onc_certification_g10_test_kit 3.0.1 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/lib/onc_certification_g10_test_kit/base_token_refresh_group.rb +2 -0
  3. data/lib/onc_certification_g10_test_kit/bulk_data_group_export_stu2.rb +1 -1
  4. data/lib/onc_certification_g10_test_kit/export_kick_off_performer.rb +3 -2
  5. data/lib/onc_certification_g10_test_kit/onc_program_procedure.yml +1501 -658
  6. data/lib/onc_certification_g10_test_kit/profile_selector.rb +3 -1
  7. data/lib/onc_certification_g10_test_kit/single_patient_api_group.rb +3 -0
  8. data/lib/onc_certification_g10_test_kit/single_patient_us_core_4_api_group.rb +3 -0
  9. data/lib/onc_certification_g10_test_kit/single_patient_us_core_5_api_group.rb +5 -2
  10. data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb +3 -0
  11. data/lib/onc_certification_g10_test_kit/smart_invalid_token_refresh_test.rb +37 -0
  12. data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb +3 -0
  13. data/lib/onc_certification_g10_test_kit/version.rb +1 -1
  14. data/lib/onc_certification_g10_test_kit/visual_inspection_and_attestations_group.rb +36 -0
  15. data/lib/onc_certification_g10_test_kit/well_known_capabilities_test.rb +1 -1
  16. metadata +9 -8
data/lib/onc_certification_g10_test_kit/onc_program_procedure.yml CHANGED
@@ -2,7 +2,7 @@ procedure:
2
2
  - section: Paragraph (g)(10)(iii) - Application registration
3
3
  steps:
4
4
  - group: Application Registration
5
- id: APP-REGISTRATION-1
5
+ id: APP-REG-1
6
6
  SUT: |
7
7
  The health IT developer demonstrates the Health IT Module supports
8
8
  application registration with an authorization server for the purposes
@@ -16,13 +16,13 @@ procedure:
16
16
  registration functions to enable authentication and authorization in §
17
17
  170.315(g)(10)(v).
18
18
  inferno_tests:
19
- - 6.5.01
19
+ - 9.10.01
20
20
  inferno_supported: 'yes'
21
21
  inferno_notes: |
22
22
  This requires a visual inspection and attestation because it is not
23
23
  possible to automate without any standard method required for application
24
24
  registration.
25
- - id: APP-REGISTRATION-2
25
+ - id: APP-REG-2
26
26
  SUT: |
27
27
  The health IT developer demonstrates the Health IT Module supports
28
28
  application registration with an authorization server for the purposes
@@ -35,8 +35,8 @@ procedure:
35
35
  access for multiple patients including support for application
36
36
  registration functions to enable authentication and authorization in §
37
37
  170.315(g)(10)(v).
38
- inferno_tests:
39
- - 6.5.02
38
+ inferno_tests:
39
+ - 9.10.02
40
40
  inferno_supported: 'yes'
41
41
  inferno_notes: |
42
42
  This requires a visual inspection and attestation because it is not
@@ -45,36 +45,53 @@ procedure:
45
45
  - section: Paragraph (g)(10)(iv) – Secure connection
46
46
  steps:
47
47
  - group: Secure connection
48
- id: SECURE-CONNECTION-1
49
- SUT: |
48
+ id: SEC-CNN-1
49
+ SUT: |
50
50
  For all transmissions between the Health IT Module and the
51
- application, the health IT developer demonstrates the use of a
52
- secure and trusted connection in accordance with the
53
- implementation specifications adopted in § 170.215(a)(2) and §
54
- 170.215(a)(3), including:
51
+ application, the health IT developer demonstrates the use of a secure
52
+ and trusted connection in accordance with the implementation
53
+ specifications adopted in § 170.215(a)(2) and § 170.215(a)(3),
54
+ including:
55
55
  * Using TLS version 1.2 or higher; and
56
- * Conformance to FHIR Communications Security requirements.
56
+ * Conformance to FHIR® Communications Security requirements.
57
57
  TLV: |
58
58
  For all transmissions between the Health IT Module and the
59
59
  application, the tester verifies the use of a secure and trusted
60
60
  connection in accordance with the implementation specifications
61
61
  adopted in § 170.215(a)(2) and § 170.215(a)(3), including:
62
62
  * Using TLS version 1.2 or higher; and
63
- * Conformance to FHIR Communications Security requirements.
63
+ * Conformance to FHIR® Communications Security requirements.
64
64
  inferno_supported: 'yes'
65
65
  inferno_tests:
66
- - 1.2.01
67
- - 1.2.04
66
+ - 1.3.01
67
+ - 1.3.04
68
+ - 1.4.01
69
+ - 1.4.04
68
70
  - 2.1.01
69
71
  - 2.1.04
70
- - 3.2.03
71
- - 3.2.06
72
+ - 2.2.01
73
+ - 2.2.04
74
+ - 3.3.03
75
+ - 3.3.06
76
+ - 3.4.03
77
+ - 3.4.06
72
78
  - 4.1.01
73
79
  - 5.1.01
74
- - 5.2.01
75
- - 5.3.01
76
80
  - 6.1.01
77
- - 6.1.04
81
+ - 7.1.01
82
+ - 7.2.01
83
+ - 7.3.01
84
+ - 8.1.01
85
+ - 8.2.01
86
+ - 8.3.01
87
+ - 9.1.01
88
+ - 9.1.04
89
+ - 9.2.01
90
+ - 9.2.04
91
+ - 9.8.03
92
+ - 9.8.06
93
+ - 9.9.03
94
+ - 9.9.06
78
95
  inferno_notes: |
79
96
  Inferno tests that all endpoints provided support at least TLS
80
97
  version 1.2, and rejects all requests for TLS version 1.1 or below.
@@ -87,62 +104,64 @@ procedure:
87
104
  - section: Paragraph (g)(10)(v)(A) – Authentication and authorization for patient and user scopes
88
105
  steps:
89
106
  - group: Authentication and Authorization for Patient and User Scopes
90
- id: AUTH-PATIENT-1
91
- SUT: |
107
+ id: AUT-PAT-1
108
+ SUT: |
92
109
  The health IT developer demonstrates the ability of the Health IT
93
- Module to support the following for “EHR-Launch,” “StandaloneLaunch,”
94
- and “Both” (“EHR-Launch” and “Standalone-Launch”) as
95
- specified in the implementation specification adopted in §
96
- 170.215(a)(3).
110
+ Module to support the following for “EHR-Launch,” “Standalone-Launch,”
111
+ and “Both” (“EHR-Launch” and “Standalone-Launch”) as specified in the
112
+ implementation specification adopted in § 170.215(a)(3).
97
113
  TLV: |
98
- The tester verifies the ability of the Health IT Module to support
99
- the following for “EHR-Launch,” “Standalone-Launch,” and “Both”
114
+ The tester verifies the ability of the Health IT Module to support the
115
+ following for “EHR-Launch,” “Standalone-Launch,” and “Both”
100
116
  (“EHR-Launch” and “Standalone-Launch”) as specified in the
101
117
  implementation specification adopted in § 170.215(a)(3).
102
118
  inferno_supported: 'yes'
103
119
  inferno_tests:
104
- - 1.2.01 - 1.2.07
105
- - 3.2.01 - 3.2.09
120
+ - 1.3.01 - 1.3.07
121
+ - 1.4.01 - 1.4.07
122
+ - 3.3.01 - 3.3.09
123
+ - 3.4.01 - 3.4.09
106
124
  inferno_notes: |
107
125
  Complete demonstration of these capabilities are accomplished
108
126
  through subsequent steps in the test procedure.
109
- - id: AUTH-PATIENT-2
127
+ - id: AUT-PAT-2
110
128
  SUT: |
111
- [EHR-Launch] The health IT developer demonstrates the ability of
112
- the Health IT Module to initiate a “launch sequence” using the
113
- “launch-ehr" “SMART on FHIR Core Capability” SMART EHR Launch
114
- mode detailed in the implementation specification adopted in §
129
+ [EHR-Launch] The health IT developer demonstrates the ability of the
130
+ Health IT Module to initiate a “launch sequence” using the
131
+ “launch-ehr" “SMART on FHIR® Core Capability” SMART EHR Launch mode
132
+ detailed in the implementation specification adopted in §
115
133
  170.215(a)(3), including:
116
134
  * Launching the registered launch URL of the application; and
117
135
  * Passing the parameters: “iss” and “launch”.
118
136
  TLV: |
119
- [EHR-Launch] The tester verifies the ability of the Health IT
120
- Module to initiate a “launch sequence” using the “launch-ehr"
121
- “SMART on FHIR Core Capability” SMART EHR Launch mode
122
- detailed in the implementation specification adopted in §
123
- 170.215(a)(3), including:
137
+ [EHR-Launch] The tester verifies the ability of the Health IT Module
138
+ to initiate a “launch sequence” using the “launch-ehr" “SMART on FHIR®
139
+ Core Capability” SMART EHR Launch mode detailed in the implementation
140
+ specification adopted in § 170.215(a)(3), including:
124
141
  * Launching the registered launch URL of the application; and
125
142
  * Passing the parameters: “iss” and “launch”.
126
143
  inferno_supported: 'yes'
127
144
  inferno_tests:
128
- - 3.2.01 - 3.2.02
129
- - 3.2.04
130
- - id: AUTH-PATIENT-3
145
+ - 3.3.01 - 3.3.02
146
+ - 3.3.04
147
+ - 3.4.01 - 3.4.02
148
+ - 3.4.04
149
+ - id: AUT-PAT-3
131
150
  SUT: |
132
- [Standalone-Launch] The health IT developer demonstrates the
133
- ability of the Health IT Module to launch using the “launch-standalone"
134
- "SMART on FHIR Core Capability" SMART Standalone
135
- Launch mode detailed in the implementation specification
136
- adopted in § 170.215(a)(3).
151
+ [Standalone-Launch] The health IT developer demonstrates the ability
152
+ of the Health IT Module to launch using the “launch-standalone" “SMART
153
+ on FHIR® Core Capability SMART Standalone Launch mode detailed in the
154
+ implementation specification adopted in § 170.215(a)(3).
137
155
  TLV: |
138
156
  [Standalone-Launch] The tester verifies the ability of the Health IT
139
- Module to launch using the “launch-standalone" “SMART on FHIR
140
- Core Capability” SMART Standalone Launch mode detailed in the
157
+ Module to launch using the “launch-standalone" “SMART on FHIR® Core
158
+ Capability” SMART Standalone Launch mode detailed in the
141
159
  implementation specification adopted in § 170.215(a)(3).
142
160
  inferno_supported: 'yes'
143
161
  inferno_tests:
144
- - 1.2.02
145
- - id: AUTH-PATIENT-4
162
+ - 1.3.02
163
+ - 1.4.02
164
+ - id: AUT-PAT-4
146
165
  SUT: |
147
166
  [Standalone-Launch] The health IT developer demonstrates the ability
148
167
  of the Health IT Module to support SMART’s public client profile.
@@ -151,43 +170,62 @@ procedure:
151
170
  Module to support SMART’s public client profile.
152
171
  inferno_supported: 'yes'
153
172
  inferno_tests:
154
- - 6.1.02 - 6.1.03
155
- - 6.1.05 - 6.1.09
156
- - id: AUTH-PATIENT-5
173
+ - 9.1.02 - 9.1.03
174
+ - 9.1.05 - 9.1.09
175
+ - 9.2.02 - 9.2.03
176
+ - 9.2.05 - 9.2.09
177
+ - id: AUT-PAT-5
157
178
  SUT: |
158
- [Both] The health IT developer demonstrates the ability of the
159
- Health IT Module to support the following as detailed in the
160
- implementation specification adopted in § 170.215(a)(3) and
161
- standard adopted in § 170.215(a)(1):
179
+ [Both] The health IT developer demonstrates the ability of the Health
180
+ IT Module to support the following as detailed in the implementation
181
+ specification adopted in § 170.215(a)(3) and standard adopted in §
182
+ 170.215(a)(1):
162
183
  * The “.well-known/smart-configuration.json” path; and
163
- * A FHIR “CapabilityStatement”.
184
+ * A FHIR® “CapabilityStatement”.
164
185
  TLV: |
165
186
  [Both] The tester verifies the ability of the Health IT Module to
166
- support the following as detailed in the implementation
167
- specification adopted in § 170.215(a)(3) and standard adopted in §
168
- 170.215(a)(1):
187
+ support the following as detailed in the implementation specification
188
+ adopted in § 170.215(a)(3) and standard adopted in § 170.215(a)(1):
169
189
  * The “.well-known/smart-configuration.json” path; and
170
- * A FHIR “CapabilityStatement”.
190
+ * A FHIR® “CapabilityStatement”.
171
191
  inferno_supported: 'yes'
172
192
  inferno_tests:
173
193
  - 1.1.01 - 1.1.03
174
194
  - 3.1.01 - 3.1.03
175
- - id: AUTH-PATIENT-6
195
+ - id: AUT-PAT-24
196
+ SUT: |
197
+ [Both] The health IT developer demonstrates the ability of the Health
198
+ IT Module to support a “.well-known/smart-configuration.json” path as
199
+ detailed in the implementation specification adopted in §
200
+ 170.215(a)(3) and standard adopted in § 170.215(a)(1).
201
+ TLV: |
202
+ [Both] The tester verifies the ability of the Health IT Module to
203
+ support a “.well-known/smart-configuration.json” path as detailed in
204
+ the implementation specification adopted in § 170.215(a)(3) and
205
+ standard adopted in § 170.215(a)(1).
206
+ inferno_supported: 'yes'
207
+ inferno_tests:
208
+ - 1.2.01 - 1.2.03
209
+ - 3.2.01 - 3.2.03
210
+ - id: AUT-PAT-6
176
211
  SUT: |
177
212
  [Both] The health IT developer demonstrates the ability of the
178
- “.well-known/smart-configuration.json” path to support at least
179
- the following as detailed in the implementation specification
180
- adopted in § 170.215(a)(3):
213
+ “.well-known/smart-configuration.json” path to support at least the
214
+ following as detailed in the implementation specification adopted in §
215
+ 170.215(a)(3):
181
216
  * “authorization_endpoint”;
182
217
  * “token_endpoint”; and
183
- * “capabilities” (including support for all the “SMART on FHIR Core Capabilities”).
218
+ * “capabilities” (including support for all the “SMART on FHIR® Core
219
+ Capabilities”).
184
220
  TLV: |
185
- [Both] The tester verifies the ability of the “.well-known/smartconfiguration.json”
186
- path to support at least the following as detailed in the implementation specification
187
- adopted in § 170.215(a)(3):
221
+ [Both] The tester verifies the ability of the
222
+ “.well-known/smart-configuration.json” path to support at least the
223
+ following as detailed in the implementation specification adopted in §
224
+ 170.215(a)(3):
188
225
  * “authorization_endpoint”;
189
226
  * “token_endpoint”; and
190
- * “capabilities” (including support for all the “SMART on FHIR Core Capabilities”).
227
+ * “capabilities” (including support for all the “SMART on FHIR® Core
228
+ Capabilities”).
191
229
  inferno_supported: 'yes'
192
230
  inferno_tests:
193
231
  - 1.1.02
@@ -198,21 +236,68 @@ procedure:
198
236
  Inferno additionally checks that the "authorization endpoint" and the
199
237
  "token endpoint" are consistent between the Capability Statement and
200
238
  the well-known endpoint.
