+
Capability”);
|
396
|
+
* “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR® Core
|
397
|
+
Capability”);
|
398
|
+
* “need_patient_banner” (to support “context-banner” “SMART on FHIR®
|
399
|
+
Core Capability” for EHR-Launch mode only);
|
400
|
+
* “smart_style_url” (to support “context-style” “SMART on FHIR® Core
|
401
|
+
Capability” for EHR-Launch mode only);
|
402
|
+
* “launch/patient” (to support “context-standalone-patient” “SMART on
|
403
|
+
FHIR® Core Capability” for Standalone-Launch mode only);
|
404
|
+
* “launch” (for EHR-Launch mode only);
|
405
|
+
* “offline_access” (to support “permission-offline” “SMART on FHIR®
|
406
|
+
Core Capability”);
|
407
|
+
* Patient-level scopes (to support “permission-patient” “SMART on
|
408
|
+
FHIR® Core Capability”); and
|
409
|
+
* User-level scopes (to support “permission-user” “SMART on FHIR® Core
|
410
|
+
Capability”).
|
411
|
+
TLV: |
|
412
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
413
|
+
support the receipt of the following scopes according to the
|
414
|
+
implementation specification adopted in § 170.215(a)(3) and standard
|
415
|
+
adopted in § 170.215(b):
|
416
|
+
* “openid” (to support “sso-openid-connect” “SMART on FHIR® Core
|
417
|
+
Capability”);
|
418
|
+
* “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR® Core
|
419
|
+
Capability”);
|
420
|
+
* “need_patient_banner” (to support “context-banner” “SMART on FHIR®
|
421
|
+
Core Capability” for EHR-Launch mode only);
|
422
|
+
* “smart_style_url” (to support “context-style” “SMART on FHIR® Core
|
423
|
+
Capability” for EHR-Launch mode only);
|
424
|
+
* “launch/patient” (to support “context-standalone-patient” “SMART on
|
425
|
+
FHIR® Core Capability” for Standalone-Launch mode only);
|
426
|
+
* “launch” (for EHR-Launch mode only);
|
427
|
+
* “offline_access” (to support “permission-offline” “SMART on FHIR®
|
428
|
+
Core Capability”);
|
429
|
+
* Patient-level scopes (to support “permission-patient” “SMART on
|
430
|
+
FHIR® Core Capability”); and
|
431
|
+
* User-level scopes (to support “permission-user” “SMART on FHIR® Core
|
432
|
+
Capability”).
|
433
|
+
inferno_supported: 'yes'
|
434
|
+
inferno_tests:
|
435
|
+
- 1.3.02
|
436
|
+
- 3.3.04
|
437
|
+
inferno_notes: |
|
438
|
+
This step refers to only the receipt of these scopes, which is covered in
|
439
|
+
Inferno in one step in each the EHR and Standalone launch cases. However,
|
440
|
+
it is not possible to tell if these scopes were properly granted until
|
441
|
+
verifying that the client has access to perform the necessary steps.
|
442
|
+
Inferno does this as well, but this mapping only refers to the 'receipt' portion
|
443
|
+
of the launch process.
|
444
|
+
- id: AUT-PAT-28
|
256
445
|
SUT: |
|
257
446
|
[Both] The health IT developer demonstrates the ability of the Health
|
258
447
|
IT Module to support the receipt of the following scopes and
|
259
448
|
capabilities according to the implementation specification adopted in
|
260
449
|
§ 170.215(a)(3) and standard adopted in § 170.215(b):
|
261
|
-
* “openid” (to support “sso-openid-connect” “SMART on FHIR
|
262
|
-
|
263
|
-
* “
|
264
|
-
|
265
|
-
* “
|
450
|
+
* “openid” (to support “sso-openid-connect” “SMART on FHIR®
|
451
|
+
Capability”);
|
452
|
+
* “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR®
|
453
|
+
Capability”);
|
454
|
+
* “need_patient_banner” (to support “context-banner” “SMART on FHIR®
|
455
|
+
Capability” for EHR-Launch mode only);
|
456
|
+
* “smart_style_url” (to support “context-style” “SMART on FHIR®
|
457
|
+
Capability” for EHR-Launch mode only);
|
458
|
+
* “launch/patient” (to support “context-standalone-patient” “SMART on
|
459
|
+
FHIR® Capability” for Standalone-Launch mode only);
|
266
460
|
* “launch” (for EHR-Launch mode only);
|
267
|
-
* “offline_access” (to support “permission-offline” “SMART on FHIR
|
268
|
-
|
269
|
-
*
|
461
|
+
* “offline_access” (to support “permission-offline” “SMART on FHIR®
|
462
|
+
Capability”);
|
463
|
+
* Patient-level scopes (to support “permission-patient” and “SMART on
|
464
|
+
FHIR® Capability”); and
|
465
|
+
* User-level scopes (to support “permission-user” “SMART on FHIR®
|
466
|
+
Capability”).
|
467
|
+
* SMARTv2 scope syntax for patient-level and user-level scopes (to
|
468
|
+
support “permission-v2” “SMART on FHIR® Capability”)
|
270
469
|
TLV: |
|
271
470
|
[Both] The tester verifies the ability of the Health IT Module to
|
272
471
|
support the receipt of the following scopes and capabilities according
|
273
472
|
to the implementation specification adopted in § 170.215(a)(3) and
|
274
473
|
standard adopted in § 170.215(b):
|
275
|
-
* “openid” (to support “sso-openid-connect” “SMART on FHIR
|
276
|
-
|
277
|
-
* “
|
278
|
-
|
279
|
-
* “
|
474
|
+
* “openid” (to support “sso-openid-connect” “SMART on FHIR®
|
475
|
+
Capability”);
|
476
|
+
* “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR®
|
477
|
+
Capability”);
|
478
|
+
* “need_patient_banner” (to support “context-banner” “SMART on FHIR®
|
479
|
+
Capability” for EHR-Launch mode only);
|
480
|
+
* “smart_style_url” (to support “context-style” “SMART on FHIR®
|
481
|
+
Capability” for EHR-Launch mode only);
|
482
|
+
* “launch/patient” (to support “context-standalone-patient” “SMART on
|
483
|
+
FHIR® Capability” for Standalone-Launch mode only);
|
280
484
|
* “launch” (for EHR-Launch mode only);
|
281
|
-
* “offline_access” (to support “permission-offline” “SMART on FHIR
|
282
|
-
|
283
|
-
*
|
485
|
+
* “offline_access” (to support “permission-offline” “SMART on FHIR®
|
486
|
+
Capability”);
|
487
|
+
* Patient-level scopes (to support “permission-patient” and “SMART on
|
488
|
+
FHIR® Capability”); and
|
489
|
+
* User-level scopes (to support “permission-user” “SMART on FHIR®
|
490
|
+
Capability”).
|
491
|
+
* SMARTv2 scope syntax for patient-level and user-level scopes (to
|
492
|
+
support “permission-v2” “SMART on FHIR® Capability”)
|
284
493
|
inferno_supported: 'yes'
|
285
494
|
inferno_tests:
|
286
|
-
- 1.
|
287
|
-
- 3.
|
495
|
+
- 1.4.02
|
496
|
+
- 3.4.04
|
288
497
|
inferno_notes: |
|
289
498
|
This step refers to only the receipt of these scopes, which is covered in
|
290
499
|
Inferno in one step in each the EHR and Standalone launch cases. However,
|
291
500
|
it is not possible to tell if these scopes were properly granted until
|
292
|
-
verifying that the client has access to perform the necessary steps.
|
501
|
+
verifying that the client has access to perform the necessary steps.
|
293
502
|
Inferno does this as well, but this mapping only refers to the 'receipt' portion
|
294
503
|
of the launch process.
|
295
|
-
- id:
|
504
|
+
- id: AUT-PAT-10
|
296
505
|
SUT: |
|
297
|
-
[Both] The health IT developer demonstrates the ability of the
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
§ 170.
|
305
|
-
|
306
|
-
|
307
|
-
*
|
308
|
-
*
|
309
|
-
*
|
310
|
-
*
|
311
|
-
*
|
312
|
-
*
|
313
|
-
*
|
314
|
-
*
|
315
|
-
*
|
316
|
-
*
|
317
|
-
*
|
318
|
-
*
|
319
|
-
*
|
320
|
-
*
|
506
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
507
|
+
IT Module to evaluate the authorization request and request end-user
|
508
|
+
input, if applicable (required for patient-facing applications),
|
509
|
+
including the ability for the end-user to authorize an application to
|
510
|
+
receive EHI based on FHIR® resource-level scopes for all of the FHIR®
|
511
|
+
resources associated with the profiles specified in the standard
|
512
|
+
adopted in § 170.213 and implementation specification adopted in
|
513
|
+
§ 170.215(a)(2).
|
514
|
+
|
515
|
+
If using US Core 3.1.1, 4.0.0, or 5.0.1, these resources include:
|
516
|
+
* “AllergyIntolerance”;
|
517
|
+
* “CarePlan”;
|
518
|
+
* “CareTeam”;
|
519
|
+
* “Condition”;
|
520
|
+
* “Device”;
|
521
|
+
* “DiagnosticReport”;
|
522
|
+
* “DocumentReference”;
|
523
|
+
* “Goal”;
|
524
|
+
* “Immunization”;
|
525
|
+
* “Medication” (if supported);
|
526
|
+
* “MedicationRequest”;
|
527
|
+
* “Observation”;
|
528
|
+
* “Patient”;
|
529
|
+
* “Procedure”; and
|
530
|
+
* “Provenance”.
|
531
|
+
|
532
|
+
Additionally, the following resources must be supported if using US
|
533
|
+
Core 5.0.1:
|
534
|
+
* “Encounter”;
|
535
|
+
* “RelatedPerson”; and
|
536
|
+
* “ServiceRequest”
|
321
537
|
TLV: |
|
322
|
-
[Both] The tester verifies the ability of the
|
323
|
-
|
324
|
-
|
325
|
-
|
326
|
-
|
327
|
-
on FHIR resource-level scopes for all of the FHIR resources
|
538
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
539
|
+
evaluate the authorization request and request end-user input, if
|
540
|
+
applicable (required for patient-facing applications), including the
|
541
|
+
ability for the end-user to authorize an application to receive EHI
|
542
|
+
based on FHIR® resource-level scopes for all of the FHIR® resources
|
328
543
|
associated with the profiles specified in the standard adopted in
|
329
|
-
§ 170.213 and implementation specification adopted in
|
330
|
-
|
331
|
-
|
332
|
-
*
|
333
|
-
*
|
334
|
-
*
|
335
|
-
*
|
336
|
-
*
|
337
|
-
*
|
338
|
-
*
|
339
|
-
*
|
340
|
-
*
|
341
|
-
*
|
342
|
-
*
|
343
|
-
*
|
344
|
-
*
|
345
|
-
*
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
544
|
+
§ 170.213 and implementation specification adopted in § 170.215(a)(2).
|
545
|
+
|
546
|
+
If using US Core 3.1.1, 4.0.0, or 5.0.1, these resources include:
|
547
|
+
* “AllergyIntolerance”;
|
548
|
+
* “CarePlan”;
|
549
|
+
* “CareTeam”;
|
550
|
+
* “Condition”;
|
551
|
+
* “Device”;
|
552
|
+
* “DiagnosticReport”;
|
553
|
+
* “DocumentReference”;
|
554
|
+
* “Goal”;
|
555
|
+
* “Immunization”;
|
556
|
+
* “Medication” (if supported);
|
557
|
+
* “MedicationRequest”;
|
558
|
+
* “Observation”;
|
559
|
+
* “Patient”;
|
560
|
+
* “Procedure”; and
|
561
|
+
* “Provenance”.
|
562
|
+
|
563
|
+
Additionally, the following resources must be supported if using US
|
564
|
+
Core 5.0.1:
|
565
|
+
* “Encounter”;
|
566
|
+
* “RelatedPerson”; and
|
567
|
+
* “ServiceRequest”
|
568
|
+
inferno_supported: 'yes'
|
569
|
+
inferno_tests:
|
570
|
+
- 1.3.02
|
571
|
+
- 1.3.05
|
572
|
+
- 1.4.02
|
573
|
+
- 1.4.05
|
574
|
+
- 3.3.04
|
575
|
+
- 3.3.07
|
576
|
+
- 3.4.04
|
577
|
+
- 3.4.07
|
352
578
|
- 2.1.02
|
353
579
|
- 2.1.05
|
354
|
-
-
|
355
|
-
- 2.2.
|
580
|
+
- 2.2.02
|
581
|
+
- 2.2.05
|
582
|
+
- 1.7.01 - 1.7.16
|
583
|
+
- 2.3.01 - 2.3.15
|
356
584
|
inferno_notes: |
|
357
585
|
Inferno verifies that end-user input is requested by requiring one app
|
358
586
|
launch have complete access to required resources and having one app
|
359
587
|
launch have limited access based on the preferences of the tester.
|
360
|
-
- id:
|
588
|
+
- id: AUT-PAT-11
|
361
589
|
SUT: |
|
362
|
-
[Both] The health IT developer demonstrates the ability of the
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
TLV: |
|
590
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
591
|
+
IT Module to evaluate the authorization request and request end-user
|
592
|
+
input, if applicable (required for patient-facing applications),
|
593
|
+
including either the ability for the end-user to explicitly enable /
|
594
|
+
disable the “offline_access” scope or information communicating the
|
595
|
+
application’s request for the “offline_access” scope.
|
596
|
+
TLV: |
|
370
597
|
[Both] The tester verifies the ability of the Health IT Module to
|
371
598
|
evaluate the authorization request and request end-user input, if
|
372
599
|
applicable (required for patient-facing applications), including
|
373
|
-
either the ability for the end-user to explicitly enable / disable
|
374
|
-
|
375
|
-
|
600
|
+
either the ability for the end-user to explicitly enable / disable the
|
601
|
+
“offline_access” scope or information communicating the application’s
|
602
|
+
request for the “offline_access” scope.
|
376
603
|
inferno_supported: 'yes'
|
377
604
|
inferno_tests:
|
378
|
-
- 1.
|
379
|
-
- 1.
|
605
|
+
- 1.3.02
|
606
|
+
- 1.3.05
|
607
|
+
- 1.4.02
|
608
|
+
- 1.4.05
|
380
609
|
- 2.1.02
|
381
610
|
- 2.1.05
|
382
|
-
-
|
383
|
-
- 2.2.