201
- - id: AUTH-PATIENT-7
239
+ - id: AUT-PAT-25
202
240
  SUT: |
203
241
  [Both] The health IT developer demonstrates the ability of the
204
- FHIR “CapabilityStatement” to support at least the following
205
- components as detailed in the implementation specification
206
- adopted in § 170.215(a)(3) and standard adopted in §
207
- 170.215(a)(1), including:
242
+ “.well-known/smart-configuration.jsonpath to support at least the
243
+ following as detailed in the implementation specification adopted in §
244
+ 170.215(a)(3):
245
+ * “authorization_endpoint”;
246
+ * “token_endpoint”;
247
+ * “capabilities” including support for “launch-ehr",
248
+ “launch-standalone”, “client-public”,
249
+ “client-confidential-symmetric", “sso-openid-connect",
250
+ “context-banner”, “context-style”, “context-ehr-patient",
251
+ “context-standalone-patient", “permission-offline”,
252
+ “permission-patient”, “permission-user”, “authorize-post”,
253
+ “permission-v2”;
254
+ * “grant_types_supported” with support for “authorization_code” and
255
+ “client_credentials”; and
256
+ * “code_challenge_methods_supported” with support for “S256” and shall
257
+ not include support for “plain”
258
+
259
+ Additionally, the following “capabilities” must be supported if using
260
+ US Core 5.0.1:
261
+ * "context-ehr-encounter"
262
+ TLV: |
263
+ [Both] The tester verifies the ability of the
264
+ “.well-known/smart-configuration.json” path to support at least the
265
+ following as detailed in the implementation specification adopted in §
266
+ 170.215(a)(3):
267
+ * “authorization_endpoint”;
268
+ * “token_endpoint”;
269
+ * “capabilities” including support for “launch-ehr",
270
+ “launch-standalone”, “client-public”,
271
+ “client-confidential-symmetric", “sso-openid-connect",
272
+ “context-banner”, “context-style”, “context-ehr-patient",
273
+ “context-standalone-patient", “permission-offline”,
274
+ “permission-patient”, “permission-user”, “authorize-post”,
275
+ “permission-v2”;
276
+ * “grant_types_supported” with support for “authorization_code” and
277
+ “client_credentials”; and
278
+ * “code_challenge_methods_supported” with support for “S256” and shall
279
+ not include support for “plain”
280
+
281
+ Additionally, the following “capabilities” must be supported if using
282
+ US Core 5.0.1:
283
+ * "context-ehr-encounter"
284
+ inferno_supported: 'yes'
285
+ inferno_tests:
286
+ - 1.2.01 - 1.2.03
287
+ - 3.2.01 - 3.2.03
288
+ - id: AUT-PAT-7
289
+ SUT: |
290
+ [Both] The health IT developer demonstrates the ability of the FHIR®
291
+ “CapabilityStatement” to support at least the following components as
292
+ detailed in the implementation specification adopted in §
293
+ 170.215(a)(3) and standard adopted in § 170.215(a)(1), including:
208
294
  * “authorize”; and
209
295
  * “token”.
210
296
  TLV: |
211
- [Both] The tester verifies the ability of the FHIR
212
- “CapabilityStatement” to support at least the following
213
- components as detailed in the implementation specification
214
- adopted in § 170.215(a)(3) and standard adopted in §
215
- 170.215(a)(1), including:
297
+ [Both] The tester verifies the ability of the FHIR®
298
+ “CapabilityStatement” to support at least the following components as
299
+ detailed in the implementation specification adopted in §
300
+ 170.215(a)(3) and standard adopted in § 170.215(a)(1), including:
216
301
  * “authorize”; and
217
302
  * “token”.
218
303
  inferno_supported: 'yes'
@@ -223,12 +308,12 @@ procedure:
223
308
  Inferno additionally checks that the "authorization endpoint" and the
224
309
  "token endpoint" are consistent between the Capability Statement and
225
310
  the well-known endpoint.
226
- - id: AUTH-PATIENT-8
311
+ - id: AUT-PAT-8
227
312
  SUT: |
228
- [Both] The health IT developer demonstrates the ability of the
229
- Health IT Module to receive an authorization request according to
230
- the implementation specification adopted in § 170.215(a)(3),
231
- including support for the following parameters:
313
+ [Both] The health IT developer demonstrates the ability of the Health
314
+ IT Module to receive an authorization request according to the
315
+ implementation specification adopted in § 170.215(a)(3), including
316
+ support for the following parameters:
232
317
  * “response_type”;
233
318
  * “client_id”;
234
319
  * “redirect_uri”;
@@ -249,138 +334,284 @@ procedure:
249
334
  * “state”; and
250
335
  * “aud”.
251
336
  inferno_supported: 'yes'
252
- inferno_tests:
253
- - 1.2.02 - 1.2.03
254
- - 3.2.04 - 3.2.05
255
- - id: AUTH-PATIENT-9
337
+ inferno_tests:
338
+ - 1.3.02 - 1.3.03
339
+ - 3.3.04 - 3.3.05
340
+ - id: AUT-PAT-26
341
+ SUT: |
342
+ [Both] The health IT developer demonstrates the ability of the Health
343
+ IT Module to receive an authorization request according to the
344
+ implementation specification adopted in § 170.215(a)(3), including
345
+ support for the following parameters:
346
+ * “response_type”;
347
+ * “client_id”;
348
+ * “redirect_uri”;
349
+ * “launch” (for EHR-Launch mode only);
350
+ * “scope”;
351
+ * “state”;
352
+ * “aud”;
353
+ * “code_challenge”; and
354
+ * “code_challenge_method”
355
+ TLV: |
356
+ [Both] The tester verifies the ability of the Health IT Module to
357
+ receive an authorization request according to the implementation
358
+ specification adopted in § 170.215(a)(3), including support for the
359
+ following parameters:
360
+ * “response_type”;
361
+ * “client_id”;
362
+ * “redirect_uri”;
363
+ * “launch” (for EHR-Launch mode only);
364
+ * “scope”;
365
+ * “state”;
366
+ * “aud”;
367
+ * “code_challenge”; and
368
+ * “code_challenge_method”
369
+ inferno_supported: 'yes'
370
+ inferno_tests:
371
+ - 1.4.02 - 1.4.03
372
+ - 3.4.04 - 3.4.05
373
+ - id: AUT-PAT-27
374
+ SUT: |
375
+ [Both] The health IT developer demonstrates the ability of the Health
376
+ IT Module’s Authorization Server to support the use of the HTTP GET
377
+ and POST methods at the Authorization Endpoint as detailed in the
378
+ implementation specification adopted in § 170.215(a)(3).
379
+ TLV: |
380
+ [Both] The tester verifies the ability of the Health IT Module’s
381
+ Authorization Server to support the use of the HTTP GET and POST
382
+ methods at the Authorization Endpoint as detailed in the
383
+ implementation specification adopted in § 170.215(a)(3).
384
+ inferno_supported: 'yes'
385
+ inferno_tests:
386
+ - 1.4.05 - 1.4.07
387
+ - 3.4.07 - 3.4.09
388
+ - id: AUT-PAT-9
389
+ SUT: |
390
+ [Both] The health IT developer demonstrates the ability of the Health
391
+ IT Module to support the receipt of the following scopes and
392
+ capabilities according to the implementation specification adopted in
393
+ § 170.215(a)(3) and standard adopted in § 170.215(b):
394
+ * “openid” (to support “sso-openid-connect” “SMART on FHIR® Core
395
+ Capability”);
396
+ * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR® Core
397
+ Capability”);
398
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
399
+ Core Capability” for EHR-Launch mode only);
400
+ * “smart_style_url” (to support “context-style” “SMART on FHIR® Core
401
+ Capability” for EHR-Launch mode only);
402
+ * “launch/patient” (to support “context-standalone-patient” “SMART on
403
+ FHIR® Core Capability” for Standalone-Launch mode only);
404
+ * “launch” (for EHR-Launch mode only);
405
+ * “offline_access” (to support “permission-offline” “SMART on FHIR®
406
+ Core Capability”);
407
+ * Patient-level scopes (to support “permission-patient” “SMART on
408
+ FHIR® Core Capability”); and
409
+ * User-level scopes (to support “permission-user” “SMART on FHIR® Core
410
+ Capability”).
411
+ TLV: |
412
+ [Both] The tester verifies the ability of the Health IT Module to
413
+ support the receipt of the following scopes according to the
414
+ implementation specification adopted in § 170.215(a)(3) and standard
415
+ adopted in § 170.215(b):
416
+ * “openid” (to support “sso-openid-connect” “SMART on FHIR® Core
417
+ Capability”);
418
+ * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR® Core
419
+ Capability”);
420
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
421
+ Core Capability” for EHR-Launch mode only);
422
+ * “smart_style_url” (to support “context-style” “SMART on FHIR® Core
423
+ Capability” for EHR-Launch mode only);
424
+ * “launch/patient” (to support “context-standalone-patient” “SMART on
425
+ FHIR® Core Capability” for Standalone-Launch mode only);
426
+ * “launch” (for EHR-Launch mode only);
427
+ * “offline_access” (to support “permission-offline” “SMART on FHIR®
428
+ Core Capability”);
429
+ * Patient-level scopes (to support “permission-patient” “SMART on
430
+ FHIR® Core Capability”); and
431
+ * User-level scopes (to support “permission-user” “SMART on FHIR® Core
432
+ Capability”).
433
+ inferno_supported: 'yes'
434
+ inferno_tests:
435
+ - 1.3.02
436
+ - 3.3.04
437
+ inferno_notes: |
438
+ This step refers to only the receipt of these scopes, which is covered in
439
+ Inferno in one step in each the EHR and Standalone launch cases. However,
440
+ it is not possible to tell if these scopes were properly granted until
441
+ verifying that the client has access to perform the necessary steps.
442
+ Inferno does this as well, but this mapping only refers to the 'receipt' portion
443
+ of the launch process.
444
+ - id: AUT-PAT-28
256
445
  SUT: |
257
446
  [Both] The health IT developer demonstrates the ability of the Health
258
447
  IT Module to support the receipt of the following scopes and
259
448
  capabilities according to the implementation specification adopted in
260
449
  § 170.215(a)(3) and standard adopted in § 170.215(b):
261
- * “openid” (to support “sso-openid-connect” “SMART on FHIR Core Capability”);
262
- * “fhirUser” (to support “sso-openid-connect” “SMART on FHIR Core Capability”);
263
- * “need_patient_banner” (to support “context-banner” “SMART on FHIR Core Capability” for EHR-Launch mode only);
264
- * “smart_style_url” (to support “context-style” “SMART on FHIR Core Capability” for EHR-Launch mode only);
265
- * “launch/patient” (to support “context-standalone-patient” “SMART on FHIR Core Capability” for Standalone-Launch mode only);
450
+ * “openid” (to support “sso-openid-connect” “SMART on FHIR®
451
+ Capability”);
452
+ * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR®
453
+ Capability”);
454
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
455
+ Capability” for EHR-Launch mode only);
456
+ * “smart_style_url” (to support “context-style” “SMART on FHIR®
457
+ Capability” for EHR-Launch mode only);
458
+ * “launch/patient” (to support “context-standalone-patient” “SMART on
459
+ FHIR® Capability” for Standalone-Launch mode only);
266
460
  * “launch” (for EHR-Launch mode only);
267
- * “offline_access” (to support “permission-offline” “SMART on FHIR Core Capability”);
268
- * Patient-level scopes(to support “permission-patient” “SMART on FHIR Core Capability”); and
269
- * User-level scopes (to support “permission-user” “SMART on FHIR Core Capability”).
461
+ * “offline_access” (to support “permission-offline” “SMART on FHIR®
462
+ Capability”);
463
+ * Patient-level scopes (to support “permission-patientand “SMART on
464
+ FHIR® Capability”); and
465
+ * User-level scopes (to support “permission-user” “SMART on FHIR®
466
+ Capability”).
467
+ * SMARTv2 scope syntax for patient-level and user-level scopes (to
468
+ support “permission-v2” “SMART on FHIR® Capability”)
270
469
  TLV: |
271
470
  [Both] The tester verifies the ability of the Health IT Module to
272
471
  support the receipt of the following scopes and capabilities according
273
472
  to the implementation specification adopted in § 170.215(a)(3) and
274
473
  standard adopted in § 170.215(b):
275
- * “openid” (to support “sso-openid-connect” “SMART on FHIR Core Capability”);
276
- * “fhirUser” (to support “sso-openid-connect” “SMART on FHIR Core Capability”);
277
- * “need_patient_banner” (to support “context-banner” “SMART on FHIR Core Capability” for EHR-Launch mode only);
278
- * “smart_style_url” (to support “context-style” “SMART on FHIR Core Capability” for EHR-Launch mode only);
279
- * “launch/patient” (to support “context-standalone-patient” “SMART on FHIR Core Capability” for Standalone-Launch mode only);
474
+ * “openid” (to support “sso-openid-connect” “SMART on FHIR®
475
+ Capability”);
476
+ * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR®
477
+ Capability”);
478
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
479
+ Capability” for EHR-Launch mode only);
480
+ * “smart_style_url” (to support “context-style” “SMART on FHIR®
481
+ Capability” for EHR-Launch mode only);
482
+ * “launch/patient” (to support “context-standalone-patient” “SMART on
483
+ FHIR® Capability” for Standalone-Launch mode only);
280
484
  * “launch” (for EHR-Launch mode only);
281
- * “offline_access” (to support “permission-offline” “SMART on FHIR Core Capability”);
282
- * Patient-level scopes (to support “permission-patient” “SMART on FHIR Core Capability”); and
283
- * User-level scopes (to support “permission-user” “SMART on FHIR Core Capability”).
485
+ * “offline_access” (to support “permission-offline” “SMART on FHIR®
486
+ Capability”);
487
+ * Patient-level scopes (to support “permission-patientand “SMART on
488
+ FHIR® Capability”); and
489
+ * User-level scopes (to support “permission-user” “SMART on FHIR®
490
+ Capability”).
491
+ * SMARTv2 scope syntax for patient-level and user-level scopes (to
492
+ support “permission-v2” “SMART on FHIR® Capability”)
284
493
  inferno_supported: 'yes'
285
494
  inferno_tests:
286
- - 1.2.02
287
- - 3.2.05
495
+ - 1.4.02
496
+ - 3.4.04
288
497
  inferno_notes: |
289
498
  This step refers to only the receipt of these scopes, which is covered in
290
499
  Inferno in one step in each the EHR and Standalone launch cases. However,
291
500
  it is not possible to tell if these scopes were properly granted until
292
- verifying that the client has access to perform the necessary steps.
501
+ verifying that the client has access to perform the necessary steps.
293
502
  Inferno does this as well, but this mapping only refers to the 'receipt' portion
294
503
  of the launch process.
295
- - id: AUTH-PATIENT-10
504
+ - id: AUT-PAT-10
296
505
  SUT: |
297
- [Both] The health IT developer demonstrates the ability of the
298
- Health IT Module to evaluate the authorization request and
299
- request end-user input, if applicable (required for patient-facing
300
- applications), including the ability for the end-user to authorize an
301
- application to receive Electronic Health Information (EHI) based
302
- on FHIR resource-level scopes for all of the FHIR resources
303
- associated with the profiles specified in the standard adopted in
304
- § 170.213 and implementation specification adopted in
305
- § 170.215(a)(2), including:
306
- * "AllergyIntolerance";
307
- * "CarePlan";
308
- * "CareTeam";
309
- * "Condition";
310
- * "Device";
311
- * "DiagnosticReport";
312
- * "DocumentReference";
313
- * "Goal";
314
- * "Immunization";
315
- * "Medication" (if supported);
316
- * "MedicationRequest";
317
- * "Observation";
318
- * "Patient";
319
- * "Procedure"; and
320
- * "Provenance".