|
611
|
+
- 2.2.02
|
612
|
+
- 2.2.05
|
613
|
+
- 1.7.01 - 1.7.16
|
614
|
+
- 2.3.01 - 2.3.15
|
384
615
|
inferno_notes: |
|
385
616
|
Inferno verifies that end-user input is requested by requiring one app
|
386
617
|
launch have complete access to required resources and having one app
|
@@ -388,26 +619,31 @@ procedure:
|
|
388
619
|
Inferno requests full resource and 'offline_access' access, and the tester
|
389
620
|
is expected to select the correct subset of resources and deny 'offline_access'
|
390
621
|
based on previously selected preferences.
|
391
|
-
- id:
|
622
|
+
- id: AUT-PAT-12
|
392
623
|
SUT: |
|
393
624
|
[Both] The health IT developer demonstrates the ability of the Health
|
394
625
|
IT Module to deny an application’s authorization request according to
|
395
|
-
a patient’s preferences selected in
|
396
|
-
accordance with the implementation specification
|
397
|
-
170.215(a)(3).
|
626
|
+
a patient’s preferences selected in AUT-PAT-10, and AUT-PAT-11, of
|
627
|
+
this section in accordance with the implementation specification
|
628
|
+
adopted in § 170.215(a)(3).
|
398
629
|
TLV: |
|
399
630
|
[Both] The tester verifies the ability of the Health IT Module to deny
|
400
631
|
an application’s authorization request according to a patient’s
|
401
|
-
preferences selected in
|
402
|
-
with the implementation specification adopted in §
|
632
|
+
preferences selected in AUT-PAT-10, and AUT-PAT-11, of this section in
|
633
|
+
accordance with the implementation specification adopted in §
|
634
|
+
170.215(a)(3).
|
403
635
|
inferno_supported: 'yes'
|
404
636
|
inferno_tests:
|
405
|
-
- 1.
|
406
|
-
- 1.
|
637
|
+
- 1.3.02
|
638
|
+
- 1.3.05
|
639
|
+
- 1.4.02
|
640
|
+
- 1.4.05
|
407
641
|
- 2.1.02
|
408
642
|
- 2.1.05
|
409
|
-
-
|
410
|
-
- 2.2.
|
643
|
+
- 2.2.02
|
644
|
+
- 2.2.05
|
645
|
+
- 1.7.01 - 1.7.16
|
646
|
+
- 2.3.01 - 2.3.15
|
411
647
|
inferno_notes: |
|
412
648
|
Inferno verifies that end-user input is requested by requiring one app
|
413
649
|
launch have complete access to required resources and having one app
|
@@ -415,139 +651,222 @@ procedure:
|
|
415
651
|
Inferno requests full resource and 'offline_access' access, and the tester
|
416
652
|
is expected to select the correct subset of resources and deny 'offline_access'
|
417
653
|
based on previously selected preferences.
|
418
|
-
- id:
|
654
|
+
- id: AUT-PAT-29
|
655
|
+
SUT: |
|
656
|
+
[EHR-Launch] The health IT developer demonstrates the ability of the
|
657
|
+
Health IT Module to establish a patient in context if an application
|
658
|
+
requests a clinical scope which is restricted to a single patient as
|
659
|
+
detailed in the implementation specification adopted in §
|
660
|
+
170.215(a)(3).
|
661
|
+
TLV: |
|
662
|
+
[EHR-Launch] The tester verifies the ability of the Health IT Module
|
663
|
+
to establish a patient in context if an application requests a
|
664
|
+
clinical scope which is restricted to a single patient as detailed in
|
665
|
+
the implementation specification adopted in § 170.215(a)(3).
|
666
|
+
inferno_supported: 'yes'
|
667
|
+
inferno_tests:
|
668
|
+
- 9.9.01 - 9.9.10
|
669
|
+
- id: AUT-PAT-13
|
419
670
|
SUT: |
|
420
671
|
[Both] The health IT developer demonstrates the ability of the Health
|
421
672
|
IT Module to return an error response if the "aud" parameter provided
|
422
|
-
by an application to the Health IT Module in
|
673
|
+
by an application to the Health IT Module in AUT-PAT-8, is not a valid
|
423
674
|
FHIR® resource server associated with the Health IT Module's
|
424
675
|
authorization server.
|
425
676
|
TLV: |
|
426
677
|
[Both] The tester verifies the ability of the Health IT Module to
|
427
678
|
return an error response if the "aud" parameter provided by an
|
428
|
-
application to the Health IT Module in
|
679
|
+
application to the Health IT Module in AUT-PAT-8, is not a valid FHIR®
|
429
680
|
resource server associated with the Health IT Module's authorization
|
430
681
|
server.
|
431
682
|
inferno_supported: 'yes'
|
432
683
|
inferno_tests:
|
433
|
-
-
|
434
|
-
- id:
|
684
|
+
- 9.4.01 - 9.4.03
|
685
|
+
- id: AUT-PAT-14
|
435
686
|
SUT: |
|
436
|
-
[Both] The health IT developer demonstrates the ability of the
|
437
|
-
|
438
|
-
|
439
|
-
|
440
|
-
|
687
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
688
|
+
IT Module to grant an application access to EHI by returning an
|
689
|
+
authorization code to the application according to the implementation
|
690
|
+
specification adopted in § 170.215(a)(3), including the following
|
691
|
+
parameters:
|
441
692
|
* “code”; and
|
442
693
|
* “state”.
|
443
694
|
TLV: |
|
444
|
-
[Both] The tester verifies the ability of the
|
445
|
-
|
446
|
-
|
447
|
-
|
448
|
-
including the following parameters:
|
695
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
696
|
+
grant an application access to EHI by returning an authorization code
|
697
|
+
to the application according to the implementation specification
|
698
|
+
adopted in § 170.215(a)(3), including the following parameters:
|
449
699
|
* “code”; and
|
450
700
|
* “state”.
|
451
701
|
inferno_supported: 'yes'
|
452
|
-
inferno_tests:
|
453
|
-
- 1.
|
454
|
-
-
|
455
|
-
|
702
|
+
inferno_tests:
|
703
|
+
- 1.3.03
|
704
|
+
- 1.4.03
|
705
|
+
- 3.3.05
|
706
|
+
- 3.4.05
|
707
|
+
- id: AUT-PAT-15
|
456
708
|
SUT: |
|
457
|
-
[Both] The health IT developer demonstrates the ability of the
|
458
|
-
|
459
|
-
|
460
|
-
|
709
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
710
|
+
IT Module to receive the following parameters from an application
|
711
|
+
according to the implementation specification adopted in §
|
712
|
+
170.215(a)(3):
|
461
713
|
* “grant_type”;
|
462
714
|
* “code”;
|
463
715
|
* “redirect_uri”;
|
464
716
|
* “client_id”; and
|
465
|
-
* Authorization header including “client_id” and
|
717
|
+
* Authorization header including “client_id” and “client_secret”.
|
466
718
|
TLV: |
|
467
|
-
[Both] The tester verifies the ability of the
|
468
|
-
|
469
|
-
|
470
|
-
in § 170.215(a)(3):
|
719
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
720
|
+
receive the following parameters from an application according to the
|
721
|
+
implementation specification adopted in § 170.215(a)(3):
|
471
722
|
* “grant_type”;
|
472
723
|
* “code”;
|
473
724
|
* “redirect_uri”;
|
474
725
|
* “client_id”; and
|
475
|
-
* Authorization header including “client_id” and
|
726
|
+
* Authorization header including “client_id” and “client_secret”.
|
476
727
|
inferno_supported: 'yes'
|
477
728
|
inferno_tests:
|
478
|
-
- 1.
|
479
|
-
- 3.
|
729
|
+
- 1.3.05
|
730
|
+
- 3.3.07
|
480
731
|
inferno_notes: |
|
481
732
|
"client_secret" is only provided in the case of confidential clients.
|
482
|
-
- id:
|
733
|
+
- id: AUT-PAT-30
|
483
734
|
SUT: |
|
484
|
-
[Both] The health IT developer demonstrates the ability of the
|
485
|
-
|
486
|
-
to the implementation specification
|
487
|
-
|
735
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
736
|
+
IT Module to receive the following access token request parameters
|
737
|
+
from an application according to the implementation specification
|
738
|
+
adopted in § 170.215(a)(3):
|
739
|
+
* “grant_type”;
|
740
|
+
* “code”;
|
741
|
+
* “redirect_uri”;
|
742
|
+
* “code_verifier”;
|
743
|
+
* “client_id”; and
|
744
|
+
* Authorization header including “client_id” and “client_secret”.
|
745
|
+
TLV: |
|
746
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
747
|
+
receive the following access token request parameters from an
|
748
|
+
application according to the implementation specification adopted in §
|
749
|
+
170.215(a)(3):
|
750
|
+
* “grant_type”;
|
751
|
+
* “code”;
|
752
|
+
* “redirect_uri”;
|
753
|
+
* “code_verifier”;
|
754
|
+
* “client_id”; and
|
755
|
+
* Authorization header including “client_id” and “client_secret”.
|
756
|
+
inferno_supported: 'yes'
|
757
|
+
inferno_tests:
|
758
|
+
- 1.3.05
|
759
|
+
- 3.3.07
|
760
|
+
- id: AUT-PAT-31
|
761
|
+
SUT: |
|
762
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
763
|
+
IT Module to return an error response if an invalid “code_verifier”
|
764
|
+
value is supplied with an access token request according to the
|
765
|
+
implementation specification adopted in § 170.215(a)(3).
|
766
|
+
TLV: |
|
767
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
768
|
+
return an error response if an invalid “code_verifier” value is
|
769
|
+
supplied with an access token request according to the implementation
|
770
|
+
specification adopted in § 170.215(a)(3).
|
771
|
+
inferno_supported: 'yes'
|
772
|
+
inferno_tests:
|
773
|
+
- 1.4.05
|
774
|
+
- 3.4.07
|
775
|
+
- id: AUT-PAT-16
|
776
|
+
SUT: |
|
777
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
778
|
+
IT Module to return a JSON object to applications according to the
|
779
|
+
implementation specification adopted in § 170.215(a)(3) and standard
|
780
|
+
adopted in § 170.215(b), including the following:
|
488
781
|
* “access_token”;
|
489
782
|
* “token_type”;
|
490
783
|
* “scope”;
|
491
784
|
* “id_token”;
|
492
|
-
* “refresh_token” (valid for a period of no shorter than three
|
493
|
-
|
494
|
-
* HTTP “
|
495
|
-
|
496
|
-
* “
|
497
|
-
* “
|
785
|
+
* “refresh_token” (valid for a period of no shorter than three
|
786
|
+
months);
|
787
|
+
* HTTP “Cache-Control” response header field with a value of
|
788
|
+
“no-store”;
|
789
|
+
* HTTP “Pragma” response header field with a value of “no-cache”;
|
790
|
+
* “patient” (to support “context-ehr-patient” and
|
791
|
+
“context-standalone-patient” “SMART on FHIR® Core Capabilities”);
|
792
|
+
* “need_patient_banner” (to support “context-banner” “SMART on FHIR®
|
793
|
+
Core Capability” for EHR-Launch mode only); and
|
794
|
+
* “smart_style_url” (to support “context-style” “SMART on FHIR® Core
|
795
|
+
Capability” for EHR-Launch mode only).
|
796
|
+
|
797
|
+
Additionally, the following must be supported if using US Core 5.0.1:
|
798
|
+
* “encounter” (to support"context-ehr-encounter" “SMART on FHIR®
|
799
|
+
Capability”)
|
498
800
|
TLV: |
|
499
|
-
[Both] The tester verifies the ability of the
|
500
|
-
|
501
|
-
|
502
|
-
|
801
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
802
|
+
return a JSON object to applications according to the implementation
|
803
|
+
specification adopted in § 170.215(a)(3) and standard adopted in §
|
804
|
+
170.215(b), including the following:
|
503
805
|
* “access_token”;
|
504
806
|
* “token_type”;
|
505
807
|
* “scope”;
|
506
808
|
* “id_token”;
|
507
|
-
* “refresh_token” (valid for a period of no shorter than three
|
508
|
-
|
509
|
-
* HTTP “
|
510
|
-
|
511
|
-
* “
|
512
|
-
* “
|
809
|
+
* “refresh_token” (valid for a period of no shorter than three
|
810
|
+
months);
|
811
|
+
* HTTP “Cache-Control” response header field with a value of
|
812
|
+
“no-store”;
|
813
|
+
* HTTP “Pragma” response header field with a value of “no-cache”;
|
814
|
+
* “patient” (to support “context-ehr-patient” and
|
815
|
+
“context-standalone-patient” “SMART on FHIR® Core Capabilities”);
|
816
|
+
* “need_patient_banner” (to support “context-banner” “SMART on FHIR®
|
817
|
+
Core Capability” for EHR-Launch mode only); and
|
818
|
+
* “smart_style_url” (to support “context-style” “SMART on FHIR® Core
|
819
|
+
Capability” for EHR-Launch mode only).
|
820
|
+
|
821
|
+
Additionally, the following must be supported if using US Core 5.0.1:
|
822
|
+
* “encounter” (to support"context-ehr-encounter" “SMART on FHIR®
|
823
|
+
Capability”)
|
513
824
|
inferno_supported: 'yes'
|
514
|
-
inferno_tests:
|
515
|
-
- 1.
|
516
|
-
-
|
517
|
-
|
825
|
+
inferno_tests:
|
826
|
+
- 1.3.06 - 1.3.07
|
827
|
+
- 1.4.06 - 1.4.07
|
828
|
+
- 3.3.08 - 3.3.09
|
829
|
+
- 3.3.13
|
830
|
+
- 3.4.08 - 3.4.09
|
831
|
+
- 3.4.13
|
832
|
+
- 9.8.08 - 9.8.09
|
833
|
+
- 9.9.08 - 9.9.09
|
834
|
+
- id: AUT-PAT-17
|
518
835
|
SUT: |
|
519
|
-
[Both] The health IT developer demonstrates the ability of the
|
520
|
-
|
521
|
-
|
522
|
-
|
523
|
-
* All required fields populated according to implementation
|
524
|
-
|
836
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
837
|
+
IT Module to provide an OpenID Connect well-known URI in accordance
|
838
|
+
with the implementation specification adopted in § 170.215(b),
|
839
|
+
including:
|
840
|
+
* All required fields populated according to implementation
|
841
|
+
specification adopted in § 170.215(b); and
|
842
|
+
* Valid JWKS populated according to implementation specification can
|
843
|
+
be retrieved via JWKS URI.
|
525
844
|
TLV: |
|
526
|
-
[Both] The tester
|
845
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
527
846
|
provide an OpenID Connect well-known URI in accordance with the
|
528
847
|
implementation specification adopted in § 170.215(b), including:
|
529
|
-
* All required fields populated according to implementation
|
530
|
-
|
848
|
+
* All required fields populated according to implementation
|
849
|
+
specification adopted in § 170.215(b); and
|
850
|
+
* Valid JWKS populated according to implementation specification can
|
851
|
+
be retrieved via JWKS URI.
|
531
852
|
inferno_supported: 'yes'
|
532
853
|
inferno_tests:
|
533
|
-
- 1.
|
534
|
-
- 3.
|
854
|
+
- 1.5.01 - 1.5.07
|
855
|
+
- 3.5.01 - 3.5.07
|
535
856
|
inferno_notes: |
|
536
857
|
Inferno decodes the id_token provided during authentication and
|
537
858
|
verifies that it contains the correct claims, has a valid signature,
|
538
859
|
and the fhirUser claim contains a reference to the current user that
|
539
860
|
can be retreived using the bearer token provided during the application launch.
|
540
|
-
- id:
|
861
|
+
- id: AUT-PAT-18
|
541
862
|
SUT: |
|
542
|
-
[Both] The health IT developer demonstrates the ability of the
|
543
|
-
|
544
|
-
|
545
|
-
170.215(a)(3).
|
863
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
864
|
+
IT Module to deny an application’s authorization request in accordance
|
865
|
+
with the implementation specification adopted in § 170.215(a)(3).
|
546
866
|
TLV: |
|
547
|
-
[Both] The tester
|
548
|
-
|
549
|
-
|
550
|
-
170.215(a)(3).
|
867
|
+
[Both] The tester verifies the ability of the Health IT Module to deny
|
868
|
+
an application’s authorization request in accordance with the
|
869
|
+
implementation specification adopted in § 170.215(a)(3).
|
551
870
|
inferno_supported: 'yes'
|
552
871
|
inferno_notes: |
|
553
872
|
Inferno verifies that the user has the ability to explicitly authorize
|
@@ -556,98 +875,118 @@ procedure:
|
|
556
875
|
are denied.
|
557
876
|
inferno_tests:
|
558
877
|
- 2.1.02 - 2.1.09
|
559
|
-
- 2.2.
|
560
|
-
-
|
561
|
-
|
878
|
+
- 2.2.02 - 2.2.09
|
879
|
+
- 2.3.01 - 2.3.15
|
880
|
+
- 9.5.01 - 9.5.04
|
881
|
+
- 9.6.01 - 9.6.04
|
882
|
+
- id: AUT-PAT-19
|
562
883
|
SUT: |
|
563
|
-
[
|
564
|
-
Module to return a “Patient” FHIR resource that matches the
|
565
|
-
patient context provided in step 9 of this section according
|
566
|
-
implementation specification adopted in § 170.215(a)(2).
|
884
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
885
|
+
IT Module to return a “Patient” FHIR® resource that matches the
|
886
|
+
patient context provided in step AUT-PAT-9 of this section according
|
887
|
+
to the implementation specification adopted in § 170.215(a)(2).
|
567
888
|
TLV: |
|
568
|
-
[
|
569
|
-
|
570
|
-
|
889
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
890
|
+
return a “Patient” FHIR® resource that matches the patient context
|
891
|
+
provided in step AUT-PAT-9 of this section according to the
|
571
892
|
implementation specification adopted in § 170.215(a)(2).
|
572
893
|
inferno_supported: 'yes'
|
573
894
|
inferno_tests:
|
574
|
-
- 1.
|
575
|
-
-
|
576
|
-
|
895
|
+
- 1.3.10
|
896
|
+
- 1.4.10
|
897
|
+
- 3.3.12
|
898
|
+
- 3.4.12
|
899
|
+
- 9.8.10
|
900
|
+
- 9.9.10
|
901
|
+
- id: AUT-PAT-32
|
577
902
|
SUT: |
|
578
|
-
[
|
579
|
-
|
580
|
-
|
581
|
-
|
903
|
+
[EHR-Launch] The following must be supported if using US Core 5.0.1:
|
904
|
+
The health IT developer demonstrates the ability of the Health IT
|
905
|
+
Module to return an “Encounter” FHIR® resource that matches the
|
906
|
+
encounter context provided in step AUT-PAT-9 of this section according
|
907
|
+
to the implementation specification adopted in § 170.215(a)(2).
|
582
908
|
TLV: |
|
583
|
-
[
|
584
|
-
|
585
|
-
|
586
|
-
|
909
|
+
[EHR-Launch] The following must be supported if using US Core 5.0.1:
|
910
|
+
The tester verifies the ability of the Health IT Module to return an
|
911
|
+
“Encounter” FHIR® resource that matches the encounter context provided
|
912
|
+
in step AUT-PAT-9 of this section according to the implementation
|
913
|
+
specification adopted in § 170.215(a)(2).
|
587
914
|
inferno_supported: 'yes'
|
588
915
|
inferno_tests:
|
589
|
-
-
|
590
|
-
- 3.4.
|
591
|
-
- id:
|
916
|
+
- 3.3.13
|
917
|
+
- 3.4.13
|
918
|
+
- id: AUT-PAT-20
|
592
919
|
SUT: |
|
593
|
-
[Both] The health IT developer demonstrates the ability of the
|
594
|
-
|
595
|
-
|
596
|
-
|
920
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
921
|
+
IT Module to grant an access token when a refresh token is supplied
|
922
|
+
according to the implementation specification adopted in §
|
923
|
+
170.215(a)(2).
|
597
924
|
TLV: |
|
598
925
|
[Both] The tester verifies the ability of the Health IT Module to
|
599
|
-
grant
|
600
|
-
|
926
|
+
grant an access token when a refresh token is supplied according to
|
927
|
+
the implementation specification adopted in § 170.215(a)(2).
|
601
928
|
inferno_supported: 'yes'
|
602
929
|
inferno_tests:
|
603
|
-
- 6.
|
930
|
+
- 1.6.03 - 1.6.05
|
931
|
+
- 3.6.05 - 3.6.05
|
932
|
+
- id: AUT-PAT-21
|
933
|
+
SUT: |
|
934
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
935
|
+
IT Module to grant a refresh token valid for a period of no less than
|
936
|
+
three months to native applications capable of securing a refresh
|
937
|
+
token.
|
938
|
+
TLV: |
|
939
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
940
|
+
grant a refresh token valid for a period of no less than three months
|
941
|
+
to native applications capable of securing a refresh token.
|
942
|
+
inferno_supported: 'yes'
|
943
|
+
inferno_tests:
|
944
|
+
- 9.10.13
|
604
945
|
- group: 'Subsequent Connections: Authentication and Authorization for Patient and User Scopes'
|
605
|
-
id:
|
606
|
-
SUT: |
|
946
|
+
id: AUT-PAT-22
|
947
|
+
SUT: |
|
607
948
|
The health IT developer demonstrates the ability of the Health IT
|
608
|
-
Module to issue a
|
609
|
-
|
610
|
-
|
611
|
-
application according to the implementation specification adopted
|
612
|
-
|
613
|
-
TLV: |
|
614
|
-
The tester verifies the ability of the Health IT
|
615
|
-
|
616
|
-
|
617
|
-
|
618
|
-
|
619
|
-
|
620
|
-
|
621
|
-
|
622
|
-
- 6.5.05
|
949
|
+
Module to issue a refresh token valid for a new period of no shorter
|
950
|
+
than three months without requiring re-authentication and
|
951
|
+
re-authorization when a valid refresh token is supplied by the
|
952
|
+
application according to the implementation specification adopted in §
|
953
|
+
170.215(a)(3).
|
954
|
+
TLV: |
|
955
|
+
The tester verifies the ability of the Health IT Module to issue a
|
956
|
+
refresh token valid for a new period of no shorter than three months
|
957
|
+
without requiring re-authentication and re-authorization when a valid
|
958
|
+
refresh token is supplied by the application according to the
|
959
|
+
implementation specification adopted in § 170.215(a)(3).
|
960
|
+
inferno_supported: 'yes'
|
961
|
+
inferno_tests:
|
962
|
+
- 9.10.05
|
623
963
|
inferno_notes: |
|
624
964
|
Inferno cannot verify the three month token expiration requirement
|
625
965
|
automatically during the token refresh tests, but the tester can
|
626
966
|
register an attestation that this requirement is met.
|
627
|
-
- id:
|
967
|
+
- id: AUT-PAT-23
|
628
968
|
SUT: |
|
629
969
|
The health IT developer demonstrates the ability of the Health IT
|
630
|
-
Module to return an error response when supplied an invalid
|
631
|
-
|
632
|
-
|
970
|
+
Module to return an error response when supplied an invalid refresh
|
971
|
+
token as specified in the implementation specification adopted in §
|
972
|
+
170.215(a)(3).
|
633
973
|
TLV: |
|
634
|
-
The tester verifies the ability of the Health IT
|
635
|
-
|
636
|
-
|
637
|
-
adopted in § 170.215(a)(3).
|
974
|
+
The tester verifies the ability of the Health IT Module to return an
|
975
|
+
error response when supplied an invalid refresh token as specified in
|
976
|
+
the implementation specification adopted in § 170.215(a)(3).
|
638
977
|
inferno_supported: 'yes'
|
639
978
|
inferno_tests:
|
640
|
-
- 1.
|
641
|
-
- 3.
|
979
|
+
- 1.6.06
|
980
|
+
- 3.6.06
|
642
981
|
- section: Paragraph (g)(10)(vi) – Patient authorization revocation
|
643
982
|
steps:
|
644
983
|
- group: Patient Authorization Revocation
|
645
|
-
id:
|
984
|
+
id: PAR-1
|
646
985
|
SUT: |
|
647
|
-
The health IT developer demonstrates the ability of the Health IT
|
648
|
-
access to an authorized application at a patient’s
|
649
|
-
including a demonstration of the inability of the
|
650
|
-
revoked access to receive patient EHI.
|
986
|
+
The health IT developer demonstrates the ability of the Health IT
|
987
|
+
Module to revoke access to an authorized application at a patient’s
|
988
|
+
direction, including a demonstration of the inability of the
|
989
|
+
application with revoked access to receive patient EHI.
|
651
990
|
TLV: |
|
652
991
|
The tester verifies the ability of the Health IT Module to revoke
|
653
992
|
access to an authorized application at a patient’s direction,
|
@@ -655,25 +994,25 @@ procedure:
|
|
655
994
|
revoked access to receive patient EHI.
|
656
995
|
inferno_supported: 'yes'
|
657
996
|
inferno_tests:
|
658
|
-
-
|
659
|
-
- section: Authentication and authorization for system scopes
|
997
|
+
- 9.3.01 - 9.3.03
|
998
|
+
- section: Paragraph (g)(10)(v)(B) Authentication and authorization for system scopes
|
660
999
|
steps:
|
661
1000
|
- group: Authentication and Authorization for System Scopes
|
662
|
-
id:
|
1001
|
+
id: AUT-SYS-1
|
663
1002
|
SUT: |
|
664
1003
|
The health IT developer demonstrates the ability of the Health IT
|
665
1004
|
Module to support OAuth 2.0 client credentials grant flow in
|
666
1005
|
accordance with the implementation specification adopted in §
|
667
1006
|
170.215(a)(4).
|
668
1007
|
TLV: |
|
669
|
-
The tester
|
670
|
-
|
671
|
-
|
672
|
-
170.215(a)(4).
|
1008
|
+
The tester verifies the ability of the Health IT Module to support
|
1009
|
+
OAuth 2.0 client credentials grant flow in accordance with the
|
1010
|
+
implementation specification adopted in § 170.215(a)(4).
|
673
1011
|
inferno_supported: 'yes'
|
674
1012
|
inferno_tests:
|
675
|
-
-
|
676
|
-
|
1013
|
+
- 7.1.02 - 7.1.06
|
1014
|
+
- 8.1.02 - 8.1.06
|
1015
|
+
- id: AUT-SYS-2
|
677
1016
|
SUT: |
|
678
1017
|
The health IT developer demonstrates the ability of the Health IT
|
679
1018
|
Module to support the following parameters according to the
|
@@ -681,24 +1020,25 @@ procedure:
|
|
681
1020
|
* “scope”;
|
682
1021
|
* “grant_type”;
|
683
1022
|
* “client_assertion_type”; and
|
684
|
-
* “client_assertion
|
1023
|
+
* “client_assertion”.
|
685
1024
|
TLV: |
|
686
|
-
The tester verifies the ability of the Health IT
|
687
|
-
|
688
|
-
|
1025
|
+
The tester verifies the ability of the Health IT Module to support the
|
1026
|
+
following parameters according to the implementation specification
|
1027
|
+
adopted in § 170.215(a)(4):
|
689
1028
|
* “scope”;
|
690
1029
|
* “grant_type”;
|
691
1030
|
* “client_assertion_type”; and
|
692
|
-
* “client_assertion
|
1031
|
+
* “client_assertion”.
|
693
1032
|
inferno_supported: 'yes'
|
694
1033
|
inferno_tests:
|
695
|
-
-
|
696
|
-
|
1034
|
+
- 7.1.05
|
1035
|
+
- 8.1.05
|
1036
|
+
- id: AUT-SYS-3
|
697
1037
|
SUT: |
|
698
|
-
The
|
699
|
-
Module to support the following JSON Web Token (JWT) Headers
|
700
|
-
|
701
|
-
|
1038
|
+
The health IT developer demonstrates the ability of the Health IT
|
1039
|
+
Module to support the following JSON Web Token (JWT) Headers and
|
1040
|
+
Claims according to the implementation specification adopted in §
|
1041
|
+
170.215(a)(4):
|
702
1042
|
* “alg” header;
|
703
1043
|
* “kid” header;
|
704
1044
|
* “typ” header;
|
@@ -708,10 +1048,9 @@ procedure:
|
|
708
1048
|
* “exp” claim; and
|
709
1049
|
* “jti” claim.
|
710
1050
|
TLV: |
|
711
|
-
The tester verifies the ability of the Health IT
|
712
|
-
|
713
|
-
|
714
|
-
in § 170.215(a)(4):
|
1051
|
+
The tester verifies the ability of the Health IT Module to support the
|
1052
|
+
following JSON Web Token (JWT) Headers and Claims according to the
|
1053
|
+
implementation specification adopted in § 170.215(a)(4):
|
715
1054
|
* “alg” header;
|
716
1055
|
* “kid” header;
|
717
1056
|
* “typ” header;
|
@@ -722,79 +1061,78 @@ procedure:
|
|
722
1061
|
* “jti” claim.