506
+ [Both] The health IT developer demonstrates the ability of the Health
507
+ IT Module to evaluate the authorization request and request end-user
508
+ input, if applicable (required for patient-facing applications),
509
+ including the ability for the end-user to authorize an application to
510
+ receive EHI based on FHIR® resource-level scopes for all of the FHIR®
511
+ resources associated with the profiles specified in the standard
512
+ adopted in § 170.213 and implementation specification adopted in
513
+ § 170.215(a)(2).
514
+
515
+ If using US Core 3.1.1, 4.0.0, or 5.0.1, these resources include:
516
+ * “AllergyIntolerance”;
517
+ * “CarePlan”;
518
+ * “CareTeam”;
519
+ * “Condition”;
520
+ * “Device”;
521
+ * “DiagnosticReport”;
522
+ * “DocumentReference”;
523
+ * “Goal”;
524
+ * “Immunization”;
525
+ * “Medication” (if supported);
526
+ * “MedicationRequest”;
527
+ * “Observation”;
528
+ * “Patient”;
529
+ * “Procedure”; and
530
+ * “Provenance”.
531
+
532
+ Additionally, the following resources must be supported if using US
533
+ Core 5.0.1:
534
+ * “Encounter”;
535
+ * “RelatedPerson”; and
536
+ * “ServiceRequest”
321
537
  TLV: |
322
- [Both] The tester verifies the ability of the
323
- Health IT Module to evaluate the authorization request and
324
- request end-user input, if applicable (required for patient-facing
325
- applications), including the ability for the end-user to authorize an
326
- application to receive Electronic Health Information (EHI) based
327
- on FHIR resource-level scopes for all of the FHIR resources
538
+ [Both] The tester verifies the ability of the Health IT Module to
539
+ evaluate the authorization request and request end-user input, if
540
+ applicable (required for patient-facing applications), including the
541
+ ability for the end-user to authorize an application to receive EHI
542
+ based on FHIR® resource-level scopes for all of the FHIR® resources
328
543
  associated with the profiles specified in the standard adopted in
329
- § 170.213 and implementation specification adopted in
330
- § 170.215(a)(2), including:
331
- * "AllergyIntolerance";
332
- * "CarePlan";
333
- * "CareTeam";
334
- * "Condition";
335
- * "Device";
336
- * "DiagnosticReport";
337
- * "DocumentReference";
338
- * "Goal";
339
- * "Immunization";
340
- * "Medication" (if supported);
341
- * "MedicationRequest";
342
- * "Observation";
343
- * "Patient";
344
- * "Procedure"; and
345
- * "Provenance".
346
- inferno_supported: 'yes'
347
- inferno_tests:
348
- - 1.2.02
349
- - 1.2.05
350
- - 3.2.04
351
- - 3.2.07
544
+ § 170.213 and implementation specification adopted in § 170.215(a)(2).
545
+
546
+ If using US Core 3.1.1, 4.0.0, or 5.0.1, these resources include:
547
+ * “AllergyIntolerance”;
548
+ * “CarePlan”;
549
+ * “CareTeam”;
550
+ * “Condition”;
551
+ * “Device”;
552
+ * “DiagnosticReport”;
553
+ * “DocumentReference”;
554
+ * “Goal”;
555
+ * “Immunization”;
556
+ * “Medication” (if supported);
557
+ * “MedicationRequest”;
558
+ * “Observation”;
559
+ * “Patient”;
560
+ * “Procedure”; and
561
+ * “Provenance”.
562
+
563
+ Additionally, the following resources must be supported if using US
564
+ Core 5.0.1:
565
+ * “Encounter”;
566
+ * “RelatedPerson”; and
567
+ * “ServiceRequest”
568
+ inferno_supported: 'yes'
569
+ inferno_tests:
570
+ - 1.3.02
571
+ - 1.3.05
572
+ - 1.4.02
573
+ - 1.4.05
574
+ - 3.3.04
575
+ - 3.3.07
576
+ - 3.4.04
577
+ - 3.4.07
352
578
  - 2.1.02
353
579
  - 2.1.05
354
- - 1.5.01 - 1.5.14
355
- - 2.2.01 - 2.2.13
580
+ - 2.2.02
581
+ - 2.2.05
582
+ - 1.7.01 - 1.7.16
583
+ - 2.3.01 - 2.3.15
356
584
  inferno_notes: |
357
585
  Inferno verifies that end-user input is requested by requiring one app
358
586
  launch have complete access to required resources and having one app
359
587
  launch have limited access based on the preferences of the tester.
360
- - id: AUTH-PATIENT-11
588
+ - id: AUT-PAT-11
361
589
  SUT: |
362
- [Both] The health IT developer demonstrates the ability of the
363
- Health IT Module to evaluate the authorization request and request
364
- end-user input, if applicable (required for patient-facing
365
- applications), including either the ability for the end-user to
366
- explicitly enable / disable the “offline_access” scope or
367
- information communicating the application’s request for the
368
- “offline_access” scope.
369
- TLV: |
590
+ [Both] The health IT developer demonstrates the ability of the Health
591
+ IT Module to evaluate the authorization request and request end-user
592
+ input, if applicable (required for patient-facing applications),
593
+ including either the ability for the end-user to explicitly enable /
594
+ disable the “offline_access” scope or information communicating the
595
+ application’s request for the “offline_access” scope.
596
+ TLV: |
370
597
  [Both] The tester verifies the ability of the Health IT Module to
371
598
  evaluate the authorization request and request end-user input, if
372
599
  applicable (required for patient-facing applications), including
373
- either the ability for the end-user to explicitly enable / disable
374
- the “offline_access” scope or information communicating the
375
- application’s request for the “offline_access” scope.
600
+ either the ability for the end-user to explicitly enable / disable the
601
+ “offline_access” scope or information communicating the application’s
602
+ request for the “offline_access” scope.
376
603
  inferno_supported: 'yes'
377
604
  inferno_tests:
378
- - 1.2.02
379
- - 1.2.05
605
+ - 1.3.02
606
+ - 1.3.05
607
+ - 1.4.02
608
+ - 1.4.05
380
609
  - 2.1.02
381
610
  - 2.1.05
382
- - 1.5.01 - 1.5.14
383
- - 2.2.01 - 2.2.13
611
+ - 2.2.02
612
+ - 2.2.05
613
+ - 1.7.01 - 1.7.16
614
+ - 2.3.01 - 2.3.15
384
615
  inferno_notes: |
385
616
  Inferno verifies that end-user input is requested by requiring one app
386
617
  launch have complete access to required resources and having one app
@@ -388,26 +619,31 @@ procedure:
388
619
  Inferno requests full resource and 'offline_access' access, and the tester
389
620
  is expected to select the correct subset of resources and deny 'offline_access'
390
621
  based on previously selected preferences.
391
- - id: AUTH-PATIENT-12
622
+ - id: AUT-PAT-12
392
623
  SUT: |
393
624
  [Both] The health IT developer demonstrates the ability of the Health
394
625
  IT Module to deny an application’s authorization request according to
395
- a patient’s preferences selected in steps 10 and 11 of this section in
396
- accordance with the implementation specification adopted in §
397
- 170.215(a)(3).
626
+ a patient’s preferences selected in AUT-PAT-10, and AUT-PAT-11, of
627
+ this section in accordance with the implementation specification
628
+ adopted in § 170.215(a)(3).
398
629
  TLV: |
399
630
  [Both] The tester verifies the ability of the Health IT Module to deny
400
631
  an application’s authorization request according to a patient’s
401
- preferences selected in steps 10 and 11 of this section in accordance
402
- with the implementation specification adopted in § 170.215(a)(3).
632
+ preferences selected in AUT-PAT-10, and AUT-PAT-11, of this section in
633
+ accordance with the implementation specification adopted in §
634
+ 170.215(a)(3).
403
635
  inferno_supported: 'yes'
404
636
  inferno_tests:
405
- - 1.2.02
406
- - 1.2.05
637
+ - 1.3.02
638
+ - 1.3.05
639
+ - 1.4.02
640
+ - 1.4.05
407
641
  - 2.1.02
408
642
  - 2.1.05
409
- - 1.5.01 - 1.5.14
410
- - 2.2.01 - 2.2.13
643
+ - 2.2.02
644
+ - 2.2.05
645
+ - 1.7.01 - 1.7.16
646
+ - 2.3.01 - 2.3.15
411
647
  inferno_notes: |
412
648
  Inferno verifies that end-user input is requested by requiring one app
413
649
  launch have complete access to required resources and having one app
@@ -415,139 +651,222 @@ procedure:
415
651
  Inferno requests full resource and 'offline_access' access, and the tester
416
652
  is expected to select the correct subset of resources and deny 'offline_access'
417
653
  based on previously selected preferences.
418
- - id: AUTH-PATIENT-13
654
+ - id: AUT-PAT-29
655
+ SUT: |
656
+ [EHR-Launch] The health IT developer demonstrates the ability of the
657
+ Health IT Module to establish a patient in context if an application
658
+ requests a clinical scope which is restricted to a single patient as
659
+ detailed in the implementation specification adopted in §
660
+ 170.215(a)(3).
661
+ TLV: |
662
+ [EHR-Launch] The tester verifies the ability of the Health IT Module
663
+ to establish a patient in context if an application requests a
664
+ clinical scope which is restricted to a single patient as detailed in
665
+ the implementation specification adopted in § 170.215(a)(3).
666
+ inferno_supported: 'yes'
667
+ inferno_tests:
668
+ - 9.9.01 - 9.9.10
669
+ - id: AUT-PAT-13
419
670
  SUT: |
420
671
  [Both] The health IT developer demonstrates the ability of the Health
421
672
  IT Module to return an error response if the "aud" parameter provided
422
- by an application to the Health IT Module in Step 8, is not a valid
673
+ by an application to the Health IT Module in AUT-PAT-8, is not a valid
423
674
  FHIR® resource server associated with the Health IT Module's
424
675
  authorization server.
425
676
  TLV: |
426
677
  [Both] The tester verifies the ability of the Health IT Module to
427
678
  return an error response if the "aud" parameter provided by an
428
- application to the Health IT Module in Step 8, is not a valid FHIR®
679
+ application to the Health IT Module in AUT-PAT-8, is not a valid FHIR®
429
680
  resource server associated with the Health IT Module's authorization
430
681
  server.
431
682
  inferno_supported: 'yes'
432
683
  inferno_tests:
433
- - 6.3.01 - 6.3.02
434
- - id: AUTH-PATIENT-14
684
+ - 9.4.01 - 9.4.03
685
+ - id: AUT-PAT-14
435
686
  SUT: |
436
- [Both] The health IT developer demonstrates the ability of the
437
- Health IT Module to grant an application access to EHI by
438
- returning an authorization code to the application according to
439
- the implementation specification adopted in § 170.215(a)(3),
440
- including the following parameters:
687
+ [Both] The health IT developer demonstrates the ability of the Health
688
+ IT Module to grant an application access to EHI by returning an
689
+ authorization code to the application according to the implementation
690
+ specification adopted in § 170.215(a)(3), including the following
691
+ parameters:
441
692
  * “code”; and
442
693
  * “state”.
443
694
  TLV: |
444
- [Both] The tester verifies the ability of the
445
- Health IT Module to grant an application access to EHI by
446
- returning an authorization code to the application according to
447
- the implementation specification adopted in § 170.215(a)(3),
448
- including the following parameters:
695
+ [Both] The tester verifies the ability of the Health IT Module to
696
+ grant an application access to EHI by returning an authorization code
697
+ to the application according to the implementation specification
698
+ adopted in § 170.215(a)(3), including the following parameters:
449
699
  * “code”; and
450
700
  * “state”.
451
701
  inferno_supported: 'yes'
452
- inferno_tests:
453
- - 1.2.03
454
- - 3.2.05
455
- - id: AUTH-PATIENT-15
702
+ inferno_tests:
703
+ - 1.3.03
704
+ - 1.4.03
705
+ - 3.3.05
706
+ - 3.4.05
707
+ - id: AUT-PAT-15
456
708
  SUT: |
457
- [Both] The health IT developer demonstrates the ability of the
458
- Health IT Module to receive the following parameters from an
459
- application according to the implementation specification adopted
460
- in § 170.215(a)(3):
709
+ [Both] The health IT developer demonstrates the ability of the Health
710
+ IT Module to receive the following parameters from an application
711
+ according to the implementation specification adopted in §
712
+ 170.215(a)(3):
461
713
  * “grant_type”;
462
714
  * “code”;
463
715
  * “redirect_uri”;
464
716
  * “client_id”; and
465
- * Authorization header including “client_id” and "client_secret"
717
+ * Authorization header including “client_id” and client_secret”.
466
718
  TLV: |
467
- [Both] The tester verifies the ability of the
468
- Health IT Module to receive the following parameters from an
469
- application according to the implementation specification adopted
470
- in § 170.215(a)(3):
719
+ [Both] The tester verifies the ability of the Health IT Module to
720
+ receive the following parameters from an application according to the
721
+ implementation specification adopted in § 170.215(a)(3):
471
722
  * “grant_type”;
472
723
  * “code”;
473
724
  * “redirect_uri”;
474
725
  * “client_id”; and
475
- * Authorization header including “client_id” and "client_secret"
726
+ * Authorization header including “client_id” and client_secret”.
476
727
  inferno_supported: 'yes'
477
728
  inferno_tests:
478
- - 1.2.05
479
- - 3.2.07
729
+ - 1.3.05
730
+ - 3.3.07
480
731
  inferno_notes: |
481
732
  "client_secret" is only provided in the case of confidential clients.
482
- - id: AUTH-PATIENT-16
733
+ - id: AUT-PAT-30
483
734
  SUT: |
484
- [Both] The health IT developer demonstrates the ability of the
485
- Health IT Module to return a JSON object to applications according
486
- to the implementation specification adopted in § 170.215(a)(3)
487
- and standard adopted in § 170.215(b), including the following:
735
+ [Both] The health IT developer demonstrates the ability of the Health
736
+ IT Module to receive the following access token request parameters
737
+ from an application according to the implementation specification
738
+ adopted in § 170.215(a)(3):
739
+ * “grant_type”;
740
+ * “code”;
741
+ * “redirect_uri”;
742
+ * “code_verifier”;
743
+ * “client_id”; and
744
+ * Authorization header including “client_id” and “client_secret”.
745
+ TLV: |
746
+ [Both] The tester verifies the ability of the Health IT Module to
747
+ receive the following access token request parameters from an
748
+ application according to the implementation specification adopted in §
749
+ 170.215(a)(3):
750
+ * “grant_type”;
751
+ * “code”;
752
+ * “redirect_uri”;
753
+ * “code_verifier”;
754
+ * “client_id”; and
755
+ * Authorization header including “client_id” and “client_secret”.
756
+ inferno_supported: 'yes'
757
+ inferno_tests:
758
+ - 1.3.05
759
+ - 3.3.07
760
+ - id: AUT-PAT-31
761
+ SUT: |
762
+ [Both] The health IT developer demonstrates the ability of the Health
763
+ IT Module to return an error response if an invalid “code_verifier”
764
+ value is supplied with an access token request according to the
765
+ implementation specification adopted in § 170.215(a)(3).
766
+ TLV: |
767
+ [Both] The tester verifies the ability of the Health IT Module to
768
+ return an error response if an invalid “code_verifier” value is
769
+ supplied with an access token request according to the implementation
770
+ specification adopted in § 170.215(a)(3).