|
723
1062
|
inferno_supported: 'yes'
|
724
1063
|
inferno_tests:
|
725
|
-
-
|
726
|
-
|
1064
|
+
- 7.1.05
|
1065
|
+
- 8.1.05
|
1066
|
+
- id: AUT-SYS-4
|
727
1067
|
SUT: |
|
728
|
-
The
|
1068
|
+
The health IT developer demonstrates the ability of the Health IT
|
729
1069
|
Module to receive and process the JSON Web Key (JWK) Set via a
|
730
1070
|
TLS-protected URL to support authorization for system scopes in §
|
731
1071
|
170.315(g)(10)(v)(B).
|
732
1072
|
TLV: |
|
733
|
-
The tester verifies the ability of the Health IT
|
734
|
-
|
735
|
-
|
736
|
-
170.315(g)(10)(v)(B).
|
1073
|
+
The tester verifies the ability of the Health IT Module to receive and
|
1074
|
+
process the JWK structure via a TLS-protected URL to support
|
1075
|
+
authorization for system scopes in § 170.315(g)(10)(v)(B).
|
737
1076
|
inferno_supported: 'yes'
|
738
1077
|
inferno_tests:
|
739
|
-
-
|
740
|
-
|
1078
|
+
- 7.1.05
|
1079
|
+
- 8.1.05
|
1080
|
+
- id: AUT-SYS-5
|
741
1081
|
SUT: |
|
742
|
-
The health IT developer demonstrates that the Health IT Module
|
743
|
-
|
744
|
-
|
745
|
-
indicates.
|
1082
|
+
The health IT developer demonstrates that the Health IT Module does
|
1083
|
+
not cache a JWK Set received via a TLS-protected URL for longer than
|
1084
|
+
the “cache-control” header sent by an application indicates.
|
746
1085
|
TLV: |
|
747
|
-
The tester verifies the Health IT Module
|
748
|
-
|
749
|
-
|
750
|
-
indicates.
|
1086
|
+
The tester verifies that the Health IT Module does not cache a JWK Set
|
1087
|
+
received via a TLS-protected URL for longer than the “cache-control”
|
1088
|
+
header sent by an application indicates.
|
751
1089
|
inferno_supported: 'yes'
|
752
1090
|
inferno_notes: |
|
753
1091
|
This test requires the tester to register an attestation from the
|
754
1092
|
Health IT Module that the "cache-control" header is obeyed.
|
755
1093
|
inferno_tests:
|
756
|
-
-
|
757
|
-
- id:
|
1094
|
+
- 9.10.10
|
1095
|
+
- id: AUT-SYS-6
|
758
1096
|
SUT: |
|
759
1097
|
The health IT developer demonstrates the ability of the Health IT
|
760
1098
|
Module to validate an application’s JWT, including its JSON Web
|
761
|
-
Signatures, according to the implementation specification adopted
|
762
|
-
|
1099
|
+
Signatures, according to the implementation specification adopted in §
|
1100
|
+
170.215(a)(4).
|
763
1101
|
TLV: |
|
764
|
-
The tester verifies the ability of the Health IT
|
765
|
-
|
766
|
-
|
767
|
-
in § 170.215(a)(4).
|
1102
|
+
The tester verifies the ability of the Health IT Module to validate an
|
1103
|
+
application’s JWT, including its JSON Web Signatures, according to the
|
1104
|
+
implementation specification adopted in § 170.215(a)(4).
|
768
1105
|
inferno_supported: 'yes'
|
769
1106
|
inferno_tests:
|
770
|
-
-
|
771
|
-
|
1107
|
+
- 7.1.05
|
1108
|
+
- 8.1.05
|
1109
|
+
- id: AUT-SYS-7
|
772
1110
|
SUT: |
|
773
1111
|
The health IT developer demonstrates the ability of the Health IT
|
774
1112
|
Module to respond with an “invalid_client” error for errors
|
775
1113
|
encountered during the authentication process according to the
|
776
1114
|
implementation specification adopted in § 170.215(a)(4).
|
777
1115
|
TLV: |
|
778
|
-
The tester verifies the ability of the Health IT
|
779
|
-
|
780
|
-
|
781
|
-
|
1116
|
+
The tester verifies the ability of the Health IT Module to respond
|
1117
|
+
with an “invalid_client” error for errors encountered during the
|
1118
|
+
authentication process according to the implementation specification
|
1119
|
+
adopted in § 170.215(a)(4).
|
782
1120
|
inferno_supported: 'yes'
|
783
1121
|
inferno_tests:
|
784
|
-
-
|
785
|
-
|
1122
|
+
- 7.1.02 - 7.1.04
|
1123
|
+
- 8.1.02 - 8.1.04
|
1124
|
+
- id: AUT-SYS-8
|
786
1125
|
SUT: |
|
787
1126
|
The health IT developer demonstrates the ability of the Health IT
|
788
|
-
Module to assure the scope requested by an
|
789
|
-
greater than the pre-authorized scope for multiple
|
790
|
-
according to the implementation specification adopted in §
|
1127
|
+
Module to assure the scope granted based on the scope requested by an
|
1128
|
+
application is no greater than the pre-authorized scope for multiple
|
1129
|
+
patients according to the implementation specification adopted in §
|
791
1130
|
170.215(a)(4).
|
792
1131
|
TLV: |
|
793
|
-
The tester verifies the ability of the Health IT
|
794
|
-
|
795
|
-
greater than the pre-authorized scope for multiple patients
|
796
|
-
|
797
|
-
170.215(a)(4).
|
1132
|
+
The tester verifies the ability of the Health IT Module to assure the
|
1133
|
+
scope granted based on the scope requested by an application is no
|
1134
|
+
greater than the pre-authorized scope for multiple patients according
|
1135
|
+
to the implementation specification adopted in § 170.215(a)(4).
|
798
1136
|
inferno_supported: 'yes'
|
799
1137
|
inferno_notes: |
|
800
1138
|
There is no requirement for support of a subset of the resources
|
@@ -802,65 +1140,67 @@ procedure:
|
|
802
1140
|
more than what was pre-authorized. The Health IT module must
|
803
1141
|
demonstrate this and register its attestation within Inferno.
|
804
1142
|
inferno_tests:
|
805
|
-
-
|
806
|
-
- id:
|
1143
|
+
- 9.10.08
|
1144
|
+
- id: AUT-SYS-9
|
807
1145
|
SUT: |
|
808
1146
|
The health IT developer demonstrates the ability of the Health IT
|
809
|
-
Module to issue an access token to an application as a JSON object
|
810
|
-
|
1147
|
+
Module to issue an access token to an application as a JSON object in
|
1148
|
+
accordance with the implementation specification adopted in §
|
811
1149
|
170.215(a)(4), including the following property names:
|
812
1150
|
* “access_token”;
|
813
1151
|
* “token_type”;
|
814
1152
|
* “expires_in”; and
|
815
|
-
* “scope
|
1153
|
+
* “scope”.
|
816
1154
|
TLV: |
|
817
|
-
The tester verifies the ability of the Health IT
|
818
|
-
|
819
|
-
|
820
|
-
|
1155
|
+
The tester verifies the ability of the Health IT Module to issue an
|
1156
|
+
access token to an application as a JSON object in accordance with the
|
1157
|
+
implementation specification adopted in § 170.215(a)(4), including the
|
1158
|
+
following property names:
|
821
1159
|
* “access_token”;
|
822
1160
|
* “token_type”;
|
823
1161
|
* “expires_in”; and
|
824
|
-
* “scope
|
1162
|
+
* “scope”.
|
825
1163
|
inferno_supported: 'yes'
|
826
1164
|
inferno_tests:
|
827
|
-
-
|
828
|
-
|
1165
|
+
- 7.1.06
|
1166
|
+
- 8.1.06
|
1167
|
+
- id: AUT-SYS-10
|
829
1168
|
SUT: |
|
830
1169
|
The health IT developer demonstrates the ability of the Health IT
|
831
|
-
Module to respond to errors using the appropriate error messages
|
832
|
-
|
1170
|
+
Module to respond to errors using the appropriate error messages as
|
1171
|
+
specified in the implementation specification adopted in §
|
833
1172
|
170.215(a)(4).
|
834
1173
|
TLV: |
|
835
|
-
The tester verifies the ability of the Health IT
|
836
|
-
|
837
|
-
|
838
|
-
170.215(a)(4).
|
1174
|
+
The tester verifies the ability of the Health IT Module to respond to
|
1175
|
+
errors using the appropriate error messages as specified in the
|
1176
|
+
implementation specification adopted in § 170.215(a)(4).
|
839
1177
|
inferno_supported: 'yes'
|
840
1178
|
inferno_tests:
|
841
|
-
-
|
842
|
-
-
|
1179
|
+
- 7.1.02 - 7.1.04
|
1180
|
+
- 8.1.02 - 8.1.04
|
1181
|
+
- 7.2.03
|
1182
|
+
- 8.2.03
|
843
1183
|
- section: Paragraph (g)(10)(vii) – Token introspection
|
844
1184
|
steps:
|
845
1185
|
- group: Token Introspection
|
846
|
-
id:
|
1186
|
+
id: TOK-INTRO-1
|
847
1187
|
SUT: |
|
848
1188
|
The health IT developer demonstrates the ability of the Health IT
|
849
1189
|
Module to receive and validate a token it has issued.
|
850
1190
|
TLV: |
|
851
|
-
The tester verifies the ability of the Health IT
|
852
|
-
|
1191
|
+
The tester verifies the ability of the Health IT Module to receive and
|
1192
|
+
validate a token it has issued.
|
853
1193
|
inferno_supported: 'yes'
|
854
1194
|
inferno_notes: |
|
855
1195
|
No standard is required and therefore Inferno cannot do this in
|
856
1196
|
an automated fashion and this is recorded as an attestation
|
857
1197
|
within Inferno.
|
858
1198
|
inferno_tests:
|
859
|
-
-
|
1199
|
+
- 9.10.06
|
860
1200
|
- section: Paragraph (g)(10)(ii) – Supported search operations
|
861
1201
|
steps:
|
862
1202
|
- group: Supported Search Operations for a Single Patient’s Data
|
863
|
-
id:
|
1203
|
+
id: SH-PAT-1
|
864
1204
|
SUT: |
|
865
1205
|
The health IT developer demonstrates the ability of the Health IT
|
866
1206
|
Module to support the “capabilities” interaction as specified in the
|
@@ -869,32 +1209,33 @@ procedure:
|
|
869
1209
|
170.215(a)(1) and implementation specification adopted in §
|
870
1210
|
170.215(a)(2).
|
871
1211
|
TLV: |
|
872
|
-
The tester
|
873
|
-
|
874
|
-
|
875
|
-
|
876
|
-
|
877
|
-
170.215(a)(2).
|
1212
|
+
The tester verifies the ability of the Health IT Module to support the
|
1213
|
+
“capabilities” interaction as specified in the standard adopted in §
|
1214
|
+
170.215(a)(1), including support for a “CapabilityStatement” as
|
1215
|
+
specified in the standard adopted in § 170.215(a)(1) and
|
1216
|
+
implementation specification adopted in § 170.215(a)(2).
|
878
1217
|
inferno_supported: 'yes'
|
879
1218
|
inferno_tests:
|
880
1219
|
- 4.1.02 - 4.1.05
|
881
|
-
|
1220
|
+
- 5.1.02 - 5.1.06
|
1221
|
+
- 6.1.02 - 6.1.06
|
1222
|
+
- id: SH-PAT-2
|
882
1223
|
SUT: |
|
883
1224
|
The health IT developer demonstrates the ability of the Health IT
|
884
|
-
Module to respond to requests for a single patient’s data
|
885
|
-
|
1225
|
+
Module to respond to requests for a single patient’s data consistent
|
1226
|
+
with the search criteria detailed in the “US Core Server
|
886
1227
|
CapabilityStatement” section of the implementation specification
|
887
|
-
adopted in § 170.215(a)(2), including demonstrating search
|
888
|
-
|
889
|
-
|
1228
|
+
adopted in § 170.215(a)(2), including demonstrating search support for
|
1229
|
+
“SHALL” operations and parameters for all the data included in the
|
1230
|
+
standard adopted in § 170.213.
|
890
1231
|
TLV: |
|
891
1232
|
The tester verifies the ability of the Health IT Module to respond to
|
892
1233
|
requests for a single patient’s data consistent with the search
|
893
|
-
criteria detailed in the “US Core Server CapabilityStatement”
|
894
|
-
|
895
|
-
|
896
|
-
|
897
|
-
|
1234
|
+
criteria detailed in the “US Core Server CapabilityStatement” section
|
1235
|
+
of the implementation specification adopted in § 170.215(a)(2),
|
1236
|
+
including demonstrating search support for “SHALL” operations and
|
1237
|
+
parameters for all the data included in the standard adopted in §
|
1238
|
+
170.213.
|
898
1239
|
inferno_supported: 'yes'
|
899
1240
|
inferno_tests:
|
900
1241
|
- 4.2.01
|
@@ -914,34 +1255,93 @@ procedure:
|
|
914
1255
|
- 4.16.01
|
915
1256
|
- 4.17.01
|
916
1257
|
- 4.18.01
|
1258
|
+
- 4.19.01
|
917
1259
|
- 4.20.01
|
918
1260
|
- 4.21.01
|
919
1261
|
- 4.22.01
|
920
1262
|
- 4.23.01
|
921
|
-
- 4.19.01
|
922
1263
|
- 4.24.01
|
923
1264
|
- 4.25.01
|
924
1265
|
- 4.26.01
|
925
|
-
-
|
926
|
-
-
|
927
|
-
- 4.