771
+ inferno_supported: 'yes'
772
+ inferno_tests:
773
+ - 1.4.05
774
+ - 3.4.07
775
+ - id: AUT-PAT-16
776
+ SUT: |
777
+ [Both] The health IT developer demonstrates the ability of the Health
778
+ IT Module to return a JSON object to applications according to the
779
+ implementation specification adopted in § 170.215(a)(3) and standard
780
+ adopted in § 170.215(b), including the following:
488
781
  * “access_token”;
489
782
  * “token_type”;
490
783
  * “scope”;
491
784
  * “id_token”;
492
- * “refresh_token” (valid for a period of no shorter than three months);
493
- * HTTP “Cache-Control” response header field with a value of “no-store”;
494
- * HTTP “Pragma” response header field with a value of “nocache”;
495
- * patient” (to support “context-ehr-patient” and “contextstandalone-patient” “SMART on FHIR Core Capabilities”);
496
- * “need_patient_banner(to support “context-banner” “SMART on FHIR Core Capability” for EHR-Launch mode only); and
497
- * “smart_style_url” (to support “context-style“SMART on FHIR Core Capability” for EHR-Launch mode only).
785
+ * “refresh_token” (valid for a period of no shorter than three
786
+ months);
787
+ * HTTP “Cache-Control” response header field with a value of
788
+ no-store”;
789
+ * HTTP Pragmaresponse header field with a value of “no-cache”;
790
+ * “patient” (to support “context-ehr-patientand
791
+ “context-standalone-patient” “SMART on FHIR® Core Capabilities”);
792
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
793
+ Core Capability” for EHR-Launch mode only); and
794
+ * “smart_style_url” (to support “context-style” “SMART on FHIR® Core
795
+ Capability” for EHR-Launch mode only).
796
+
797
+ Additionally, the following must be supported if using US Core 5.0.1:
798
+ * “encounter” (to support"context-ehr-encounter" “SMART on FHIR®
799
+ Capability”)
498
800
  TLV: |
499
- [Both] The tester verifies the ability of the
500
- Health IT Module to return a JSON object to applications according
501
- to the implementation specification adopted in § 170.215(a)(3)
502
- and standard adopted in § 170.215(b), including the following:
801
+ [Both] The tester verifies the ability of the Health IT Module to
802
+ return a JSON object to applications according to the implementation
803
+ specification adopted in § 170.215(a)(3) and standard adopted in §
804
+ 170.215(b), including the following:
503
805
  * “access_token”;
504
806
  * “token_type”;
505
807
  * “scope”;
506
808
  * “id_token”;
507
- * “refresh_token” (valid for a period of no shorter than three months);
508
- * HTTP “Cache-Control” response header field with a value of “no-store”;
509
- * HTTP “Pragma” response header field with a value of “nocache”;
510
- * patient” (to support “context-ehr-patient” and “contextstandalone-patient” “SMART on FHIR Core Capabilities”);
511
- * “need_patient_banner(to support “context-banner” “SMART on FHIR Core Capability” for EHR-Launch mode only); and
512
- * “smart_style_url” (to support “context-style“SMART on FHIR Core Capability” for EHR-Launch mode only).
809
+ * “refresh_token” (valid for a period of no shorter than three
810
+ months);
811
+ * HTTP “Cache-Control” response header field with a value of
812
+ no-store”;
813
+ * HTTP Pragmaresponse header field with a value of “no-cache”;
814
+ * “patient” (to support “context-ehr-patientand
815
+ “context-standalone-patient” “SMART on FHIR® Core Capabilities”);
816
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
817
+ Core Capability” for EHR-Launch mode only); and
818
+ * “smart_style_url” (to support “context-style” “SMART on FHIR® Core
819
+ Capability” for EHR-Launch mode only).
820
+
821
+ Additionally, the following must be supported if using US Core 5.0.1:
822
+ * “encounter” (to support"context-ehr-encounter" “SMART on FHIR®
823
+ Capability”)
513
824
  inferno_supported: 'yes'
514
- inferno_tests:
515
- - 1.2.06 - 1.2.07
516
- - 3.2.08 - 3.2.09
517
- - id: AUTH-PATIENT-17
825
+ inferno_tests:
826
+ - 1.3.06 - 1.3.07
827
+ - 1.4.06 - 1.4.07
828
+ - 3.3.08 - 3.3.09
829
+ - 3.3.13
830
+ - 3.4.08 - 3.4.09
831
+ - 3.4.13
832
+ - 9.8.08 - 9.8.09
833
+ - 9.9.08 - 9.9.09
834
+ - id: AUT-PAT-17
518
835
  SUT: |
519
- [Both] The health IT developer demonstrates the ability of the
520
- Health IT Module to provide an OpenID Connect well-known URI in
521
- accordance with the implementation specification adopted in §
522
- 170.215(b), including:
523
- * All required fields populated according to implementation specification adopted in § 170.215(b)
524
- * Valid JWKS populated according to implementation specification can be retrieved via JWKS URI
836
+ [Both] The health IT developer demonstrates the ability of the Health
837
+ IT Module to provide an OpenID Connect well-known URI in accordance
838
+ with the implementation specification adopted in § 170.215(b),
839
+ including:
840
+ * All required fields populated according to implementation
841
+ specification adopted in § 170.215(b); and
842
+ * Valid JWKS populated according to implementation specification can
843
+ be retrieved via JWKS URI.
525
844
  TLV: |
526
- [Both] The tester verfies the ability of the Health IT Module to
845
+ [Both] The tester verifies the ability of the Health IT Module to
527
846
  provide an OpenID Connect well-known URI in accordance with the
528
847
  implementation specification adopted in § 170.215(b), including:
529
- * All required fields populated according to implementation specification adopted in § 170.215(b)
530
- * Valid JWKS populated according to implementation specification can be retrieved via JWKS URI
848
+ * All required fields populated according to implementation
849
+ specification adopted in § 170.215(b); and
850
+ * Valid JWKS populated according to implementation specification can
851
+ be retrieved via JWKS URI.
531
852
  inferno_supported: 'yes'
532
853
  inferno_tests:
533
- - 1.3.01 - 1.3.07
534
- - 3.3.01 - 3.3.07
854
+ - 1.5.01 - 1.5.07
855
+ - 3.5.01 - 3.5.07
535
856
  inferno_notes: |
536
857
  Inferno decodes the id_token provided during authentication and
537
858
  verifies that it contains the correct claims, has a valid signature,
538
859
  and the fhirUser claim contains a reference to the current user that
539
860
  can be retreived using the bearer token provided during the application launch.
540
- - id: AUTH-PATIENT-18
861
+ - id: AUT-PAT-18
541
862
  SUT: |
542
- [Both] The health IT developer demonstrates the ability of the
543
- Health IT Module to deny an application’s authorization request in
544
- accordance with the implementation specification adopted in §
545
- 170.215(a)(3).
863
+ [Both] The health IT developer demonstrates the ability of the Health
864
+ IT Module to deny an application’s authorization request in accordance
865
+ with the implementation specification adopted in § 170.215(a)(3).
546
866
  TLV: |
547
- [Both] The tester demonstrates the ability of the
548
- Health IT Module to deny an application’s authorization request in
549
- accordance with the implementation specification adopted in §
550
- 170.215(a)(3).
867
+ [Both] The tester verifies the ability of the Health IT Module to deny
868
+ an application’s authorization request in accordance with the
869
+ implementation specification adopted in § 170.215(a)(3).
551
870
  inferno_supported: 'yes'
552
871
  inferno_notes: |
553
872
  Inferno verifies that the user has the ability to explicitly authorize
@@ -556,98 +875,118 @@ procedure:
556
875
  are denied.
557
876
  inferno_tests:
558
877
  - 2.1.02 - 2.1.09
559
- - 2.2.01 - 2.2.13
560
- - 6.4.01 - 6.4.04
561
- - id: AUTH-PATIENT-19
878
+ - 2.2.02 - 2.2.09
879
+ - 2.3.01 - 2.3.15
880
+ - 9.5.01 - 9.5.04
881
+ - 9.6.01 - 9.6.04
882
+ - id: AUT-PAT-19
562
883
  SUT: |
563
- [Standalone-Launch] The health IT developer the ability of the Health IT
564
- Module to return a “Patient” FHIR resource that matches the
565
- patient context provided in step 9 of this section according to the
566
- implementation specification adopted in § 170.215(a)(2).
884
+ [Both] The health IT developer demonstrates the ability of the Health
885
+ IT Module to return a “Patient” FHIR® resource that matches the
886
+ patient context provided in step AUT-PAT-9 of this section according
887
+ to the implementation specification adopted in § 170.215(a)(2).
567
888
  TLV: |
568
- [Standalone-Launch] The tester verifies the ability of the Health IT
569
- Module to return a “Patient” FHIR resource that matches the
570
- patient context provided in step 9 of this section according to the
889
+ [Both] The tester verifies the ability of the Health IT Module to
890
+ return a “Patient” FHIR® resource that matches the patient context
891
+ provided in step AUT-PAT-9 of this section according to the
571
892
  implementation specification adopted in § 170.215(a)(2).
572
893
  inferno_supported: 'yes'
573
894
  inferno_tests:
574
- - 1.2.08
575
- - 3.2.12
576
- - id: AUTH-PATIENT-20
895
+ - 1.3.10
896
+ - 1.4.10
897
+ - 3.3.12
898
+ - 3.4.12
899
+ - 9.8.10
900
+ - 9.9.10
901
+ - id: AUT-PAT-32
577
902
  SUT: |
578
- [Both] The health IT developer demonstrates the ability of the
579
- Health IT Module to grant an access token when a refresh token is
580
- supplied according to the implementation specification adopted in
581
- § 170.215(a)(2).
903
+ [EHR-Launch] The following must be supported if using US Core 5.0.1:
904
+ The health IT developer demonstrates the ability of the Health IT
905
+ Module to return an “Encounter” FHIR® resource that matches the
906
+ encounter context provided in step AUT-PAT-9 of this section according
907
+ to the implementation specification adopted in § 170.215(a)(2).
582
908
  TLV: |
583
- [Both] The health IT developer demonstrates the ability of the
584
- Health IT Module to grant an access token when a refresh token is
585
- supplied according to the implementation specification adopted in
586
- § 170.215(a)(2).
909
+ [EHR-Launch] The following must be supported if using US Core 5.0.1:
910
+ The tester verifies the ability of the Health IT Module to return an
911
+ “Encounter” FHIR® resource that matches the encounter context provided
912
+ in step AUT-PAT-9 of this section according to the implementation
913
+ specification adopted in § 170.215(a)(2).
587
914
  inferno_supported: 'yes'
588
915
  inferno_tests:
589
- - 1.4.03 - 1.4.05
590
- - 3.4.05 - 3.4.05
591
- - id: AUTH-PATIENT-21
916
+ - 3.3.13
917
+ - 3.4.13
918
+ - id: AUT-PAT-20
592
919
  SUT: |
593
- [Both] The health IT developer demonstrates the ability of the
594
- Health IT Module to grant a refresh token valid for a period of no
595
- less than three months to native applications capable of storing a
596
- refresh token.
920
+ [Both] The health IT developer demonstrates the ability of the Health
921
+ IT Module to grant an access token when a refresh token is supplied
922
+ according to the implementation specification adopted in §
923
+ 170.215(a)(2).
597
924
  TLV: |
598
925
  [Both] The tester verifies the ability of the Health IT Module to
599
- grant a refresh token valid for a period of no less than three
600
- months to native applications capable of storing a refresh token.
926
+ grant an access token when a refresh token is supplied according to
927
+ the implementation specification adopted in § 170.215(a)(2).
601
928
  inferno_supported: 'yes'
602
929
  inferno_tests:
603
- - 6.5.13
930
+ - 1.6.03 - 1.6.05
931
+ - 3.6.05 - 3.6.05
932
+ - id: AUT-PAT-21
933
+ SUT: |
934
+ [Both] The health IT developer demonstrates the ability of the Health
935
+ IT Module to grant a refresh token valid for a period of no less than
936
+ three months to native applications capable of securing a refresh
937
+ token.
938
+ TLV: |
939
+ [Both] The tester verifies the ability of the Health IT Module to
940
+ grant a refresh token valid for a period of no less than three months
941
+ to native applications capable of securing a refresh token.
942
+ inferno_supported: 'yes'
943
+ inferno_tests:
944
+ - 9.10.13
604
945
  - group: 'Subsequent Connections: Authentication and Authorization for Patient and User Scopes'
605
- id: AUTH-PATIENT-22
606
- SUT: |
946
+ id: AUT-PAT-22
947
+ SUT: |
607
948
  The health IT developer demonstrates the ability of the Health IT
608
- Module to issue a new refresh token valid for a new period of no
609
- shorter than three months without requiring re-authentication
610
- and re-authorization when a valid refresh token is supplied by the
611
- application according to the implementation specification adopted
612
- in § 170.215(a)(3).
613
- TLV: |
614
- The tester verifies the ability of the Health IT
615
- Module to issue a new refresh token valid for a new period of no
616
- shorter than three months without requiring re-authentication
617
- and re-authorization when a valid refresh token is supplied by the
618
- application according to the implementation specification adopted
619
- in § 170.215(a)(3).
620
- inferno_supported: 'yes'
621
- inferno_tests:
622
- - 6.5.05
949
+ Module to issue a refresh token valid for a new period of no shorter
950
+ than three months without requiring re-authentication and
951
+ re-authorization when a valid refresh token is supplied by the
952
+ application according to the implementation specification adopted in §
953
+ 170.215(a)(3).
954
+ TLV: |
955
+ The tester verifies the ability of the Health IT Module to issue a
956
+ refresh token valid for a new period of no shorter than three months
957
+ without requiring re-authentication and re-authorization when a valid
958
+ refresh token is supplied by the application according to the
959
+ implementation specification adopted in § 170.215(a)(3).
960
+ inferno_supported: 'yes'
961
+ inferno_tests:
962
+ - 9.10.05
623
963
  inferno_notes: |
624
964
  Inferno cannot verify the three month token expiration requirement
625
965
  automatically during the token refresh tests, but the tester can
626
966
  register an attestation that this requirement is met.
627
- - id: AUTH-PATIENT-23
967
+ - id: AUT-PAT-23
628
968
  SUT: |
629
969
  The health IT developer demonstrates the ability of the Health IT
630
- Module to return an error response when supplied an invalid
631
- refresh token as specified in the implementation specification
632
- adopted in § 170.215(a)(3).
970
+ Module to return an error response when supplied an invalid refresh
971
+ token as specified in the implementation specification adopted in §
972
+ 170.215(a)(3).
633
973
  TLV: |
634
- The tester verifies the ability of the Health IT
635
- Module to return an error response when supplied an invalid
636
- refresh token as specified in the implementation specification
637
- adopted in § 170.215(a)(3).
974
+ The tester verifies the ability of the Health IT Module to return an
975
+ error response when supplied an invalid refresh token as specified in
976
+ the implementation specification adopted in § 170.215(a)(3).
638
977
  inferno_supported: 'yes'
639
978
  inferno_tests:
640
- - 1.4.01 - 1.4.02
641
- - 3.4.01 - 3.4.02
979
+ - 1.6.06
980
+ - 3.6.06
642
981
  - section: Paragraph (g)(10)(vi) – Patient authorization revocation
643
982
  steps:
644
983
  - group: Patient Authorization Revocation
645
- id: REVOCATION-1
984
+ id: PAR-1
646
985
  SUT: |
647
- The health IT developer demonstrates the ability of the Health IT Module to revoke
648
- access to an authorized application at a patient’s direction,
649
- including a demonstration of the inability of the application with
650
- revoked access to receive patient EHI.
986
+ The health IT developer demonstrates the ability of the Health IT
987
+ Module to revoke access to an authorized application at a patient’s
988
+ direction, including a demonstration of the inability of the
989
+ application with revoked access to receive patient EHI.
651
990
  TLV: |
652
991
  The tester verifies the ability of the Health IT Module to revoke
653
992
  access to an authorized application at a patient’s direction,
@@ -655,25 +994,25 @@ procedure:
655
994
  revoked access to receive patient EHI.
656
995
  inferno_supported: 'yes'
657
996
  inferno_tests:
658
- - 6.2.01 - 6.2.03
659
- - section: Authentication and authorization for system scopes
997
+ - 9.3.01 - 9.3.03
998
+ - section: Paragraph (g)(10)(v)(B) Authentication and authorization for system scopes
660
999
  steps:
661
1000
  - group: Authentication and Authorization for System Scopes
662
- id: AUTH-SYSTEM-1
1001
+ id: AUT-SYS-1
663
1002
  SUT: |
664
1003
  The health IT developer demonstrates the ability of the Health IT
665
1004
  Module to support OAuth 2.0 client credentials grant flow in
666
1005
  accordance with the implementation specification adopted in §
667
1006
  170.215(a)(4).
668
1007
  TLV: |
669
- The tester verfies the ability of the Health IT
670
- Module to support OAuth 2.0 client credentials grant flow in
671
- accordance with the implementation specification adopted in §
672
- 170.215(a)(4).
1008
+ The tester verifies the ability of the Health IT Module to support
1009
+ OAuth 2.0 client credentials grant flow in accordance with the
1010
+ implementation specification adopted in § 170.215(a)(4).
673
1011
  inferno_supported: 'yes'
674
1012
  inferno_tests:
675
- - 5.1.02 - 5.1.06
676
- - id: AUTH-SYSTEM-2
1013
+ - 7.1.02 - 7.1.06
1014
+ - 8.1.02 - 8.1.06
1015
+ - id: AUT-SYS-2
677
1016
  SUT: |
678
1017
  The health IT developer demonstrates the ability of the Health IT
679
1018
  Module to support the following parameters according to the
@@ -681,24 +1020,25 @@ procedure:
681
1020
  * “scope”;
682
1021
  * “grant_type”;
683
1022
  * “client_assertion_type”; and
684
- * “client_assertion
1023
+ * “client_assertion”.
685
1024
  TLV: |
686
- The tester verifies the ability of the Health IT
687
- Module to support the following parameters according to the
688
- implementation specification adopted in § 170.215(a)(4):
1025
+ The tester verifies the ability of the Health IT Module to support the
1026
+ following parameters according to the implementation specification
1027
+ adopted in § 170.215(a)(4):
689
1028
  * “scope”;
690
1029
  * “grant_type”;
691
1030
  * “client_assertion_type”; and
692
- * “client_assertion
1031
+ * “client_assertion”.
693
1032
  inferno_supported: 'yes'
694
1033
  inferno_tests:
695
- - 5.1.05
696
- - id: AUTH-SYSTEM-3
1034
+ - 7.1.05
1035
+ - 8.1.05
1036
+ - id: AUT-SYS-3
697
1037
  SUT: |
698
- The tester verifies the ability of the Health IT
699
- Module to support the following JSON Web Token (JWT) Headers
700
- and Claims according to the implementation specification adopted
701
- in § 170.215(a)(4):
1038
+ The health IT developer demonstrates the ability of the Health IT
1039
+ Module to support the following JSON Web Token (JWT) Headers and
1040
+ Claims according to the implementation specification adopted in §
1041
+ 170.215(a)(4):
702
1042
  * “alg” header;
703
1043
  * “kid” header;
704
1044
  * “typ” header;
@@ -708,10 +1048,9 @@ procedure:
708
1048
  * “exp” claim; and
709
1049
  * “jti” claim.
710
1050
  TLV: |
711
- The tester verifies the ability of the Health IT
712
- Module to support the following JSON Web Token (JWT) Headers
713
- and Claims according to the implementation specification adopted
714
- in § 170.215(a)(4):
1051
+ The tester verifies the ability of the Health IT Module to support the
1052
+ following JSON Web Token (JWT) Headers and Claims according to the
1053
+ implementation specification adopted in § 170.215(a)(4):
715
1054
  * “alg” header;
716
1055
  * “kid” header;
717
1056
  * “typ” header;
@@ -722,79 +1061,78 @@ procedure:
722
1061
  * “jti” claim.
723
1062
  inferno_supported: 'yes'
724
1063
  inferno_tests:
725
- - 5.1.05
726
- - id: AUTH-SYSTEM-4
1064
+ - 7.1.05
1065
+ - 8.1.05
1066
+ - id: AUT-SYS-4
727
1067
  SUT: |
728
- The tester verifies the ability of the Health IT
1068
+ The health IT developer demonstrates the ability of the Health IT
729
1069
  Module to receive and process the JSON Web Key (JWK) Set via a
730
1070
  TLS-protected URL to support authorization for system scopes in §
731
1071
  170.315(g)(10)(v)(B).
732
1072
  TLV: |
733
- The tester verifies the ability of the Health IT
734
- Module to receive and process the JSON Web Key (JWK) Set via a
735
- TLS-protected URL to support authorization for system scopes in §
736
- 170.315(g)(10)(v)(B).
1073
+ The tester verifies the ability of the Health IT Module to receive and
1074
+ process the JWK structure via a TLS-protected URL to support
1075
+ authorization for system scopes in § 170.315(g)(10)(v)(B).
737
1076
  inferno_supported: 'yes'
738
1077
  inferno_tests:
739
- - 5.1.05
740
- - id: AUTH-SYSTEM-5
1078
+ - 7.1.05
1079
+ - 8.1.05
1080
+ - id: AUT-SYS-5
741
1081
  SUT: |
742
- The health IT developer demonstrates that the Health IT Module
743
- does not cache a JWK Set received via a TLS-protected URL for
744
- longer than the “cache-control” header received by an application
745
- indicates.
1082
+ The health IT developer demonstrates that the Health IT Module does
1083
+ not cache a JWK Set received via a TLS-protected URL for longer than
1084
+ the “cache-control” header sent by an application indicates.
746
1085
  TLV: |
747
- The tester verifies the Health IT Module
748
- does not cache a JWK Set received via a TLS-protected URL for
749
- longer than the “cache-control” header received by an application
750
- indicates.
1086
+ The tester verifies that the Health IT Module does not cache a JWK Set
1087
+ received via a TLS-protected URL for longer than the “cache-control”
1088
+ header sent by an application indicates.
751
1089
  inferno_supported: 'yes'
752
1090
  inferno_notes: |
753
1091
  This test requires the tester to register an attestation from the
754
1092
  Health IT Module that the "cache-control" header is obeyed.
755
1093
  inferno_tests:
756
- - 6.5.10
757
- - id: AUTH-SYSTEM-6
1094
+ - 9.10.10
1095
+ - id: AUT-SYS-6
758
1096
  SUT: |
759
1097
  The health IT developer demonstrates the ability of the Health IT
760
1098
  Module to validate an application’s JWT, including its JSON Web
761
- Signatures, according to the implementation specification adopted
762
- in § 170.215(a)(4).
1099
+ Signatures, according to the implementation specification adopted in §
1100
+ 170.215(a)(4).
763
1101
  TLV: |
764
- The tester verifies the ability of the Health IT
765
- Module to validate an application’s JWT, including its JSON Web
766
- Signatures, according to the implementation specification adopted
767
- in § 170.215(a)(4).
1102
+ The tester verifies the ability of the Health IT Module to validate an
1103
+ application’s JWT, including its JSON Web Signatures, according to the
1104
+ implementation specification adopted in § 170.215(a)(4).
768
1105
  inferno_supported: 'yes'
769
1106
  inferno_tests:
770
- - 5.1.05
771
- - id: AUTH-SYSTEM-7
1107
+ - 7.1.05
1108
+ - 8.1.05
1109
+ - id: AUT-SYS-7
772
1110
  SUT: |
773
1111
  The health IT developer demonstrates the ability of the Health IT
774
1112
  Module to respond with an “invalid_client” error for errors
775
1113
  encountered during the authentication process according to the
776
1114
  implementation specification adopted in § 170.215(a)(4).
777
1115
  TLV: |
778
- The tester verifies the ability of the Health IT
779
- Module to respond with an “invalid_client” error for errors
780
- encountered during the authentication process according to the
781
- implementation specification adopted in § 170.215(a)(4).
1116
+ The tester verifies the ability of the Health IT Module to respond
1117
+ with an “invalid_client” error for errors encountered during the
1118
+ authentication process according to the implementation specification
1119
+ adopted in § 170.215(a)(4).
782
1120
  inferno_supported: 'yes'
783
1121
  inferno_tests:
784
- - 5.1.02 - 5.1.04
785
- - id: AUTH-SYSTEM-8
1122
+ - 7.1.02 - 7.1.04
1123
+ - 8.1.02 - 8.1.04
1124
+ - id: AUT-SYS-8
786
1125
  SUT: |
787
1126
  The health IT developer demonstrates the ability of the Health IT
788
- Module to assure the scope requested by an application is no
789
- greater than the pre-authorized scope for multiple patients
790
- according to the implementation specification adopted in §
1127
+ Module to assure the scope granted based on the scope requested by an
1128
+ application is no greater than the pre-authorized scope for multiple
1129
+ patients according to the implementation specification adopted in §
791
1130
  170.215(a)(4).
792
1131
  TLV: |
793
- The tester verifies the ability of the Health IT
794
- Module to assure the scope requested by an application is no
795
- greater than the pre-authorized scope for multiple patients
796
- according to the implementation specification adopted in §
797
- 170.215(a)(4).
1132
+ The tester verifies the ability of the Health IT Module to assure the
1133
+ scope granted based on the scope requested by an application is no
1134
+ greater than the pre-authorized scope for multiple patients according
1135
+ to the implementation specification adopted in § 170.215(a)(4).
798
1136
  inferno_supported: 'yes'
799
1137
  inferno_notes: |
800
1138
  There is no requirement for support of a subset of the resources
@@ -802,65 +1140,67 @@ procedure:
802
1140
  more than what was pre-authorized. The Health IT module must
803
1141
  demonstrate this and register its attestation within Inferno.
804
1142
  inferno_tests:
805
- - 6.5.08
806
- - id: AUTH-SYSTEM-9
1143
+ - 9.10.08
1144
+ - id: AUT-SYS-9
807
1145
  SUT: |
808
1146
  The health IT developer demonstrates the ability of the Health IT
809
- Module to issue an access token to an application as a JSON object
810
- in accordance with the implementation specification adopted in §
1147
+ Module to issue an access token to an application as a JSON object in
1148
+ accordance with the implementation specification adopted in §
811
1149
  170.215(a)(4), including the following property names:
812
1150
  * “access_token”;
813
1151
  * “token_type”;
814
1152
  * “expires_in”; and
815
- * “scope
1153
+ * “scope”.
816
1154
  TLV: |
817
- The tester verifies the ability of the Health IT
818
- Module to issue an access token to an application as a JSON object
819
- in accordance with the implementation specification adopted in §
820
- 170.215(a)(4), including the following property names:
1155
+ The tester verifies the ability of the Health IT Module to issue an
1156
+ access token to an application as a JSON object in accordance with the
1157
+ implementation specification adopted in § 170.215(a)(4), including the
1158
+ following property names:
821
1159
  * “access_token”;
822
1160
  * “token_type”;
823
1161
  * “expires_in”; and
824
- * “scope
1162
+ * “scope”.
825
1163
  inferno_supported: 'yes'
826
1164
  inferno_tests:
827
- - 5.1.06
828
- - id: AUTH-SYSTEM-10
1165
+ - 7.1.06
1166
+ - 8.1.06
1167
+ - id: AUT-SYS-10
829
1168
  SUT: |
830
1169
  The health IT developer demonstrates the ability of the Health IT
831
- Module to respond to errors using the appropriate error messages
832
- as specified in the implementation specification adopted in §
1170
+ Module to respond to errors using the appropriate error messages as
1171
+ specified in the implementation specification adopted in §
833
1172
  170.215(a)(4).
834
1173
  TLV: |
835
- The tester verifies the ability of the Health IT
836
- Module to respond to errors using the appropriate error messages
837
- as specified in the implementation specification adopted in §
838
- 170.215(a)(4).
1174
+ The tester verifies the ability of the Health IT Module to respond to
1175
+ errors using the appropriate error messages as specified in the
1176
+ implementation specification adopted in § 170.215(a)(4).
839
1177
  inferno_supported: 'yes'
840
1178
  inferno_tests:
841
- - 5.1.02 - 5.1.04
842
- - 5.2.03
1179
+ - 7.1.02 - 7.1.04
1180
+ - 8.1.02 - 8.1.04
1181
+ - 7.2.03
1182
+ - 8.2.03
843
1183
  - section: Paragraph (g)(10)(vii) – Token introspection
844
1184
  steps:
845
1185
  - group: Token Introspection
846
- id: INTROSPECTION-1
1186
+ id: TOK-INTRO-1
847
1187
  SUT: |
848
1188
  The health IT developer demonstrates the ability of the Health IT
849
1189
  Module to receive and validate a token it has issued.
850
1190
  TLV: |
851
- The tester verifies the ability of the Health IT
852
- Module to receive and validate a token it has issued.
1191
+ The tester verifies the ability of the Health IT Module to receive and
1192
+ validate a token it has issued.
853
1193
  inferno_supported: 'yes'
854
1194
  inferno_notes: |
855
1195
  No standard is required and therefore Inferno cannot do this in
856
1196
  an automated fashion and this is recorded as an attestation
857
1197
  within Inferno.
858
1198
  inferno_tests:
859
- - 6.5.06
1199
+ - 9.10.06
860
1200
  - section: Paragraph (g)(10)(ii) – Supported search operations
861
1201
  steps:
862
1202
  - group: Supported Search Operations for a Single Patient’s Data
863
- id: SEARCH-1
1203
+ id: SH-PAT-1
864
1204
  SUT: |
865
1205
  The health IT developer demonstrates the ability of the Health IT
866
1206
  Module to support the “capabilities” interaction as specified in the
@@ -869,32 +1209,33 @@ procedure:
869
1209
  170.215(a)(1) and implementation specification adopted in §
870
1210
  170.215(a)(2).
871
1211
  TLV: |
872
- The tester verfies the ability of the Health IT
873
- Module to support the “capabilities” interaction as specified in the
874
- standard adopted in § 170.215(a)(1), including support for a
875
- “CapabilityStatement” as specified in the standard adopted in §
876
- 170.215(a)(1) and implementation specification adopted in §
877
- 170.215(a)(2).
1212
+ The tester verifies the ability of the Health IT Module to support the
1213
+ “capabilities” interaction as specified in the standard adopted in §
1214
+ 170.215(a)(1), including support for a “CapabilityStatement” as
1215
+ specified in the standard adopted in § 170.215(a)(1) and
1216
+ implementation specification adopted in § 170.215(a)(2).