|
928
|
-
|
1266
|
+
- 5.2.01
|
1267
|
+
- 5.3.01
|
1268
|
+
- 5.4.01
|
1269
|
+
- 5.5.01
|
1270
|
+
- 5.6.01
|
1271
|
+
- 5.7.01
|
1272
|
+
- 5.8.01
|
1273
|
+
- 5.9.01
|
1274
|
+
- 5.10.01
|
1275
|
+
- 5.11.01
|
1276
|
+
- 5.12.01
|
1277
|
+
- 5.13.01
|
1278
|
+
- 5.14.01
|
1279
|
+
- 5.15.01
|
1280
|
+
- 5.16.01
|
1281
|
+
- 5.17.01
|
1282
|
+
- 5.18.01
|
1283
|
+
- 5.19.01
|
1284
|
+
- 5.20.01
|
1285
|
+
- 5.21.01
|
1286
|
+
- 5.22.01
|
1287
|
+
- 5.23.01
|
1288
|
+
- 5.24.01
|
1289
|
+
- 5.25.01
|
1290
|
+
- 5.26.01
|
1291
|
+
- 5.27.01
|
1292
|
+
- 5.28.01
|
1293
|
+
- 6.2.01
|
1294
|
+
- 6.3.01
|
1295
|
+
- 6.4.01
|
1296
|
+
- 6.5.01
|
1297
|
+
- 6.6.01
|
1298
|
+
- 6.7.01
|
1299
|
+
- 6.8.01
|
1300
|
+
- 6.9.01
|
1301
|
+
- 6.10.01
|
1302
|
+
- 6.11.01
|
1303
|
+
- 6.12.01
|
1304
|
+
- 6.13.01
|
1305
|
+
- 6.14.01
|
1306
|
+
- 6.15.01
|
1307
|
+
- 6.16.01
|
1308
|
+
- 6.17.01
|
1309
|
+
- 6.18.01
|
1310
|
+
- 6.19.01
|
1311
|
+
- 6.20.01
|
1312
|
+
- 6.21.01
|
1313
|
+
- 6.22.01
|
1314
|
+
- 6.23.01
|
1315
|
+
- 6.24.01
|
1316
|
+
- 6.25.01
|
1317
|
+
- 6.26.01
|
1318
|
+
- 6.27.01
|
1319
|
+
- 6.28.01
|
1320
|
+
- 6.29.01
|
1321
|
+
- 6.30.01
|
1322
|
+
- 6.31.01
|
1323
|
+
- 6.32.01
|
1324
|
+
- 6.33.01
|
1325
|
+
- 6.34.01
|
1326
|
+
- 6.35.01
|
1327
|
+
- 6.36.01
|
1328
|
+
- id: SH-PAT-3
|
929
1329
|
SUT: |
|
930
1330
|
The health IT developer demonstrates the ability of the Health IT
|
931
1331
|
Module to support a resource search for the provenance target
|
932
|
-
“(_revIncludes: Provenance:target)” for all the FHIR resources
|
1332
|
+
“(_revIncludes: Provenance:target)” for all the FHIR® resources
|
933
1333
|
included in the standard adopted in § 170.213 and implementation
|
934
1334
|
specification adopted in § 170.215(a)(2) according to the “Basic
|
935
1335
|
Provenance Guidance” section of the implementation specification
|
936
1336
|
adopted in § 170.215(a)(2).
|
937
1337
|
TLV: |
|
938
|
-
The tester verifies the ability of the Health IT
|
939
|
-
|
940
|
-
|
941
|
-
|
942
|
-
|
943
|
-
|
944
|
-
|
1338
|
+
The tester verifies the ability of the Health IT Module to support a
|
1339
|
+
resource search for the provenance target “(_revIncludes:
|
1340
|
+
Provenance:target)” for all the FHIR® resources included in the
|
1341
|
+
standard adopted in § 170.213 and implementation specification adopted
|
1342
|
+
in § 170.215(a)(2) according to the “Basic Provenance Guidance”
|
1343
|
+
section of the implementation specification adopted in §
|
1344
|
+
170.215(a)(2).
|
945
1345
|
inferno_supported: 'yes'
|
946
1346
|
inferno_tests:
|
947
1347
|
- 4.2.07
|
@@ -953,24 +1353,86 @@ procedure:
|
|
953
1353
|
- 4.8.06
|
954
1354
|
- 4.9.06
|
955
1355
|
- 4.10.07
|
956
|
-
- 4.11.
|
1356
|
+
- 4.11.03
|
957
1357
|
- 4.12.03
|
958
1358
|
- 4.13.04
|
959
1359
|
- 4.14.03
|
960
1360
|
- 4.15.05
|
961
|
-
- 4.16.
|
1361
|
+
- 4.16.05
|
962
1362
|
- 4.17.05
|
963
1363
|
- 4.18.05
|
1364
|
+
- 4.19.05
|
964
1365
|
- 4.20.05
|
965
1366
|
- 4.21.05
|
966
1367
|
- 4.22.05
|
967
1368
|
- 4.23.05
|
968
|
-
- 4.19.05
|
969
1369
|
- 4.24.05
|
970
1370
|
- 4.25.05
|
971
1371
|
- 4.26.04
|
1372
|
+
- 5.2.07
|
1373
|
+
- 5.3.03
|
1374
|
+
- 5.4.03
|
1375
|
+
- 5.5.03
|
1376
|
+
- 5.6.03
|
1377
|
+
- 5.7.03
|
1378
|
+
- 5.8.06
|
1379
|
+
- 5.9.06
|
1380
|
+
- 5.10.07
|
1381
|
+
- 5.11.03
|
1382
|
+
- 5.12.03
|
1383
|
+
- 5.13.04
|
1384
|
+
- 5.14.05
|
1385
|
+
- 5.15.05
|
1386
|
+
- 5.16.05
|
1387
|
+
- 5.17.05
|
1388
|
+
- 5.18.05
|
1389
|
+
- 5.19.05
|
1390
|
+
- 5.20.05
|
1391
|
+
- 5.21.05
|
1392
|
+
- 5.22.05
|
1393
|
+
- 5.23.05
|
1394
|
+
- 5.24.05
|
1395
|
+
- 5.25.05
|
1396
|
+
- 5.26.05
|
1397
|
+
- 5.27.05
|
1398
|
+
- 5.28.04
|
1399
|
+
- 6.2.07
|
1400
|
+
- 6.3.03
|
1401
|
+
- 6.4.03
|
1402
|
+
- 6.5.03
|
1403
|
+
- 6.6.03
|
1404
|
+
- 6.7.03
|
1405
|
+
- 6.8.03
|
1406
|
+
- 6.9.06
|
1407
|
+
- 6.10.06
|
1408
|
+
- 6.11.07
|
1409
|
+
- 6.12.05
|
1410
|
+
- 6.13.03
|
1411
|
+
- 6.14.03
|
1412
|
+
- 6.15.04
|
1413
|
+
- 6.16.05
|
1414
|
+
- 6.17.05
|
1415
|
+
- 6.18.05
|
1416
|
+
- 6.19.05
|
1417
|
+
- 6.20.05
|
1418
|
+
- 6.21.05
|
1419
|
+
- 6.22.05
|
1420
|
+
- 6.23.05
|
1421
|
+
- 6.24.05
|
1422
|
+
- 6.25.03
|
1423
|
+
- 6.26.05
|
1424
|
+
- 6.27.05
|
1425
|
+
- 6.28.05
|
1426
|
+
- 6.29.05
|
1427
|
+
- 6.30.05
|
1428
|
+
- 6.31.05
|
1429
|
+
- 6.32.05
|
1430
|
+
- 6.33.05
|
1431
|
+
- 6.34.05
|
1432
|
+
- 6.35.04
|
1433
|
+
- 6.36.07
|
972
1434
|
- group: Supported Search Operations for Multiple Patients’ Data
|
973
|
-
id:
|
1435
|
+
id: SH-PAT-4
|
974
1436
|
SUT: |
|
975
1437
|
The health IT developer demonstrates the ability of the Health IT
|
976
1438
|
Module to support the “capabilities” interaction as specified in the
|
@@ -979,37 +1441,45 @@ procedure:
|
|
979
1441
|
170.215(a)(1) and implementation specification adopted in §
|
980
1442
|
170.215(a)(4).
|
981
1443
|
TLV: |
|
982
|
-
The tester verifies the ability of the Health IT
|
983
|
-
|
984
|
-
|
985
|
-
|
986
|
-
|
987
|
-
170.215(a)(4).
|
1444
|
+
The tester verifies the ability of the Health IT Module to support the
|
1445
|
+
“capabilities” interaction as specified in the standard adopted in §
|
1446
|
+
170.215(a)(1), including support for a “CapabilityStatement” as
|
1447
|
+
specified in the standard adopted in § 170.215(a)(1) and
|
1448
|
+
implementation specification adopted in § 170.215(a)(4).
|
988
1449
|
inferno_supported: 'yes'
|
989
1450
|
inferno_tests:
|
990
|
-
-
|
991
|
-
|
1451
|
+
- 7.2.02
|
1452
|
+
- 8.2.02
|
1453
|
+
- id: SH-PAT-5
|
992
1454
|
SUT: |
|
993
1455
|
The health IT developer demonstrates the ability of the Health IT
|
994
1456
|
Module to support requests for multiple patients’ data as a group
|
995
|
-
using the “group-export” operation as detailed in the
|
996
|
-
|
1457
|
+
using the “group-export” operation as detailed in the implementation
|
1458
|
+
specification adopted in § 170.215(a)(4).
|
997
1459
|
TLV: |
|
998
1460
|
The tester verifies the ability of the Health IT Module to support
|
999
|
-
requests for multiple patients’ data as a group using the
|
1000
|
-
export” operation as detailed in the implementation
|
1001
|
-
adopted in § 170.215(a)(4).
|
1461
|
+
requests for multiple patients’ data as a group using the
|
1462
|
+
“group-export” operation as detailed in the implementation
|
1463
|
+
specification adopted in § 170.215(a)(4).
|
1002
1464
|
inferno_supported: 'yes'
|
1003
1465
|
inferno_tests:
|
1004
|
-
-
|
1466
|
+
- 7.2.04
|
1467
|
+
- 8.2.04
|
1005
1468
|
- section: Paragraph (g)(10)(i) – Data response
|
1006
1469
|
steps:
|
1007
1470
|
- group: Data Response Checks for Single and Multiple Patients
|
1008
|
-
id:
|
1471
|
+
id: DAT-PAT-1
|
1009
1472
|
SUT: |
|
1010
|
-
For responses to data for single and multiple patients as described
|
1011
|
-
|
1012
|
-
demonstrates the ability of the Health IT Module
|
1473
|
+
For responses to data for single and multiple patients as described in
|
1474
|
+
steps DAT-PAT-7, and DAT-PAT-8, of this section respectively, the
|
1475
|
+
health IT developer demonstrates the ability of the Health IT Module
|
1476
|
+
to respond to requests for data according to the implementation
|
1477
|
+
specification adopted in § 170.215(a)(2), including the following
|
1478
|
+
steps.
|
1479
|
+
TLV: |
|
1480
|
+
For responses to data for single and multiple patients as described in
|
1481
|
+
steps DAT-PAT-7, and DAT-PAT-8, of this section respectively, the
|
1482
|
+
tester verifies the ability of the Health IT Module to respond to
|
1013
1483
|
requests for data according to the implementation specification
|
1014
1484
|
adopted in § 170.215(a)(2), including the following steps.
|
1015
1485
|
inferno_supported: 'yes'
|
@@ -1031,70 +1501,227 @@ procedure:
|
|
1031
1501
|
- 4.16.04
|
1032
1502
|
- 4.17.04
|
1033
1503
|
- 4.18.04
|
1504
|
+
- 4.19.04
|
1034
1505
|
- 4.20.04
|
1035
1506
|
- 4.21.04
|
1036
1507
|
- 4.22.04
|
1037
1508
|
- 4.23.04
|
1038
|
-
- 4.19.04
|
1039
1509
|
- 4.24.04
|
1040
1510
|
- 4.25.04
|
1041
1511
|
- 4.26.03
|
1042
|
-
- 4.
|
1512
|
+
- 4.27.01
|
1513
|
+
- 4.28.01
|
1514
|
+
- 4.29.01
|
1043
1515
|
- 4.30.01
|
1044
|
-
- 5.
|
1045
|
-
|
1516
|
+
- 5.2.06
|
1517
|
+
- 5.3.02
|
1518
|
+
- 5.4.02
|
1519
|
+
- 5.5.02
|
1520
|
+
- 5.6.02
|
1521
|
+
- 5.7.02
|
1522
|
+
- 5.8.05
|
1523
|
+
- 5.9.05
|
1524
|
+
- 5.10.06
|
1525
|
+
- 5.11.02
|
1526
|
+
- 5.12.02
|
1527
|
+
- 5.13.03
|
1528
|
+
- 5.14.04
|
1529
|
+
- 5.15.04
|
1530
|
+
- 5.16.04
|
1531
|
+
- 5.17.04
|
1532
|
+
- 5.18.04
|
1533
|
+
- 5.19.04
|
1534
|
+
- 5.20.04
|
1535
|
+
- 5.21.04
|
1536
|
+
- 5.22.04
|
1537
|
+
- 5.23.04
|
1538
|
+
- 5.24.04
|
1539
|
+
- 5.25.04
|
1540
|
+
- 5.26.04
|
1541
|
+
- 5.27.04
|
1542
|
+
- 5.28.03
|
1543
|
+
- 5.29.01
|
1544
|
+
- 5.30.01
|
1545
|
+
- 5.31.01
|
1546
|
+
- 5.32.01
|
1547
|
+
- 6.2.06
|
1548
|
+
- 6.3.02
|
1549
|
+
- 6.4.02
|
1550
|
+
- 6.5.02
|
1551
|
+
- 6.6.02
|
1552
|
+
- 6.7.02
|
1553
|
+
- 6.8.02
|
1554
|
+
- 6.9.05
|
1555
|
+
- 6.10.05
|
1556
|
+
- 6.11.06
|
1557
|
+
- 6.12.04
|
1558
|
+
- 6.13.02
|
1559
|
+
- 6.14.02
|
1560
|
+
- 6.15.03
|
1561
|
+
- 6.16.04
|
1562
|
+
- 6.17.04
|
1563
|
+
- 6.18.04
|
1564
|
+
- 6.19.04
|
1565
|
+
- 6.20.04
|
1566
|
+
- 6.21.04
|
1567
|
+
- 6.22.04
|
1568
|
+
- 6.23.04
|
1569
|
+
- 6.24.04
|
1570
|
+
- 6.25.02
|
1571
|
+
- 6.26.04
|
1572
|
+
- 6.27.04
|
1573
|
+
- 6.28.04
|
1574
|
+
- 6.29.04
|
1575
|
+
- 6.30.04
|
1576
|
+
- 6.31.04
|
1577
|
+
- 6.32.04
|
1578
|
+
- 6.33.04
|
1579
|
+
- 6.34.04
|
1580
|
+
- 6.35.03
|
1581
|
+
- 6.36.06
|
1582
|
+
- 6.37.01
|
1583
|
+
- 6.38.01
|
1584
|
+
- 6.39.01
|
1585
|
+
- 6.40.01
|
1586
|
+
- 7.3.03
|
1587
|
+
- 7.3.06 - 7.3.27
|
1588
|
+
- 8.3.03
|
1589
|
+
- 8.3.06 - 8.3.27
|
1590
|
+
- id: DAT-PAT-2
|
1046
1591
|
SUT: |
|
1047
1592
|
The health IT developer demonstrates the ability of the Health IT
|
1048
1593
|
Module to respond with data that meet the following conditions:
|
1049
|
-
* All data elements indicated with a cardinality of one or greater and
|
1594
|
+
* All data elements indicated with a cardinality of one or greater and
|
1595
|
+
/ or “must support” are included;
|
1050
1596
|
* Content is structurally correct;
|
1051
1597
|
* All invariant rules are met;
|
1052
|
-
* All data elements with required “ValueSet” bindings contain codes
|
1598
|
+
* All data elements with required “ValueSet” bindings contain codes
|
1599
|
+
within the bound “ValueSet”;
|
1053
1600
|
* All information is accurate and without omission; and
|
1054
|
-
* All references within the resources can be resolved and validated,
|
1601
|
+
* All references within the resources can be resolved and validated,
|
1602
|
+
as applicable, according to steps DAT-PAT-2, DAT-PAT-3, DAT-PAT-4,
|
1603
|
+
DAT-PAT-5, and DAT-PAT-6, of this section.
|
1055
1604
|
TLV: |
|
1056
|
-
The tester
|
1057
|
-
|
1058
|
-
* All data elements indicated with a cardinality of one or greater and
|
1605
|
+
The tester verifies the ability of the Health IT Module to respond
|
1606
|
+
with data that meet the following conditions:
|
1607
|
+
* All data elements indicated with a cardinality of one or greater and
|
1608
|
+
/ or “must support” are included;
|
1059
1609
|
* Content is structurally correct;
|
1060
1610
|
* All invariant rules are met;
|
1061
|
-
* All data elements with required “ValueSet” bindings contain codes
|
1611
|
+
* All data elements with required “ValueSet” bindings contain codes
|
1612
|
+
within the bound “ValueSet”;
|
1062
1613
|
* All information is accurate and without omission; and
|
1063
|
-
* All references within the resources can be resolved and validated,
|
1614
|
+
* All references within the resources can be resolved and validated,
|
1615
|
+
as applicable, according to steps DAT-PAT-2, DAT-PAT-3, DAT-PAT-4,
|
1616
|
+
DAT-PAT-5, and DAT-PAT-6, of this section.
|
1064
1617
|
inferno_supported: 'yes'
|
1065
1618
|
inferno_tests:
|
1066
|
-
-
|
1067
|
-
-
|
1068
|
-
-
|
1069
|
-
- 4.2.
|
1070
|
-
- 4.3.
|
1071
|
-
- 4.4.
|
1072
|
-
- 4.5.
|
1073
|
-
- 4.6.
|
1074
|
-
- 4.7.
|
1075
|
-
- 4.8.
|
1076
|
-
- 4.9.
|
1077
|
-
- 4.10.
|
1078
|
-
- 4.11.
|
1079
|
-
- 4.12.
|
1080
|
-
- 4.13.
|
1081
|
-
- 4.14.
|
1082
|
-
- 4.15.
|
1083
|
-
- 4.16.
|
1084
|
-
- 4.17.
|
1085
|
-
- 4.18.
|
1086
|
-
- 4.
|
1087
|
-
- 4.
|
1088
|
-
- 4.
|
1089
|
-
- 4.
|
1090
|
-
- 4.
|
1091
|
-
- 4.24.
|
1092
|
-
- 4.25.
|
1093
|
-
- 4.26.
|
1094
|
-
- 4.
|
1095
|
-
- 4.28.
|
1096
|
-
- 4.
|
1097
|
-
-
|
1619
|
+
- 9.10.07
|
1620
|
+
- 9.10.11
|
1621
|
+
- 9.10.12
|
1622
|
+
- 4.2.08 - 4.2.09
|
1623
|
+
- 4.3.04 - 4.3.05
|
1624
|
+
- 4.4.04 - 4.4.05
|
1625
|
+
- 4.5.04 - 4.5.05
|
1626
|
+
- 4.6.04 - 4.6.05
|
1627
|
+
- 4.7.04 - 4.7.05
|
1628
|
+
- 4.8.07 - 4.8.08
|
1629
|
+
- 4.9.07 - 4.9.08
|
1630
|
+
- 4.10.08 - 4.10.09
|
1631
|
+
- 4.11.04 - 4.11.05
|
1632
|
+
- 4.12.04 - 4.12.05
|
1633
|
+
- 4.13.06 - 4.13.07
|
1634
|
+
- 4.14.04 - 4.14.05
|
1635
|
+
- 4.15.06 - 4.15.07
|
1636
|
+
- 4.16.06 - 4.16.07
|
1637
|
+
- 4.17.06 - 4.17.07
|
1638
|
+
- 4.18.06 - 4.18.07
|
1639
|
+
- 4.19.06 - 4.19.07
|
1640
|
+
- 4.20.06 - 4.20.07
|
1641
|
+
- 4.21.06 - 4.21.07
|
1642
|
+
- 4.22.06 - 4.22.07
|
1643
|
+
- 4.23.06 - 4.23.07
|
1644
|
+
- 4.24.06 - 4.24.07
|
1645
|
+
- 4.25.06 - 4.25.07
|
1646
|
+
- 4.26.05 - 4.26.06
|
1647
|
+
- 4.27.02 - 4.27.03
|
1648
|
+
- 4.28.02 - 4.28.03
|
1649
|
+
- 4.29.02 - 4.29.03
|
1650
|
+
- 4.30.02 - 4.30.03
|
1651
|
+
- 5.2.08 - 5.2.09
|
1652
|
+
- 5.3.04 - 5.3.05
|
1653
|
+
- 5.4.04 - 5.4.05
|
1654
|
+
- 5.5.04 - 5.5.05
|
1655
|
+
- 5.6.04 - 5.6.05
|
1656
|
+
- 5.7.04 - 5.7.05
|
1657
|
+
- 5.8.07 - 5.8.08
|
1658
|
+
- 5.9.07 - 5.9.08
|
1659
|
+
- 5.10.08 - 5.10.09
|
1660
|
+
- 5.11.04 - 5.11.05
|
1661
|
+
- 5.12.04 - 5.12.05
|
1662
|
+
- 5.13.06 - 5.13.07
|
1663
|
+
- 5.14.06 - 5.14.07
|
1664
|
+
- 5.15.06 - 5.15.07
|
1665
|
+
- 5.16.06 - 5.16.07
|
1666
|
+
- 5.17.06 - 5.17.07
|
1667
|
+
- 5.18.06 - 5.18.07
|
1668
|
+
- 5.19.06 - 5.19.07
|
1669
|
+
- 5.20.06 - 5.20.07
|
1670
|
+
- 5.21.06 - 5.21.07
|
1671
|
+
- 5.22.06 - 5.22.07
|
1672
|
+
- 5.23.06 - 5.23.07
|
1673
|
+
- 5.24.06 - 5.24.07
|
1674
|
+
- 5.25.06 - 5.25.07
|
1675
|
+
- 5.26.05 - 5.26.06
|
1676
|
+
- 5.27.06 - 5.27.07
|
1677
|
+
- 5.28.05 - 5.28.06
|
1678
|
+
- 5.29.02 - 5.29.03
|
1679
|
+
- 5.30.02 - 5.30.03
|
1680
|
+
- 5.31.02 - 5.31.03
|
1681
|
+
- 5.32.02 - 5.32.03
|
1682
|
+
- 6.2.08 - 6.2.09
|
1683
|
+
- 6.3.04 - 6.3.05
|
1684
|
+
- 6.4.04 - 6.4.05
|
1685
|
+
- 6.5.04 - 6.5.05
|
1686
|
+
- 6.6.04 - 6.6.05
|
1687
|
+
- 6.7.04 - 6.7.05
|
1688
|
+
- 6.8.05 - 6.8.06
|
1689
|
+
- 6.9.07 - 6.9.08
|
1690
|
+
- 6.10.07 - 6.10.08
|
1691
|
+
- 6.11.08 - 6.11.09
|
1692
|
+
- 6.12.06 - 6.12.07
|
1693
|
+
- 6.13.04 - 6.13.05
|
1694
|
+
- 6.14.04 - 6.14.05
|
1695
|
+
- 6.15.06 - 6.15.07
|
1696
|
+
- 6.16.06 - 6.16.07
|
1697
|
+
- 6.17.06 - 6.17.07
|
1698
|
+
- 6.18.06 - 6.18.07
|
1699
|
+
- 6.19.06 - 6.19.07
|
1700
|
+
- 6.20.06 - 6.20.07
|
1701
|
+
- 6.21.06 - 6.21.07
|
1702
|
+
- 6.22.06 - 6.22.07
|
1703
|
+
- 6.23.06 - 6.23.07
|
1704
|
+
- 6.24.06 - 6.24.07
|
1705
|
+
- 6.25.04 - 6.25.05
|
1706
|
+
- 6.26.06 - 6.26.07
|
1707
|
+
- 6.27.06 - 6.27.07
|
1708
|
+
- 6.28.06 - 6.28.07
|
1709
|
+
- 6.29.06 - 6.29.07
|
1710
|
+
- 6.30.06 - 6.30.07
|
1711
|
+
- 6.31.06 - 6.31.07
|
1712
|
+
- 6.32.06 - 6.32.07
|
1713
|
+
- 6.33.06 - 6.33.07
|
1714
|
+
- 6.34.06 - 6.34.07
|
1715
|
+
- 6.35.05 - 6.35.06
|
1716
|
+
- 6.36.08 - 6.36.09
|
1717
|
+
- 6.37.02 - 6.37.03
|
1718
|
+
- 6.38.02 - 6.38.03
|
1719
|
+
- 6.39.02 - 6.39.03
|
1720
|
+
- 6.40.02 - 6.40.03
|
1721
|
+
- 7.3.03
|
1722
|
+
- 7.3.06 - 7.3.27
|
1723
|
+
- 8.3.03
|
1724
|
+
- 8.3.06 - 8.3.27
|
1098
1725
|
inferno_notes: |
|
1099
1726
|
The requirement "all information is accurate and without omission"
|
1100
1727
|
cannot be verified automatically by Inferno, as Inferno only has
|
@@ -1106,33 +1733,33 @@ procedure:
|
|
1106
1733
|
not include three required USCDI v1 data elements for Patient Demographics
|
1107
1734
|
and Allergy and Intolerances, and this requires visual inspection
|
1108
1735
|
by the tester.
|
1109
|
-
- id:
|
1736
|
+
- id: DAT-PAT-3
|
1110
1737
|
SUT: |
|
1111
1738
|
The health IT developer demonstrates the ability of the Health IT
|
1112
|
-
Module to support a “Provenance” FHIR resource for all the FHIR
|
1739
|
+
Module to support a “Provenance” FHIR® resource for all the FHIR®
|
1113
1740
|
resources included in the standard adopted in § 170.213 and
|
1114
|
-
implementation specification adopted in § 170.215(a)(2) according
|
1115
|
-
|
1741
|
+
implementation specification adopted in § 170.215(a)(2) according to
|
1742
|
+
the “Basic Provenance Guidance” section of the implementation
|
1116
1743
|
specification adopted in § 170.215(a)(2).
|
1117
1744
|
TLV: |
|
1118
|
-
The tester
|
1119
|
-
|
1120
|
-
|
1121
|
-
|
1122
|
-
|
1123
|
-
|
1745
|
+
The tester verifies the ability of the Health IT Module to support a
|
1746
|
+
“Provenance” FHIR® resource for all the FHIR® resources included in
|
1747
|
+
the standard adopted in § 170.213 and implementation specification
|
1748
|
+
adopted in § 170.215(a)(2) according to the “Basic Provenance
|
1749
|
+
Guidance” section of the implementation specification adopted in §
|
1750
|
+
170.215(a)(2).
|
1124
1751
|
inferno_supported: 'yes'
|
1125
1752
|
inferno_tests:
|
1126
1753
|
- 4.2.07
|
1127
1754
|
- 4.3.03
|
1128
|
-
- 4.4.
|
1755
|
+
- 4.4.03
|
1129
1756
|
- 4.5.03
|
1130
|
-
- 4.6.
|
1757
|
+
- 4.6.03
|
1131
1758
|
- 4.7.03
|
1132
1759
|
- 4.8.06
|
1133
1760
|
- 4.9.06
|
1134
1761
|
- 4.10.07
|
1135
|
-
- 4.11.
|
1762
|
+
- 4.11.03
|
1136
1763
|
- 4.12.03
|
1137
1764
|
- 4.13.04
|
1138
1765
|
- 4.14.03
|
@@ -1140,82 +1767,152 @@ procedure:
|
|
1140
1767
|
- 4.16.05
|
1141
1768
|
- 4.17.05
|
1142
1769
|
- 4.18.05
|
1770
|
+
- 4.19.05
|
1143
1771
|
- 4.20.05
|
1144
1772
|
- 4.21.05
|
1145
1773
|
- 4.22.05
|
1146
1774
|
- 4.23.05
|
1147
|
-
- 4.19.05
|
1148
1775
|
- 4.24.05
|
1149
1776
|
- 4.25.05
|
1150
1777
|
- 4.26.04
|
1151
1778
|
- 4.30.01 - 4.30.04
|
1152
|
-
- 5.