878
1217
  inferno_supported: 'yes'
879
1218
  inferno_tests:
880
1219
  - 4.1.02 - 4.1.05
881
- - id: SEARCH-2
1220
+ - 5.1.02 - 5.1.06
1221
+ - 6.1.02 - 6.1.06
1222
+ - id: SH-PAT-2
882
1223
  SUT: |
883
1224
  The health IT developer demonstrates the ability of the Health IT
884
- Module to respond to requests for a single patient’s data
885
- consistent with the search criteria detailed in the “US Core Server
1225
+ Module to respond to requests for a single patient’s data consistent
1226
+ with the search criteria detailed in the “US Core Server
886
1227
  CapabilityStatement” section of the implementation specification
887
- adopted in § 170.215(a)(2), including demonstrating search
888
- support for “SHALL” operations and parameters for all the data
889
- included in the standard adopted in § 170.213.
1228
+ adopted in § 170.215(a)(2), including demonstrating search support for
1229
+ “SHALL” operations and parameters for all the data included in the
1230
+ standard adopted in § 170.213.
890
1231
  TLV: |
891
1232
  The tester verifies the ability of the Health IT Module to respond to
892
1233
  requests for a single patient’s data consistent with the search
893
- criteria detailed in the “US Core Server CapabilityStatement”
894
- section of the implementation specification adopted in §
895
- 170.215(a)(2), including demonstrating search support for “SHALL”
896
- operations and parameters for all the data included in the standard
897
- adopted in § 170.213.
1234
+ criteria detailed in the “US Core Server CapabilityStatement” section
1235
+ of the implementation specification adopted in § 170.215(a)(2),
1236
+ including demonstrating search support for “SHALL” operations and
1237
+ parameters for all the data included in the standard adopted in §
1238
+ 170.213.
898
1239
  inferno_supported: 'yes'
899
1240
  inferno_tests:
900
1241
  - 4.2.01
@@ -914,34 +1255,93 @@ procedure:
914
1255
  - 4.16.01
915
1256
  - 4.17.01
916
1257
  - 4.18.01
1258
+ - 4.19.01
917
1259
  - 4.20.01
918
1260
  - 4.21.01
919
1261
  - 4.22.01
920
1262
  - 4.23.01
921
- - 4.19.01
922
1263
  - 4.24.01
923
1264
  - 4.25.01
924
1265
  - 4.26.01
925
- - 4.31.01
926
- - 4.28.01
927
- - 4.30.01
928
- - id: SEARCH-3
1266
+ - 5.2.01
1267
+ - 5.3.01
1268
+ - 5.4.01
1269
+ - 5.5.01
1270
+ - 5.6.01
1271
+ - 5.7.01
1272
+ - 5.8.01
1273
+ - 5.9.01
1274
+ - 5.10.01
1275
+ - 5.11.01
1276
+ - 5.12.01
1277
+ - 5.13.01
1278
+ - 5.14.01
1279
+ - 5.15.01
1280
+ - 5.16.01
1281
+ - 5.17.01
1282
+ - 5.18.01
1283
+ - 5.19.01
1284
+ - 5.20.01
1285
+ - 5.21.01
1286
+ - 5.22.01
1287
+ - 5.23.01
1288
+ - 5.24.01
1289
+ - 5.25.01
1290
+ - 5.26.01
1291
+ - 5.27.01
1292
+ - 5.28.01
1293
+ - 6.2.01
1294
+ - 6.3.01
1295
+ - 6.4.01
1296
+ - 6.5.01
1297
+ - 6.6.01
1298
+ - 6.7.01
1299
+ - 6.8.01
1300
+ - 6.9.01
1301
+ - 6.10.01
1302
+ - 6.11.01
1303
+ - 6.12.01
1304
+ - 6.13.01
1305
+ - 6.14.01
1306
+ - 6.15.01
1307
+ - 6.16.01
1308
+ - 6.17.01
1309
+ - 6.18.01
1310
+ - 6.19.01
1311
+ - 6.20.01
1312
+ - 6.21.01
1313
+ - 6.22.01
1314
+ - 6.23.01
1315
+ - 6.24.01
1316
+ - 6.25.01
1317
+ - 6.26.01
1318
+ - 6.27.01
1319
+ - 6.28.01
1320
+ - 6.29.01
1321
+ - 6.30.01
1322
+ - 6.31.01
1323
+ - 6.32.01
1324
+ - 6.33.01
1325
+ - 6.34.01
1326
+ - 6.35.01
1327
+ - 6.36.01
1328
+ - id: SH-PAT-3
929
1329
  SUT: |
930
1330
  The health IT developer demonstrates the ability of the Health IT
931
1331
  Module to support a resource search for the provenance target
932
- “(_revIncludes: Provenance:target)” for all the FHIR resources
1332
+ “(_revIncludes: Provenance:target)” for all the FHIR® resources
933
1333
  included in the standard adopted in § 170.213 and implementation
934
1334
  specification adopted in § 170.215(a)(2) according to the “Basic
935
1335
  Provenance Guidance” section of the implementation specification
936
1336
  adopted in § 170.215(a)(2).
937
1337
  TLV: |
938
- The tester verifies the ability of the Health IT
939
- Module to support a resource search for the provenance target
940
- “(_revIncludes: Provenance:target)” for all the FHIR resources
941
- included in the standard adopted in § 170.213 and implementation
942
- specification adopted in § 170.215(a)(2) according to the “Basic
943
- Provenance Guidance” section of the implementation specification
944
- adopted in § 170.215(a)(2).
1338
+ The tester verifies the ability of the Health IT Module to support a
1339
+ resource search for the provenance target “(_revIncludes:
1340
+ Provenance:target)” for all the FHIR® resources included in the
1341
+ standard adopted in § 170.213 and implementation specification adopted
1342
+ in § 170.215(a)(2) according to the “Basic Provenance Guidance”
1343
+ section of the implementation specification adopted in §
1344
+ 170.215(a)(2).
945
1345
  inferno_supported: 'yes'
946
1346
  inferno_tests:
947
1347
  - 4.2.07
@@ -953,24 +1353,86 @@ procedure:
953
1353
  - 4.8.06
954
1354
  - 4.9.06
955
1355
  - 4.10.07
956
- - 4.11.04
1356
+ - 4.11.03
957
1357
  - 4.12.03
958
1358
  - 4.13.04
959
1359
  - 4.14.03
960
1360
  - 4.15.05
961
- - 4.16.06
1361
+ - 4.16.05
962
1362
  - 4.17.05
963
1363
  - 4.18.05
1364
+ - 4.19.05
964
1365
  - 4.20.05
965
1366
  - 4.21.05
966
1367
  - 4.22.05
967
1368
  - 4.23.05
968
- - 4.19.05
969
1369
  - 4.24.05
970
1370
  - 4.25.05
971
1371
  - 4.26.04
1372
+ - 5.2.07
1373
+ - 5.3.03
1374
+ - 5.4.03
1375
+ - 5.5.03
1376
+ - 5.6.03
1377
+ - 5.7.03
1378
+ - 5.8.06
1379
+ - 5.9.06
1380
+ - 5.10.07
1381
+ - 5.11.03
1382
+ - 5.12.03
1383
+ - 5.13.04
1384
+ - 5.14.05
1385
+ - 5.15.05
1386
+ - 5.16.05
1387
+ - 5.17.05
1388
+ - 5.18.05
1389
+ - 5.19.05
1390
+ - 5.20.05
1391
+ - 5.21.05
1392
+ - 5.22.05
1393
+ - 5.23.05
1394
+ - 5.24.05
1395
+ - 5.25.05
1396
+ - 5.26.05
1397
+ - 5.27.05
1398
+ - 5.28.04
1399
+ - 6.2.07
1400
+ - 6.3.03
1401
+ - 6.4.03
1402
+ - 6.5.03
1403
+ - 6.6.03
1404
+ - 6.7.03
1405
+ - 6.8.03
1406
+ - 6.9.06
1407
+ - 6.10.06
1408
+ - 6.11.07
1409
+ - 6.12.05
1410
+ - 6.13.03
1411
+ - 6.14.03
1412
+ - 6.15.04
1413
+ - 6.16.05
1414
+ - 6.17.05
1415
+ - 6.18.05
1416
+ - 6.19.05
1417
+ - 6.20.05
1418
+ - 6.21.05
1419
+ - 6.22.05
1420
+ - 6.23.05
1421
+ - 6.24.05
1422
+ - 6.25.03
1423
+ - 6.26.05
1424
+ - 6.27.05
1425
+ - 6.28.05
1426
+ - 6.29.05
1427
+ - 6.30.05
1428
+ - 6.31.05
1429
+ - 6.32.05
1430
+ - 6.33.05
1431
+ - 6.34.05
1432
+ - 6.35.04
1433
+ - 6.36.07
972
1434
  - group: Supported Search Operations for Multiple Patients’ Data
973
- id: SEARCH-4
1435
+ id: SH-PAT-4
974
1436
  SUT: |
975
1437
  The health IT developer demonstrates the ability of the Health IT
976
1438
  Module to support the “capabilities” interaction as specified in the
@@ -979,37 +1441,45 @@ procedure:
979
1441
  170.215(a)(1) and implementation specification adopted in §
980
1442
  170.215(a)(4).
981
1443
  TLV: |
982
- The tester verifies the ability of the Health IT
983
- Module to support the “capabilities” interaction as specified in the
984
- standard adopted in § 170.215(a)(1), including support for a
985
- “CapabilityStatement” as specified in the standard adopted in §
986
- 170.215(a)(1) and implementation specification adopted in §
987
- 170.215(a)(4).
1444
+ The tester verifies the ability of the Health IT Module to support the
1445
+ “capabilities” interaction as specified in the standard adopted in §
1446
+ 170.215(a)(1), including support for a “CapabilityStatement” as
1447
+ specified in the standard adopted in § 170.215(a)(1) and
1448
+ implementation specification adopted in § 170.215(a)(4).
988
1449
  inferno_supported: 'yes'
989
1450
  inferno_tests:
990
- - 5.2.02
991
- - id: SEARCH-5
1451
+ - 7.2.02
1452
+ - 8.2.02
1453
+ - id: SH-PAT-5
992
1454
  SUT: |
993
1455
  The health IT developer demonstrates the ability of the Health IT
994
1456
  Module to support requests for multiple patients’ data as a group
995
- using the “group-export” operation as detailed in the
996
- implementation specification adopted in § 170.215(a)(4).
1457
+ using the “group-export” operation as detailed in the implementation
1458
+ specification adopted in § 170.215(a)(4).
997
1459
  TLV: |
998
1460
  The tester verifies the ability of the Health IT Module to support
999
- requests for multiple patients’ data as a group using the “group
1000
- export” operation as detailed in the implementation specification
1001
- adopted in § 170.215(a)(4).
1461
+ requests for multiple patients’ data as a group using the
1462
+ “group-export” operation as detailed in the implementation
1463
+ specification adopted in § 170.215(a)(4).
1002
1464
  inferno_supported: 'yes'
1003
1465
  inferno_tests:
1004
- - 5.2.07
1466
+ - 7.2.04
1467
+ - 8.2.04
1005
1468
  - section: Paragraph (g)(10)(i) – Data response
1006
1469
  steps:
1007
1470
  - group: Data Response Checks for Single and Multiple Patients
1008
- id: RESPONSE-1
1471
+ id: DAT-PAT-1
1009
1472
  SUT: |
1010
- For responses to data for single and multiple patients as described
1011
- in steps 7 and 8 of this section respectively, the health IT developer
1012
- demonstrates the ability of the Health IT Module to respond to
1473
+ For responses to data for single and multiple patients as described in
1474
+ steps DAT-PAT-7, and DAT-PAT-8, of this section respectively, the
1475
+ health IT developer demonstrates the ability of the Health IT Module
1476
+ to respond to requests for data according to the implementation
1477
+ specification adopted in § 170.215(a)(2), including the following
1478
+ steps.
1479
+ TLV: |
1480
+ For responses to data for single and multiple patients as described in
1481
+ steps DAT-PAT-7, and DAT-PAT-8, of this section respectively, the
1482
+ tester verifies the ability of the Health IT Module to respond to
1013
1483
  requests for data according to the implementation specification
1014
1484
  adopted in § 170.215(a)(2), including the following steps.
1015
1485
  inferno_supported: 'yes'
@@ -1031,70 +1501,227 @@ procedure:
1031
1501
  - 4.16.04
1032
1502
  - 4.17.04
1033
1503
  - 4.18.04
1504
+ - 4.19.04
1034
1505
  - 4.20.04
1035
1506
  - 4.21.04
1036
1507
  - 4.22.04
1037
1508
  - 4.23.04
1038
- - 4.19.04
1039
1509
  - 4.24.04
1040
1510
  - 4.25.04
1041
1511
  - 4.26.03
1042
- - 4.28.02
1512
+ - 4.27.01
1513
+ - 4.28.01
1514
+ - 4.29.01
1043
1515
  - 4.30.01
1044
- - 5.3.06 - 5.3.23
1045
- - id: RESPONSE-2
1516
+ - 5.2.06
1517
+ - 5.3.02
1518
+ - 5.4.02
1519
+ - 5.5.02
1520
+ - 5.6.02
1521
+ - 5.7.02
1522
+ - 5.8.05
1523
+ - 5.9.05
1524
+ - 5.10.06
1525
+ - 5.11.02
1526
+ - 5.12.02
1527
+ - 5.13.03
1528
+ - 5.14.04
1529
+ - 5.15.04
1530
+ - 5.16.04
1531
+ - 5.17.04
1532
+ - 5.18.04
1533
+ - 5.19.04
1534
+ - 5.20.04
1535
+ - 5.21.04
1536
+ - 5.22.04
1537
+ - 5.23.04
1538
+ - 5.24.04
1539
+ - 5.25.04
1540
+ - 5.26.04
1541
+ - 5.27.04
1542
+ - 5.28.03
1543
+ - 5.29.01
1544
+ - 5.30.01
1545
+ - 5.31.01
1546
+ - 5.32.01
1547
+ - 6.2.06
1548
+ - 6.3.02
1549
+ - 6.4.02
1550
+ - 6.5.02
1551
+ - 6.6.02
1552
+ - 6.7.02
1553
+ - 6.8.02
1554
+ - 6.9.05
1555
+ - 6.10.05
1556
+ - 6.11.06
1557
+ - 6.12.04
1558
+ - 6.13.02
1559
+ - 6.14.02
1560
+ - 6.15.03
1561
+ - 6.16.04
1562
+ - 6.17.04
1563
+ - 6.18.04
1564
+ - 6.19.04
1565
+ - 6.20.04
1566
+ - 6.21.04
1567
+ - 6.22.04
1568
+ - 6.23.04
1569
+ - 6.24.04
1570
+ - 6.25.02
1571
+ - 6.26.04
1572
+ - 6.27.04
1573
+ - 6.28.04
1574
+ - 6.29.04
1575
+ - 6.30.04
1576
+ - 6.31.04
1577
+ - 6.32.04
1578
+ - 6.33.04
1579
+ - 6.34.04
1580
+ - 6.35.03
1581
+ - 6.36.06
1582
+ - 6.37.01
1583
+ - 6.38.01
1584
+ - 6.39.01
1585
+ - 6.40.01
1586
+ - 7.3.03
1587
+ - 7.3.06 - 7.3.27
1588
+ - 8.3.03
1589
+ - 8.3.06 - 8.3.27
1590
+ - id: DAT-PAT-2
1046
1591
  SUT: |
1047
1592
  The health IT developer demonstrates the ability of the Health IT
1048
1593
  Module to respond with data that meet the following conditions:
1049
- * All data elements indicated with a cardinality of one or greater and / or “must support” are included;
1594
+ * All data elements indicated with a cardinality of one or greater and
1595
+ / or “must support” are included;
1050
1596
  * Content is structurally correct;
1051
1597
  * All invariant rules are met;
1052
- * All data elements with required “ValueSet” bindings contain codes within the bound “ValueSet”;
1598
+ * All data elements with required “ValueSet” bindings contain codes
1599
+ within the bound “ValueSet”;
1053
1600
  * All information is accurate and without omission; and
1054
- * All references within the resources can be resolved and validated, as applicable, according to steps 2-6 of this section
1601
+ * All references within the resources can be resolved and validated,
1602
+ as applicable, according to steps DAT-PAT-2, DAT-PAT-3, DAT-PAT-4,
1603
+ DAT-PAT-5, and DAT-PAT-6, of this section.