|
1153
|
-
|
1779
|
+
- 5.2.07
|
1780
|
+
- 5.3.03
|
1781
|
+
- 5.4.03
|
1782
|
+
- 5.5.03
|
1783
|
+
- 5.6.03
|
1784
|
+
- 5.7.03
|
1785
|
+
- 5.8.06
|
1786
|
+
- 5.9.06
|
1787
|
+
- 5.10.07
|
1788
|
+
- 5.11.03
|
1789
|
+
- 5.12.03
|
1790
|
+
- 5.13.04
|
1791
|
+
- 5.14.05
|
1792
|
+
- 5.15.05
|
1793
|
+
- 5.16.05
|
1794
|
+
- 5.17.05
|
1795
|
+
- 5.18.05
|
1796
|
+
- 5.19.05
|
1797
|
+
- 5.20.05
|
1798
|
+
- 5.21.05
|
1799
|
+
- 5.22.05
|
1800
|
+
- 5.23.05
|
1801
|
+
- 5.24.05
|
1802
|
+
- 5.25.05
|
1803
|
+
- 5.26.05
|
1804
|
+
- 5.27.05
|
1805
|
+
- 5.28.04
|
1806
|
+
- 5.32.01 - 5.32.04
|
1807
|
+
- 6.2.07
|
1808
|
+
- 6.3.03
|
1809
|
+
- 6.4.03
|
1810
|
+
- 6.5.03
|
1811
|
+
- 6.6.03
|
1812
|
+
- 6.7.03
|
1813
|
+
- 6.8.03
|
1814
|
+
- 6.9.06
|
1815
|
+
- 6.10.06
|
1816
|
+
- 6.11.07
|
1817
|
+
- 6.12.05
|
1818
|
+
- 6.13.03
|
1819
|
+
- 6.14.03
|
1820
|
+
- 6.15.04
|
1821
|
+
- 6.16.05
|
1822
|
+
- 6.17.05
|
1823
|
+
- 6.18.05
|
1824
|
+
- 6.19.05
|
1825
|
+
- 6.20.05
|
1826
|
+
- 6.21.05
|
1827
|
+
- 6.22.05
|
1828
|
+
- 6.23.05
|
1829
|
+
- 6.24.05
|
1830
|
+
- 6.25.03
|
1831
|
+
- 6.26.05
|
1832
|
+
- 6.27.05
|
1833
|
+
- 6.28.05
|
1834
|
+
- 6.29.05
|
1835
|
+
- 6.30.05
|
1836
|
+
- 6.31.05
|
1837
|
+
- 6.32.05
|
1838
|
+
- 6.33.05
|
1839
|
+
- 6.34.05
|
1840
|
+
- 6.35.04
|
1841
|
+
- 6.36.07
|
1842
|
+
- 6.39.01 - 6.39.04
|
1843
|
+
- 7.3.21
|
1844
|
+
- 8.3.21
|
1845
|
+
- id: DAT-PAT-4
|
1154
1846
|
SUT: |
|
1155
1847
|
The health IT developer demonstrates the ability of the Health IT
|
1156
|
-
Module to support a “DocumentReference” and/or “DiagnosticReport”
|
1157
|
-
resource for each of the “Clinical Notes” and “Diagnostic
|
1158
|
-
included in and according to the “Clinical Notes Guidance”
|
1159
|
-
the implementation specification adopted in §
|
1848
|
+
Module to support a “DocumentReference” and/or “DiagnosticReport”
|
1849
|
+
FHIR® resource for each of the “Clinical Notes” and “Diagnostic
|
1850
|
+
Reports” included in and according to the “Clinical Notes Guidance”
|
1851
|
+
section of the implementation specification adopted in §
|
1852
|
+
170.215(a)(2).
|
1160
1853
|
TLV: |
|
1161
|
-
The tester verifies the ability of the Health IT Module to support
|
1162
|
-
|
1854
|
+
The tester verifies the ability of the Health IT Module to support a
|
1855
|
+
“DocumentReference” and/or “DiagnosticReport” FHIR® resource for each
|
1163
1856
|
of the “Clinical Notes” and “Diagnostic Reports” included in and
|
1164
1857
|
according to the “Clinical Notes Guidance” section of the
|
1165
1858
|
implementation specification adopted in § 170.215(a)(2).
|
1166
1859
|
inferno_supported: 'yes'
|
1167
1860
|
inferno_tests:
|
1168
1861
|
- 4.31.01 - 4.31.02
|
1169
|
-
|
1862
|
+
- 5.33.01 - 5.33.02
|
1863
|
+
- 6.41.01 - 6.41.02
|
1864
|
+
- id: DAT-PAT-5
|
1170
1865
|
SUT: |
|
1171
1866
|
If supported, and for responses to data for a single patient only, the
|
1172
|
-
health IT developer demonstrates the ability of the Health IT
|
1173
|
-
|
1174
|
-
|
1175
|
-
|
1867
|
+
health IT developer demonstrates the ability of the Health IT Module
|
1868
|
+
to support a “Medication” FHIR® resource according to the “Medication
|
1869
|
+
List Guidance” section of the implementation specification adopted in
|
1870
|
+
§ 170.215(a)(2).
|
1176
1871
|
TLV: |
|
1177
1872
|
If supported, and for responses to data for a single patient only, the
|
1178
|
-
tester
|
1179
|
-
|
1180
|
-
|
1181
|
-
|
1873
|
+
tester verifies the ability of the Health IT Module to support a
|
1874
|
+
“Medication” FHIR® resource according to the “Medication List
|
1875
|
+
Guidance” section of the implementation specification adopted in §
|
1876
|
+
170.215(a)(2).
|
1182
1877
|
inferno_supported: 'yes'
|
1183
1878
|
inferno_tests:
|
1184
1879
|
- 4.13.06
|
1185
|
-
|
1880
|
+
- 5.13.06
|
1881
|
+
- 6.15.06
|
1882
|
+
- id: DAT-PAT-6
|
1186
1883
|
SUT: |
|
1187
1884
|
The health IT developer demonstrates the ability of the Health IT
|
1188
|
-
Module to support “
|
1189
|
-
|
1190
|
-
|
1191
|
-
*
|
1192
|
-
|
1885
|
+
Module to support “Missing Data” according to the implementation
|
1886
|
+
specification adopted in § 170. 215(a)(2), including:
|
1887
|
+
* For non-coded data elements; and
|
1888
|
+
* For coded data elements, including support for the
|
1889
|
+
“DataAbsentReason” Code System.
|
1193
1890
|
TLV: |
|
1194
|
-
The tester
|
1195
|
-
|
1196
|
-
|
1197
|
-
|
1198
|
-
*
|
1199
|
-
|
1891
|
+
The tester verifies the ability of the Health IT Module to support
|
1892
|
+
“Missing Data” according to the implementation specification adopted
|
1893
|
+
in § 170. 215(a)(2), including:
|
1894
|
+
* For non-coded data elements; and
|
1895
|
+
* For coded data elements, including support for the
|
1896
|
+
“DataAbsentReason” Code System.
|
1200
1897
|
inferno_supported: 'yes'
|
1201
1898
|
inferno_tests:
|
1202
1899
|
- 4.32.01 - 4.32.02
|
1900
|
+
- 5.34.01 - 5.34.02
|
1901
|
+
- 6.42.01 - 6.42.02
|
1203
1902
|
- group: Response to Requests for a Single Patient’s Data
|
1204
|
-
id:
|
1903
|
+
id: DAT-PAT-7
|
1205
1904
|
SUT: |
|
1206
1905
|
The health IT developer demonstrates the ability of the Health IT
|
1207
|
-
Module to return all of the data associated with requests for a
|
1208
|
-
|
1209
|
-
|
1210
|
-
|
1211
|
-
adopted in § 170.213.
|
1906
|
+
Module to return all of the data associated with requests for a single
|
1907
|
+
patient’s data according to the “US Core Server CapabilityStatement”
|
1908
|
+
section of the implementation specification adopted in § 170.215(a)(2)
|
1909
|
+
for all the data included in the standard adopted in § 170.213.
|
1212
1910
|
TLV: |
|
1213
|
-
The tester verifies the ability of the Health IT
|
1214
|
-
|
1215
|
-
|
1216
|
-
|
1217
|
-
|
1218
|
-
adopted in § 170.213.
|
1911
|
+
The tester verifies the ability of the Health IT Module to return all
|
1912
|
+
of the data associated with requests for a single patient’s data
|
1913
|
+
according to the “US Core Server CapabilityStatement” section of the
|
1914
|
+
implementation specification adopted in § 170.215(a)(2) for all the
|
1915
|
+
data included in the standard adopted in § 170.213.
|
1219
1916
|
inferno_supported: 'yes'
|
1220
1917
|
inferno_tests:
|
1221
1918
|
- 4.2.01
|
@@ -1235,27 +1932,85 @@ procedure:
|
|
1235
1932
|
- 4.16.01
|
1236
1933
|
- 4.17.01
|
1237
1934
|
- 4.18.01
|
1935
|
+
- 4.19.01
|
1238
1936
|
- 4.20.01
|
1239
1937
|
- 4.21.01
|
1240
1938
|
- 4.22.01
|
1241
1939
|
- 4.23.01
|
1242
|
-
- 4.19.01
|
1243
1940
|
- 4.24.01
|
1244
1941
|
- 4.25.01
|
1245
1942
|
- 4.26.01
|
1246
|
-
-
|
1247
|
-
-
|
1248
|
-
- 4.
|
1943
|
+
- 5.2.01
|
1944
|
+
- 5.3.01
|
1945
|
+
- 5.4.01
|
1946
|
+
- 5.5.01
|
1947
|
+
- 5.6.01
|
1948
|
+
- 5.7.01
|
1949
|
+
- 5.8.01
|
1950
|
+
- 5.9.01
|
1951
|
+
- 5.10.01
|
1952
|
+
- 5.11.01
|
1953
|
+
- 5.12.01
|
1954
|
+
- 5.13.01
|
1955
|
+
- 5.14.01
|
1956
|
+
- 5.15.01
|
1957
|
+
- 5.16.01
|
1958
|
+
- 5.17.01
|
1959
|
+
- 5.18.01
|
1960
|
+
- 5.19.01
|
1961
|
+
- 5.20.01
|
1962
|
+
- 5.21.01
|
1963
|
+
- 5.22.01
|
1964
|
+
- 5.23.01
|
1965
|
+
- 5.24.01
|
1966
|
+
- 5.25.01
|
1967
|
+
- 5.26.01
|
1968
|
+
- 5.27.01
|
1969
|
+
- 5.28.01
|
1970
|
+
- 6.2.01
|
1971
|
+
- 6.3.01
|
1972
|
+
- 6.4.01
|
1973
|
+
- 6.5.01
|
1974
|
+
- 6.6.01
|
1975
|
+
- 6.7.01
|
1976
|
+
- 6.8.01
|
1977
|
+
- 6.9.01
|
1978
|
+
- 6.10.01
|
1979
|
+
- 6.11.01
|
1980
|
+
- 6.12.01
|
1981
|
+
- 6.13.01
|
1982
|
+
- 6.14.01
|
1983
|
+
- 6.15.01
|
1984
|
+
- 6.16.01
|
1985
|
+
- 6.17.01
|
1986
|
+
- 6.18.01
|
1987
|
+
- 6.19.01
|
1988
|
+
- 6.20.01
|
1989
|
+
- 6.21.01
|
1990
|
+
- 6.22.01
|
1991
|
+
- 6.23.01
|
1992
|
+
- 6.24.01
|
1993
|
+
- 6.25.01
|
1994
|
+
- 6.26.01
|
1995
|
+
- 6.27.01
|
1996
|
+
- 6.28.01
|
1997
|
+
- 6.29.01
|
1998
|
+
- 6.30.01
|
1999
|
+
- 6.31.01
|
2000
|
+
- 6.32.01
|
2001
|
+
- 6.33.01
|
2002
|
+
- 6.34.01
|
2003
|
+
- 6.35.01
|
2004
|
+
- 6.36.01
|
1249
2005
|
- group: Response to Requests for Multiple Patients’ Data
|
1250
|
-
id:
|
2006
|
+
id: DAT-PAT-8
|
1251
2007
|
SUT: |
|
1252
2008
|
The health IT developer demonstrates the ability of the Health IT
|
1253
|
-
Module to respond to requests for multiple patients’ data
|
1254
|
-
|
1255
|
-
|
1256
|
-
|
1257
|
-
|
1258
|
-
adopted in § 170.215(a)(2), including the following FHIR resources:
|
2009
|
+
Module to respond to requests for multiple patients’ data according to
|
2010
|
+
the implementation specification adopted in § 170.215(a)(4) for all of
|
2011
|
+
the FHIR® resources associated with the profiles and Data Elements
|
2012
|
+
specified in and according to the standard adopted in § 170.213 and
|
2013
|
+
implementation specification adopted in § 170.215(a)(2).:
|
1259
2014
|
* “AllergyIntolerance”;
|
1260
2015
|
* “CarePlan”;
|
1261
2016
|
* “CareTeam”;
|
@@ -1266,23 +2021,22 @@ procedure:
|
|
1266
2021
|
* “Encounter”;
|
1267
2022
|
* “Goal”;
|
1268
2023
|
* “Immunization”;
|
1269
|
-
* “Location
|
2024
|
+
* “Location” (if supported);
|
1270
2025
|
* “Medication” (if supported);
|
1271
2026
|
* “MedicationRequest”;
|
1272
2027
|
* “Observation”;
|
1273
2028
|
* “Organization”;
|
1274
2029
|
* “Patient”;
|
1275
|
-
* “Practitioner
|
2030
|
+
* “Practitioner”
|
1276
2031
|
* “Procedure”; and
|
1277
|
-
* “Provenance
|
2032
|
+
* “Provenance”.
|
1278
2033
|
TLV: |
|
1279
|
-
The tester verifies the ability of the Health IT
|
1280
|
-
|
1281
|
-
|
1282
|
-
|
1283
|
-
|
1284
|
-
|
1285
|
-
adopted in § 170.215(a)(2), including the following FHIR resources:
|
2034
|
+
The tester verifies the ability of the Health IT Module to respond to
|
2035
|
+
requests for multiple patients’ data according to the implementation
|
2036
|
+
specification adopted in § 170.215(a)(4) for all of the FHIR®
|
2037
|
+
resources associated with the profiles and Data Elements specified in
|
2038
|
+
and according to the standard adopted in § 170.213 and implementation
|
2039
|
+
specification adopted in § 170.215(a)(2).
|
1286
2040
|
* “AllergyIntolerance”;
|
1287
2041
|
* “CarePlan”;
|
1288
2042
|
* “CareTeam”;
|
@@ -1293,117 +2047,192 @@ procedure:
|
|
1293
2047
|
* “Encounter”;
|
1294
2048
|
* “Goal”;
|
1295
2049
|
* “Immunization”;
|
1296
|
-
* “Location
|
2050
|
+
* “Location” (if supported);
|
1297
2051
|
* “Medication” (if supported);
|
1298
2052
|
* “MedicationRequest”;
|
1299
2053
|
* “Observation”;
|
1300
2054
|
* “Organization”;
|
1301
2055
|
* “Patient”;
|
1302
|
-
* “Practitioner
|
2056
|
+
* “Practitioner”
|
1303
2057
|
* “Procedure”; and
|
1304
|
-
* “Provenance
|
2058
|
+
* “Provenance”.