1055
1604
  TLV: |
1056
- The tester verfies the ability of the Health IT
1057
- Module to respond with data that meet the following conditions:
1058
- * All data elements indicated with a cardinality of one or greater and / or “must support” are included;
1605
+ The tester verifies the ability of the Health IT Module to respond
1606
+ with data that meet the following conditions:
1607
+ * All data elements indicated with a cardinality of one or greater and
1608
+ / or “must support” are included;
1059
1609
  * Content is structurally correct;
1060
1610
  * All invariant rules are met;
1061
- * All data elements with required “ValueSet” bindings contain codes within the bound “ValueSet”;
1611
+ * All data elements with required “ValueSet” bindings contain codes
1612
+ within the bound “ValueSet”;
1062
1613
  * All information is accurate and without omission; and
1063
- * All references within the resources can be resolved and validated, as applicable, according to steps 2-6 of this section
1614
+ * All references within the resources can be resolved and validated,
1615
+ as applicable, according to steps DAT-PAT-2, DAT-PAT-3, DAT-PAT-4,
1616
+ DAT-PAT-5, and DAT-PAT-6, of this section.
1064
1617
  inferno_supported: 'yes'
1065
1618
  inferno_tests:
1066
- - 6.5.07
1067
- - 6.5.11
1068
- - 6.5.12
1069
- - 4.2.01
1070
- - 4.3.01
1071
- - 4.4.01
1072
- - 4.5.01
1073
- - 4.6.01
1074
- - 4.7.01
1075
- - 4.8.01
1076
- - 4.9.01
1077
- - 4.10.01
1078
- - 4.11.01
1079
- - 4.12.01
1080
- - 4.13.01
1081
- - 4.14.01
1082
- - 4.15.01
1083
- - 4.16.01
1084
- - 4.17.01
1085
- - 4.18.01
1086
- - 4.20.01
1087
- - 4.21.01
1088
- - 4.22.01
1089
- - 4.23.01
1090
- - 4.19.01
1091
- - 4.24.01
1092
- - 4.25.01
1093
- - 4.26.01
1094
- - 4.31.01
1095
- - 4.28.01
1096
- - 4.30.01
1097
- - 5.3.02
1619
+ - 9.10.07
1620
+ - 9.10.11
1621
+ - 9.10.12
1622
+ - 4.2.08 - 4.2.09
1623
+ - 4.3.04 - 4.3.05
1624
+ - 4.4.04 - 4.4.05
1625
+ - 4.5.04 - 4.5.05
1626
+ - 4.6.04 - 4.6.05
1627
+ - 4.7.04 - 4.7.05
1628
+ - 4.8.07 - 4.8.08
1629
+ - 4.9.07 - 4.9.08
1630
+ - 4.10.08 - 4.10.09
1631
+ - 4.11.04 - 4.11.05
1632
+ - 4.12.04 - 4.12.05
1633
+ - 4.13.06 - 4.13.07
1634
+ - 4.14.04 - 4.14.05
1635
+ - 4.15.06 - 4.15.07
1636
+ - 4.16.06 - 4.16.07
1637
+ - 4.17.06 - 4.17.07
1638
+ - 4.18.06 - 4.18.07
1639
+ - 4.19.06 - 4.19.07
1640
+ - 4.20.06 - 4.20.07
1641
+ - 4.21.06 - 4.21.07
1642
+ - 4.22.06 - 4.22.07
1643
+ - 4.23.06 - 4.23.07
1644
+ - 4.24.06 - 4.24.07
1645
+ - 4.25.06 - 4.25.07
1646
+ - 4.26.05 - 4.26.06
1647
+ - 4.27.02 - 4.27.03
1648
+ - 4.28.02 - 4.28.03
1649
+ - 4.29.02 - 4.29.03
1650
+ - 4.30.02 - 4.30.03
1651
+ - 5.2.08 - 5.2.09
1652
+ - 5.3.04 - 5.3.05
1653
+ - 5.4.04 - 5.4.05
1654
+ - 5.5.04 - 5.5.05
1655
+ - 5.6.04 - 5.6.05
1656
+ - 5.7.04 - 5.7.05
1657
+ - 5.8.07 - 5.8.08
1658
+ - 5.9.07 - 5.9.08
1659
+ - 5.10.08 - 5.10.09
1660
+ - 5.11.04 - 5.11.05
1661
+ - 5.12.04 - 5.12.05
1662
+ - 5.13.06 - 5.13.07
1663
+ - 5.14.06 - 5.14.07
1664
+ - 5.15.06 - 5.15.07
1665
+ - 5.16.06 - 5.16.07
1666
+ - 5.17.06 - 5.17.07
1667
+ - 5.18.06 - 5.18.07
1668
+ - 5.19.06 - 5.19.07
1669
+ - 5.20.06 - 5.20.07
1670
+ - 5.21.06 - 5.21.07
1671
+ - 5.22.06 - 5.22.07
1672
+ - 5.23.06 - 5.23.07
1673
+ - 5.24.06 - 5.24.07
1674
+ - 5.25.06 - 5.25.07
1675
+ - 5.26.05 - 5.26.06
1676
+ - 5.27.06 - 5.27.07
1677
+ - 5.28.05 - 5.28.06
1678
+ - 5.29.02 - 5.29.03
1679
+ - 5.30.02 - 5.30.03
1680
+ - 5.31.02 - 5.31.03
1681
+ - 5.32.02 - 5.32.03
1682
+ - 6.2.08 - 6.2.09
1683
+ - 6.3.04 - 6.3.05
1684
+ - 6.4.04 - 6.4.05
1685
+ - 6.5.04 - 6.5.05
1686
+ - 6.6.04 - 6.6.05
1687
+ - 6.7.04 - 6.7.05
1688
+ - 6.8.05 - 6.8.06
1689
+ - 6.9.07 - 6.9.08
1690
+ - 6.10.07 - 6.10.08
1691
+ - 6.11.08 - 6.11.09
1692
+ - 6.12.06 - 6.12.07
1693
+ - 6.13.04 - 6.13.05
1694
+ - 6.14.04 - 6.14.05
1695
+ - 6.15.06 - 6.15.07
1696
+ - 6.16.06 - 6.16.07
1697
+ - 6.17.06 - 6.17.07
1698
+ - 6.18.06 - 6.18.07
1699
+ - 6.19.06 - 6.19.07
1700
+ - 6.20.06 - 6.20.07
1701
+ - 6.21.06 - 6.21.07
1702
+ - 6.22.06 - 6.22.07
1703
+ - 6.23.06 - 6.23.07
1704
+ - 6.24.06 - 6.24.07
1705
+ - 6.25.04 - 6.25.05
1706
+ - 6.26.06 - 6.26.07
1707
+ - 6.27.06 - 6.27.07
1708
+ - 6.28.06 - 6.28.07
1709
+ - 6.29.06 - 6.29.07
1710
+ - 6.30.06 - 6.30.07
1711
+ - 6.31.06 - 6.31.07
1712
+ - 6.32.06 - 6.32.07
1713
+ - 6.33.06 - 6.33.07
1714
+ - 6.34.06 - 6.34.07
1715
+ - 6.35.05 - 6.35.06
1716
+ - 6.36.08 - 6.36.09
1717
+ - 6.37.02 - 6.37.03
1718
+ - 6.38.02 - 6.38.03
1719
+ - 6.39.02 - 6.39.03
1720
+ - 6.40.02 - 6.40.03
1721
+ - 7.3.03
1722
+ - 7.3.06 - 7.3.27
1723
+ - 8.3.03
1724
+ - 8.3.06 - 8.3.27
1098
1725
  inferno_notes: |
1099
1726
  The requirement "all information is accurate and without omission"
1100
1727
  cannot be verified automatically by Inferno, as Inferno only has
@@ -1106,33 +1733,33 @@ procedure:
1106
1733
  not include three required USCDI v1 data elements for Patient Demographics
1107
1734
  and Allergy and Intolerances, and this requires visual inspection
1108
1735
  by the tester.
1109
- - id: RESPONSE-3
1736
+ - id: DAT-PAT-3
1110
1737
  SUT: |
1111
1738
  The health IT developer demonstrates the ability of the Health IT
1112
- Module to support a “Provenance” FHIR resource for all the FHIR
1739
+ Module to support a “Provenance” FHIR® resource for all the FHIR®
1113
1740
  resources included in the standard adopted in § 170.213 and
1114
- implementation specification adopted in § 170.215(a)(2) according
1115
- to the “Basic Provenance Guidance” section of the implementation
1741
+ implementation specification adopted in § 170.215(a)(2) according to
1742
+ the “Basic Provenance Guidance” section of the implementation
1116
1743
  specification adopted in § 170.215(a)(2).
1117
1744
  TLV: |
1118
- The tester verfies the ability of the Health IT
1119
- Module to support a “Provenance” FHIR resource for all the FHIR
1120
- resources included in the standard adopted in § 170.213 and
1121
- implementation specification adopted in § 170.215(a)(2) according
1122
- to the “Basic Provenance Guidance” section of the implementation
1123
- specification adopted in § 170.215(a)(2).
1745
+ The tester verifies the ability of the Health IT Module to support a
1746
+ “Provenance” FHIR® resource for all the FHIR® resources included in
1747
+ the standard adopted in § 170.213 and implementation specification
1748
+ adopted in § 170.215(a)(2) according to the “Basic Provenance
1749
+ Guidance” section of the implementation specification adopted in §
1750
+ 170.215(a)(2).
1124
1751
  inferno_supported: 'yes'
1125
1752
  inferno_tests:
1126
1753
  - 4.2.07
1127
1754
  - 4.3.03
1128
- - 4.4.05
1755
+ - 4.4.03
1129
1756
  - 4.5.03
1130
- - 4.6.04
1757
+ - 4.6.03
1131
1758
  - 4.7.03
1132
1759
  - 4.8.06
1133
1760
  - 4.9.06
1134
1761
  - 4.10.07
1135
- - 4.11.04
1762
+ - 4.11.03
1136
1763
  - 4.12.03
1137
1764
  - 4.13.04
1138
1765
  - 4.14.03
@@ -1140,82 +1767,152 @@ procedure:
1140
1767
  - 4.16.05
1141
1768
  - 4.17.05
1142
1769
  - 4.18.05
1770
+ - 4.19.05
1143
1771
  - 4.20.05
1144
1772
  - 4.21.05
1145
1773
  - 4.22.05
1146
1774
  - 4.23.05
1147
- - 4.19.05
1148
1775
  - 4.24.05
1149
1776
  - 4.25.05
1150
1777
  - 4.26.04
1151
1778
  - 4.30.01 - 4.30.04
1152
- - 5.3.01
1153
- - id: RESPONSE-4
1779
+ - 5.2.07
1780
+ - 5.3.03
1781
+ - 5.4.03
1782
+ - 5.5.03
1783
+ - 5.6.03
1784
+ - 5.7.03
1785
+ - 5.8.06
1786
+ - 5.9.06
1787
+ - 5.10.07
1788
+ - 5.11.03
1789
+ - 5.12.03
1790
+ - 5.13.04
1791
+ - 5.14.05
1792
+ - 5.15.05
1793
+ - 5.16.05
1794
+ - 5.17.05
1795
+ - 5.18.05
1796
+ - 5.19.05
1797
+ - 5.20.05
1798
+ - 5.21.05
1799
+ - 5.22.05
1800
+ - 5.23.05
1801
+ - 5.24.05
1802
+ - 5.25.05
1803
+ - 5.26.05
1804
+ - 5.27.05
1805
+ - 5.28.04
1806
+ - 5.32.01 - 5.32.04
1807
+ - 6.2.07
1808
+ - 6.3.03
1809
+ - 6.4.03
1810
+ - 6.5.03
1811
+ - 6.6.03
1812
+ - 6.7.03
1813
+ - 6.8.03
1814
+ - 6.9.06
1815
+ - 6.10.06
1816
+ - 6.11.07
1817
+ - 6.12.05
1818
+ - 6.13.03
1819
+ - 6.14.03
1820
+ - 6.15.04
1821
+ - 6.16.05
1822
+ - 6.17.05
1823
+ - 6.18.05
1824
+ - 6.19.05
1825
+ - 6.20.05
1826
+ - 6.21.05
1827
+ - 6.22.05
1828
+ - 6.23.05
1829
+ - 6.24.05
1830
+ - 6.25.03
1831
+ - 6.26.05
1832
+ - 6.27.05
1833
+ - 6.28.05
1834
+ - 6.29.05
1835
+ - 6.30.05
1836
+ - 6.31.05
1837
+ - 6.32.05
1838
+ - 6.33.05
1839
+ - 6.34.05
1840
+ - 6.35.04
1841
+ - 6.36.07
1842
+ - 6.39.01 - 6.39.04
1843
+ - 7.3.21
1844
+ - 8.3.21
1845
+ - id: DAT-PAT-4
1154
1846
  SUT: |
1155
1847
  The health IT developer demonstrates the ability of the Health IT
1156
- Module to support a “DocumentReference” and/or “DiagnosticReport” FHIR
1157
- resource for each of the “Clinical Notes” and “Diagnostic Reports”
1158
- included in and according to the “Clinical Notes Guidance” section of
1159
- the implementation specification adopted in § 170.215(a)(2)..
1848
+ Module to support a “DocumentReference” and/or “DiagnosticReport”
1849
+ FHIR® resource for each of the “Clinical Notes” and “Diagnostic
1850
+ Reports” included in and according to the “Clinical Notes Guidance”
1851
+ section of the implementation specification adopted in §
1852
+ 170.215(a)(2).
1160
1853
  TLV: |
1161
- The tester verifies the ability of the Health IT Module to support
1162
- a “DocumentReference” and/or “DiagnosticReport” FHIR resource for each
1854
+ The tester verifies the ability of the Health IT Module to support a
1855
+ “DocumentReference” and/or “DiagnosticReport” FHIR® resource for each
1163
1856
  of the “Clinical Notes” and “Diagnostic Reports” included in and
1164
1857
  according to the “Clinical Notes Guidance” section of the
1165
1858
  implementation specification adopted in § 170.215(a)(2).
1166
1859
  inferno_supported: 'yes'
1167
1860
  inferno_tests:
1168
1861
  - 4.31.01 - 4.31.02
1169
- - id: RESPONSE-5
1862
+ - 5.33.01 - 5.33.02
1863
+ - 6.41.01 - 6.41.02
1864
+ - id: DAT-PAT-5
1170
1865
  SUT: |
1171
1866
  If supported, and for responses to data for a single patient only, the
1172
- health IT developer demonstrates the ability of the Health IT
1173
- Module to support a “Medication” FHIR resource according to the
1174
- “Medication List Guidance” section of the implementation
1175
- specification adopted in § 170.215(a)(2).