|
1305
2059
|
inferno_supported: 'yes'
|
1306
2060
|
inferno_tests:
|
1307
|
-
-
|
1308
|
-
-
|
1309
|
-
|
2061
|
+
- 7.3.03
|
2062
|
+
- 7.3.06 - 7.3.23
|
2063
|
+
- 8.3.03
|
2064
|
+
- 8.3.06 - 8.3.23
|
2065
|
+
- id: DAT-PAT-16
|
1310
2066
|
SUT: |
|
1311
2067
|
The health IT developer demonstrates the ability of the Health IT
|
1312
|
-
Module to
|
1313
|
-
|
1314
|
-
|
2068
|
+
Module to respond to requests for multiple patients’ data according to
|
2069
|
+
the implementation specification adopted in § 170.215(a)(4) for all of
|
2070
|
+
the FHIR® resources associated with the profiles and Data Elements
|
2071
|
+
specified in and according to the standard adopted in § 170.213 and
|
2072
|
+
implementation specification adopted in § 170.215(a)(2).
|
2073
|
+
* “AllergyIntolerance”;
|
2074
|
+
* “CarePlan”;
|
2075
|
+
* “CareTeam”;
|
2076
|
+
* “Condition”;
|
2077
|
+
* “Device”;
|
2078
|
+
* “DiagnosticReport”;
|
2079
|
+
* “DocumentReference”;
|
2080
|
+
* “Encounter”;
|
2081
|
+
* “Goal”;
|
2082
|
+
* “Immunization”;
|
2083
|
+
* “Location” (if supported);
|
2084
|
+
* “Medication” (if supported);
|
2085
|
+
* “MedicationRequest”;
|
2086
|
+
* “Observation”;
|
2087
|
+
* “Organization”;
|
2088
|
+
* “Patient”;
|
2089
|
+
* “Practitioner”
|
2090
|
+
* “Procedure”; and
|
2091
|
+
* “Provenance”.
|
2092
|
+
* “PractitionerRole” (if supported);
|
2093
|
+
* “QuestionnaireReponse” (if supported);
|
2094
|
+
* “RelatedPerson”; and
|
2095
|
+
* “ServiceRequest”
|
1315
2096
|
TLV: |
|
1316
|
-
The
|
1317
|
-
|
2097
|
+
The health IT developer verifies the ability of the Health IT Module
|
2098
|
+
to respond to requests for multiple patients’ data according to the
|
2099
|
+
implementation specification adopted in § 170.215(a)(4) for all of the
|
2100
|
+
FHIR® resources associated with the profiles and Data Elements
|
2101
|
+
specified in and according to the standard adopted in § 170.213 and
|
2102
|
+
implementation specification adopted in § 170.215(a)(2).
|
2103
|
+
* “AllergyIntolerance”;
|
2104
|
+
* “CarePlan”;
|
2105
|
+
* “CareTeam”;
|
2106
|
+
* “Condition”;
|
2107
|
+
* “Device”;
|
2108
|
+
* “DiagnosticReport”;
|
2109
|
+
* “DocumentReference”;
|
2110
|
+
* “Encounter”;
|
2111
|
+
* “Goal”;
|
2112
|
+
* “Immunization”;
|
2113
|
+
* “Location” (if supported);
|
2114
|
+
* “Medication” (if supported);
|
2115
|
+
* “MedicationRequest”;
|
2116
|
+
* “Observation”;
|
2117
|
+
* “Organization”;
|
2118
|
+
* “Patient”;
|
2119
|
+
* “Practitioner”
|
2120
|
+
* “Procedure”; and
|
2121
|
+
* “Provenance”.
|
2122
|
+
* “PractitionerRole” (if supported);
|
2123
|
+
* “QuestionnaireReponse” (if supported);
|
2124
|
+
* “RelatedPerson”; and
|
2125
|
+
* “ServiceRequest”
|
2126
|
+
inferno_supported: 'yes'
|
2127
|
+
inferno_tests:
|
2128
|
+
- 7.3.03
|
2129
|
+
- 7.3.06 - 7.3.27
|
2130
|
+
- 8.3.03
|
2131
|
+
- 8.3.06 - 8.3.27
|
2132
|
+
- id: DAT-PAT-9
|
2133
|
+
SUT: |
|
2134
|
+
The health IT developer demonstrates the ability of the Health IT
|
2135
|
+
Module to limit the data returned to only those FHIR® resources for
|
1318
2136
|
which the client is authorized according to the implementation
|
1319
2137
|
specification adopted in § 170.215(a)(4).
|
2138
|
+
TLV: |
|
2139
|
+
The tester verifies the ability of the Health IT Module to limit the
|
2140
|
+
data returned to only those FHIR® resources for which the client is
|
2141
|
+
authorized according to the implementation specification adopted in §
|
2142
|
+
170.215(a)(4).
|
1320
2143
|
inferno_supported: 'yes'
|
1321
2144
|
inferno_tests:
|
1322
|
-
- 2.
|
2145
|
+
- 2.3.01 - 2.3.15
|
1323
2146
|
inferno_notes: |
|
1324
2147
|
Inferno does not do this because there is no requirement to only
|
1325
2148
|
supported a subset of the scopes.
|
1326
|
-
- id:
|
2149
|
+
- id: DAT-PAT-10
|
1327
2150
|
SUT: |
|
1328
2151
|
The health IT developer demonstrates the ability of the Health IT
|
1329
2152
|
Module to support a successful data response according to the
|
1330
2153
|
implementation adopted in § 170.215(a)(4).
|
1331
2154
|
TLV: |
|
1332
|
-
The tester verifies the ability of the Health IT
|
1333
|
-
|
1334
|
-
|
2155
|
+
The tester verifies the ability of the Health IT Module to support a
|
2156
|
+
successful data response according to the implementation adopted in §
|
2157
|
+
170.215(a)(4).
|
1335
2158
|
inferno_supported: 'yes'
|
1336
2159
|
inferno_tests:
|
1337
|
-
-
|
1338
|
-
|
2160
|
+
- 7.2.04 - 7.2.05
|
2161
|
+
- 8.2.04 - 8.2.05
|
2162
|
+
- id: DAT-PAT-11
|
1339
2163
|
SUT: |
|
1340
2164
|
The health IT developer demonstrates the ability of the Health IT
|
1341
2165
|
Module to support a data response error according to the
|
1342
2166
|
implementation adopted in § 170.215(a)(4).
|
1343
2167
|
TLV: |
|
1344
|
-
The tester verifies the ability of the Health IT
|
1345
|
-
|
1346
|
-
|
2168
|
+
The tester verifies the ability of the Health IT Module to support a
|
2169
|
+
data response error according to the implementation adopted in §
|
2170
|
+
170.215(a)(4).
|
1347
2171
|
inferno_supported: 'yes'
|
1348
2172
|
inferno_tests:
|
1349
|
-
-
|
1350
|
-
|
2173
|
+
- 7.2.03
|
2174
|
+
- 8.2.03
|
2175
|
+
- id: DAT-PAT-12
|
1351
2176
|
SUT: |
|
1352
2177
|
The health IT developer demonstrates the ability of the Health IT
|
1353
2178
|
Module to support a bulk data delete request according to the
|
1354
2179
|
implementation specification adopted in § 170.215(a)(4).
|
1355
2180
|
TLV: |
|
1356
|
-
The tester verifies the ability of the Health IT
|
1357
|
-
|
1358
|
-
|
2181
|
+
The tester verifies the ability of the Health IT Module to support a
|
2182
|
+
bulk data delete request according to the implementation specification
|
2183
|
+
adopted in § 170.215(a)(4).
|
1359
2184
|
inferno_supported: 'yes'
|
1360
2185
|
inferno_tests:
|
1361
|
-
-
|
1362
|
-
|
2186
|
+
- 7.2.07
|
2187
|
+
- 8.2.07
|
2188
|
+
- id: DAT-PAT-13
|
1363
2189
|
SUT: |
|
1364
2190
|
The health IT developer demonstrates the ability of the Health IT
|
1365
2191
|
Module to support a bulk data status request according to the
|
1366
2192
|
implementation specification adopted in § 170.215(a)(4).
|
1367
2193
|
TLV: |
|
1368
|
-
The tester verifies the ability of the Health IT
|
1369
|
-
|
1370
|
-
|
2194
|
+
The tester verifies the ability of the Health IT Module to support a
|
2195
|
+
bulk data status request according to the implementation specification
|
2196
|
+
adopted in § 170.215(a)(4).
|
1371
2197
|
inferno_supported: 'yes'
|
1372
2198
|
inferno_tests:
|
1373
|
-
-
|
1374
|
-
|
2199
|
+
- 7.2.05 - 7.2.06
|
2200
|
+
- 8.2.05 - 8.2.06
|
2201
|
+
- id: DAT-PAT-14
|
1375
2202
|
SUT: |
|
1376
2203
|
The health IT developer demonstrates the ability of the Health IT
|
1377
2204
|
Module to support a file request according to the implementation
|
1378
2205
|
specification adopted in § 170.215(a)(4), including support for the
|
1379
2206
|
“ndjson” format for files provided.
|
1380
2207
|
TLV: |
|
1381
|
-
The tester verifies the ability of the Health IT
|
1382
|
-
|
1383
|
-
|
1384
|
-
|
2208
|
+
The tester verifies the ability of the Health IT Module to support a
|
2209
|
+
file request according to the implementation specification adopted in
|
2210
|
+
§ 170.215(a)(4), including support for the “ndjson” format for files
|
2211
|
+
provided.
|
1385
2212
|
inferno_supported: 'yes'
|
1386
2213
|
inferno_tests:
|
1387
|
-
-
|
1388
|
-
|
2214
|
+
- 7.3.01 - 7.3.27
|
2215
|
+
- 8.3.01 - 8.3.27
|
2216
|
+
- id: DAT-PAT-15
|
1389
2217
|
SUT: |
|
1390
|
-
The health IT developer demonstrates that the information
|
1391
|
-
|
1392
|
-
|
2218
|
+
The health IT developer demonstrates that the information provided as
|
2219
|
+
part of this data response includes data for patients in the group
|
2220
|
+
identifier provided during the “group-export” request.
|
1393
2221
|
TLV: |
|
1394
|
-
The tester verifies the information
|
1395
|
-
|
1396
|
-
|
2222
|
+
The tester verifies the information provided as part of this data
|
2223
|
+
response includes data for patients in the group identifier provided
|
2224
|
+
during the “group-export” request.
|
1397
2225
|
inferno_supported: 'yes'
|
1398
2226
|
inferno_tests:
|
1399
|
-
-
|
2227
|
+
- 7.3.05
|
2228
|
+
- 8.3.05
|
1400
2229
|
- section: Paragraph (g)(10)(viii) – Documentation
|
1401
2230
|
steps:
|
1402
2231
|
- group: Supported Search Operations for a Single Patient’s Data
|
1403
|
-
id:
|
2232
|
+
id: API-DOC-1
|
1404
2233
|
SUT: |
|
1405
|
-
The health IT developer supplies documentation describing the
|
1406
|
-
|
2234
|
+
The health IT developer supplies documentation describing the API(s)
|
2235
|
+
of the Health IT Module and includes at a minimum:
|
1407
2236
|
* API syntax;
|
1408
2237
|
* Function names;
|
1409
2238
|
* Required and optional parameters supported and their data types;
|
@@ -1411,10 +2240,12 @@ procedure:
|
|
1411
2240
|
* Exceptions and exception handling methods and their returns;
|
1412
2241
|
* Mandatory software components;
|
1413
2242
|
* Mandatory software configurations; and
|
1414
|
-
* All technical requirements and attributes necessary for
|
2243
|
+
* All technical requirements and attributes necessary for
|
2244
|
+
registration.
|
1415
2245
|
TLV: |
|
1416
|
-
The tester verifies the
|
1417
|
-
API(s) of the Health IT Module
|
2246
|
+
The tester verifies that the documentation supplied by the health IT
|
2247
|
+
developer describing the API(s) of the Health IT Module includes at a
|
2248
|
+
minimum:
|
1418
2249
|
* API syntax;
|
1419
2250
|
* Function names;
|
1420
2251
|
* Required and optional parameters supported and their data types;
|
@@ -1422,21 +2253,33 @@ procedure:
|
|
1422
2253
|
* Exceptions and exception handling methods and their returns;
|
1423
2254
|
* Mandatory software components;
|
1424
2255
|
* Mandatory software configurations; and
|
1425
|
-
* All technical requirements and attributes necessary for
|
2256
|
+
* All technical requirements and attributes necessary for
|
2257
|
+
registration.
|
2258
|
+
inferno_supported: 'yes'
|
2259
|
+
inferno_tests:
|
2260
|
+
- 9.10.09
|
2261
|
+
- id: API-DOC-2
|
2262
|
+
SUT: |
|
2263
|
+
The health IT developer demonstrates that the documentation described
|
2264
|
+
in step 1, of this section is available via a publicly accessible
|
2265
|
+
hyperlink that does not require preconditions or additional steps to
|
2266
|
+
access.
|
2267
|
+
TLV: |
|
2268
|
+
The tester verifies the documentation described in step 1, of this
|
2269
|
+
section is available via a publicly accessible hyperlink that does not
|
2270
|
+
require preconditions or additional steps to access.
|
1426
2271
|
inferno_supported: 'yes'
|
1427
2272
|
inferno_tests:
|
1428
|
-
-
|
1429
|
-
- id:
|
2273
|
+
- 9.10.09
|
2274
|
+
- id: API-DOC-3
|
1430
2275
|
SUT: |
|
1431
|
-
|
1432
|
-
|
1433
|
-
|
1434
|
-
additional steps to access.
|
2276
|
+
To fulfill the API Maintenance of Certification requirement at §
|
2277
|
+
170.404(b)(2), the health IT developer demonstrates the public
|
2278
|
+
location of its certified API technology service base URLs.
|
1435
2279
|
TLV: |
|
1436
|
-
|
1437
|
-
|
1438
|
-
|
1439
|
-
additional steps to access.
|
2280
|
+
To fulfill the API Maintenance of Certification requirement at §
|
2281
|
+
170.404(b)(2), the tester verifies the public location of the health
|
2282
|
+
IT developer's certified API technology service base URLs.
|
1440
2283
|
inferno_supported: 'yes'
|
1441
2284
|
inferno_tests:
|
1442
|
-
-
|
2285
|
+
- 9.10.14
|