1867
+ health IT developer demonstrates the ability of the Health IT Module
1868
+ to support a “Medication” FHIR® resource according to the “Medication
1869
+ List Guidance” section of the implementation specification adopted in
1870
+ § 170.215(a)(2).
1176
1871
  TLV: |
1177
1872
  If supported, and for responses to data for a single patient only, the
1178
- tester verfies the ability of the Health IT
1179
- Module to support a “Medication” FHIR resource according to the
1180
- “Medication List Guidance” section of the implementation
1181
- specification adopted in § 170.215(a)(2).
1873
+ tester verifies the ability of the Health IT Module to support a
1874
+ “Medication” FHIR® resource according to the “Medication List
1875
+ Guidance” section of the implementation specification adopted in §
1876
+ 170.215(a)(2).
1182
1877
  inferno_supported: 'yes'
1183
1878
  inferno_tests:
1184
1879
  - 4.13.06
1185
- - id: RESPONSE-6
1880
+ - 5.13.06
1881
+ - 6.15.06
1882
+ - id: DAT-PAT-6
1186
1883
  SUT: |
1187
1884
  The health IT developer demonstrates the ability of the Health IT
1188
- Module to support “DataAbsentReasonas specified in the
1189
- implementation specification adopted in § 170. 215(a)(2),
1190
- including:
1191
- * “DataAbsentReason” Extension; and
1192
- * “DataAbsentReason” Code System.
1885
+ Module to support “Missing Dataaccording to the implementation
1886
+ specification adopted in § 170. 215(a)(2), including:
1887
+ * For non-coded data elements; and
1888
+ * For coded data elements, including support for the
1889
+ “DataAbsentReason” Code System.
1193
1890
  TLV: |
1194
- The tester verfies the ability of the Health IT
1195
- Module to support “DataAbsentReason” as specified in the
1196
- implementation specification adopted in § 170. 215(a)(2),
1197
- including:
1198
- * “DataAbsentReason” Extension; and
1199
- * “DataAbsentReason” Code System.
1891
+ The tester verifies the ability of the Health IT Module to support
1892
+ “Missing Data” according to the implementation specification adopted
1893
+ in § 170. 215(a)(2), including:
1894
+ * For non-coded data elements; and
1895
+ * For coded data elements, including support for the
1896
+ “DataAbsentReason” Code System.
1200
1897
  inferno_supported: 'yes'
1201
1898
  inferno_tests:
1202
1899
  - 4.32.01 - 4.32.02
1900
+ - 5.34.01 - 5.34.02
1901
+ - 6.42.01 - 6.42.02
1203
1902
  - group: Response to Requests for a Single Patient’s Data
1204
- id: RESPONSE-7
1903
+ id: DAT-PAT-7
1205
1904
  SUT: |
1206
1905
  The health IT developer demonstrates the ability of the Health IT
1207
- Module to return all of the data associated with requests for a
1208
- single patient’s data according to the “US Core Server
1209
- CapabilityStatement” section of the implementation specification
1210
- adopted in § 170.215(a)(2) for all the data included in the standard
1211
- adopted in § 170.213.
1906
+ Module to return all of the data associated with requests for a single
1907
+ patient’s data according to the “US Core Server CapabilityStatement”
1908
+ section of the implementation specification adopted in § 170.215(a)(2)
1909
+ for all the data included in the standard adopted in § 170.213.
1212
1910
  TLV: |
1213
- The tester verifies the ability of the Health IT
1214
- Module to return all of the data associated with requests for a
1215
- single patient’s data according to the “US Core Server
1216
- CapabilityStatement” section of the implementation specification
1217
- adopted in § 170.215(a)(2) for all the data included in the standard
1218
- adopted in § 170.213.
1911
+ The tester verifies the ability of the Health IT Module to return all
1912
+ of the data associated with requests for a single patient’s data
1913
+ according to the “US Core Server CapabilityStatement” section of the
1914
+ implementation specification adopted in § 170.215(a)(2) for all the
1915
+ data included in the standard adopted in § 170.213.
1219
1916
  inferno_supported: 'yes'
1220
1917
  inferno_tests:
1221
1918
  - 4.2.01
@@ -1235,27 +1932,85 @@ procedure:
1235
1932
  - 4.16.01
1236
1933
  - 4.17.01
1237
1934
  - 4.18.01
1935
+ - 4.19.01
1238
1936
  - 4.20.01
1239
1937
  - 4.21.01
1240
1938
  - 4.22.01
1241
1939
  - 4.23.01
1242
- - 4.19.01
1243
1940
  - 4.24.01
1244
1941
  - 4.25.01
1245
1942
  - 4.26.01
1246
- - 4.31.01
1247
- - 4.28.01
1248
- - 4.30.01
1943
+ - 5.2.01
1944
+ - 5.3.01
1945
+ - 5.4.01
1946
+ - 5.5.01
1947
+ - 5.6.01
1948
+ - 5.7.01
1949
+ - 5.8.01
1950
+ - 5.9.01
1951
+ - 5.10.01
1952
+ - 5.11.01
1953
+ - 5.12.01
1954
+ - 5.13.01
1955
+ - 5.14.01
1956
+ - 5.15.01
1957
+ - 5.16.01
1958
+ - 5.17.01
1959
+ - 5.18.01
1960
+ - 5.19.01
1961
+ - 5.20.01
1962
+ - 5.21.01
1963
+ - 5.22.01
1964
+ - 5.23.01
1965
+ - 5.24.01
1966
+ - 5.25.01
1967
+ - 5.26.01
1968
+ - 5.27.01
1969
+ - 5.28.01
1970
+ - 6.2.01
1971
+ - 6.3.01
1972
+ - 6.4.01
1973
+ - 6.5.01
1974
+ - 6.6.01
1975
+ - 6.7.01
1976
+ - 6.8.01
1977
+ - 6.9.01
1978
+ - 6.10.01
1979
+ - 6.11.01
1980
+ - 6.12.01
1981
+ - 6.13.01
1982
+ - 6.14.01
1983
+ - 6.15.01
1984
+ - 6.16.01
1985
+ - 6.17.01
1986
+ - 6.18.01
1987
+ - 6.19.01
1988
+ - 6.20.01
1989
+ - 6.21.01
1990
+ - 6.22.01
1991
+ - 6.23.01
1992
+ - 6.24.01
1993
+ - 6.25.01
1994
+ - 6.26.01
1995
+ - 6.27.01
1996
+ - 6.28.01
1997
+ - 6.29.01
1998
+ - 6.30.01
1999
+ - 6.31.01
2000
+ - 6.32.01
2001
+ - 6.33.01
2002
+ - 6.34.01
2003
+ - 6.35.01
2004
+ - 6.36.01
1249
2005
  - group: Response to Requests for Multiple Patients’ Data
1250
- id: RESPONSE-8
2006
+ id: DAT-PAT-8
1251
2007
  SUT: |
1252
2008
  The health IT developer demonstrates the ability of the Health IT
1253
- Module to respond to requests for multiple patients’ data
1254
- according to the implementation specification adopted in §
1255
- 170.215(a)(4) for all of the FHIR resources associated with the
1256
- profiles and Data Elements specified in and according to the
1257
- standard adopted in § 170.213 and implementation specification
1258
- adopted in § 170.215(a)(2), including the following FHIR resources:
2009
+ Module to respond to requests for multiple patients’ data according to
2010
+ the implementation specification adopted in § 170.215(a)(4) for all of
2011
+ the FHIR® resources associated with the profiles and Data Elements
2012
+ specified in and according to the standard adopted in § 170.213 and
2013
+ implementation specification adopted in § 170.215(a)(2).:
1259
2014
  * “AllergyIntolerance”;
1260
2015
  * “CarePlan”;
1261
2016
  * “CareTeam”;
@@ -1266,23 +2021,22 @@ procedure:
1266
2021
  * “Encounter”;
1267
2022
  * “Goal”;
1268
2023
  * “Immunization”;
1269
- * “Location”;
2024
+ * “Location” (if supported);
1270
2025
  * “Medication” (if supported);
1271
2026
  * “MedicationRequest”;
1272
2027
  * “Observation”;
1273
2028
  * “Organization”;
1274
2029
  * “Patient”;
1275
- * “Practitioner”;
2030
+ * “Practitioner
1276
2031
  * “Procedure”; and
1277
- * “Provenance”;
2032
+ * “Provenance”.
1278
2033
  TLV: |
1279
- The tester verifies the ability of the Health IT
1280
- Module to respond to requests for multiple patients’ data
1281
- according to the implementation specification adopted in §
1282
- 170.215(a)(4) for all of the FHIR resources associated with the
1283
- profiles and Data Elements specified in and according to the
1284
- standard adopted in § 170.213 and implementation specification
1285
- adopted in § 170.215(a)(2), including the following FHIR resources:
2034
+ The tester verifies the ability of the Health IT Module to respond to
2035
+ requests for multiple patients’ data according to the implementation
2036
+ specification adopted in § 170.215(a)(4) for all of the FHIR®
2037
+ resources associated with the profiles and Data Elements specified in
2038
+ and according to the standard adopted in § 170.213 and implementation
2039
+ specification adopted in § 170.215(a)(2).
1286
2040
  * “AllergyIntolerance”;
1287
2041
  * “CarePlan”;
1288
2042
  * “CareTeam”;
@@ -1293,117 +2047,192 @@ procedure:
1293
2047
  * “Encounter”;
1294
2048
  * “Goal”;
1295
2049
  * “Immunization”;
1296
- * “Location”;
2050
+ * “Location” (if supported);
1297
2051
  * “Medication” (if supported);
1298
2052
  * “MedicationRequest”;
1299
2053
  * “Observation”;
1300
2054
  * “Organization”;
1301
2055
  * “Patient”;
1302
- * “Practitioner”;
2056
+ * “Practitioner
1303
2057
  * “Procedure”; and
1304
- * “Provenance”;
2058
+ * “Provenance”.
1305
2059
  inferno_supported: 'yes'
1306
2060
  inferno_tests:
1307
- - 5.3.03
1308
- - 5.3.06 - 5.3.21
1309
- - id: RESPONSE-9
2061
+ - 7.3.03
2062
+ - 7.3.06 - 7.3.23
2063
+ - 8.3.03
2064
+ - 8.3.06 - 8.3.23
2065
+ - id: DAT-PAT-16
1310
2066
  SUT: |
1311
2067
  The health IT developer demonstrates the ability of the Health IT
1312
- Module to limit the data returned to only those FHIR resources for
1313
- which the client is authorized according to the implementation
1314
- specification adopted in § 170.215(a)(4).
2068
+ Module to respond to requests for multiple patients’ data according to
2069
+ the implementation specification adopted in § 170.215(a)(4) for all of
2070
+ the FHIR® resources associated with the profiles and Data Elements
2071
+ specified in and according to the standard adopted in § 170.213 and
2072
+ implementation specification adopted in § 170.215(a)(2).
2073
+ * “AllergyIntolerance”;
2074
+ * “CarePlan”;
2075
+ * “CareTeam”;
2076
+ * “Condition”;
2077
+ * “Device”;
2078
+ * “DiagnosticReport”;
2079
+ * “DocumentReference”;
2080
+ * “Encounter”;
2081
+ * “Goal”;
2082
+ * “Immunization”;
2083
+ * “Location” (if supported);
2084
+ * “Medication” (if supported);
2085
+ * “MedicationRequest”;
2086
+ * “Observation”;
2087
+ * “Organization”;
2088
+ * “Patient”;
2089
+ * “Practitioner”
2090
+ * “Procedure”; and
2091
+ * “Provenance”.
2092
+ * “PractitionerRole” (if supported);
2093
+ * “QuestionnaireReponse” (if supported);
2094
+ * “RelatedPerson”; and
2095
+ * “ServiceRequest”
1315
2096
  TLV: |
1316
- The tester verifies the ability of the Health IT
1317
- Module to limit the data returned to only those FHIR resources for
2097
+ The health IT developer verifies the ability of the Health IT Module
2098
+ to respond to requests for multiple patients’ data according to the
2099
+ implementation specification adopted in § 170.215(a)(4) for all of the
2100
+ FHIR® resources associated with the profiles and Data Elements
2101
+ specified in and according to the standard adopted in § 170.213 and
2102
+ implementation specification adopted in § 170.215(a)(2).
2103
+ * “AllergyIntolerance”;
2104
+ * “CarePlan”;
2105
+ * “CareTeam”;
2106
+ * “Condition”;
2107
+ * “Device”;
2108
+ * “DiagnosticReport”;
2109
+ * “DocumentReference”;
2110
+ * “Encounter”;
2111
+ * “Goal”;
2112
+ * “Immunization”;
2113
+ * “Location” (if supported);
2114
+ * “Medication” (if supported);
2115
+ * “MedicationRequest”;
2116
+ * “Observation”;
2117
+ * “Organization”;
2118
+ * “Patient”;
2119
+ * “Practitioner”
2120
+ * “Procedure”; and
2121
+ * “Provenance”.
2122
+ * “PractitionerRole” (if supported);
2123
+ * “QuestionnaireReponse” (if supported);
2124
+ * “RelatedPerson”; and
2125
+ * “ServiceRequest”
2126
+ inferno_supported: 'yes'
2127
+ inferno_tests:
2128
+ - 7.3.03
2129
+ - 7.3.06 - 7.3.27
2130
+ - 8.3.03
2131
+ - 8.3.06 - 8.3.27
2132
+ - id: DAT-PAT-9
2133
+ SUT: |
2134
+ The health IT developer demonstrates the ability of the Health IT
2135
+ Module to limit the data returned to only those FHIR® resources for
1318
2136
  which the client is authorized according to the implementation
1319
2137
  specification adopted in § 170.215(a)(4).
2138
+ TLV: |
2139
+ The tester verifies the ability of the Health IT Module to limit the
2140
+ data returned to only those FHIR® resources for which the client is
2141
+ authorized according to the implementation specification adopted in §
2142
+ 170.215(a)(4).
1320
2143
  inferno_supported: 'yes'
1321
2144
  inferno_tests:
1322
- - 2.2.01 - 2.2.13
2145
+ - 2.3.01 - 2.3.15
1323
2146
  inferno_notes: |
1324
2147
  Inferno does not do this because there is no requirement to only
1325
2148
  supported a subset of the scopes.
1326
- - id: RESPONSE-10
2149
+ - id: DAT-PAT-10
1327
2150
  SUT: |
1328
2151
  The health IT developer demonstrates the ability of the Health IT
1329
2152
  Module to support a successful data response according to the
1330
2153
  implementation adopted in § 170.215(a)(4).
1331
2154
  TLV: |
1332
- The tester verifies the ability of the Health IT
1333
- Module to support a successful data response according to the
1334
- implementation adopted in § 170.215(a)(4).
2155
+ The tester verifies the ability of the Health IT Module to support a
2156
+ successful data response according to the implementation adopted in §
2157
+ 170.215(a)(4).
1335
2158
  inferno_supported: 'yes'
1336
2159
  inferno_tests:
1337
- - 5.2.04 - 5.2.05
1338
- - id: RESPONSE-11
2160
+ - 7.2.04 - 7.2.05
2161
+ - 8.2.04 - 8.2.05
2162
+ - id: DAT-PAT-11
1339
2163
  SUT: |
1340
2164
  The health IT developer demonstrates the ability of the Health IT
1341
2165
  Module to support a data response error according to the
1342
2166
  implementation adopted in § 170.215(a)(4).
1343
2167
  TLV: |
1344
- The tester verifies the ability of the Health IT
1345
- Module to support a data response error according to the
1346
- implementation adopted in § 170.215(a)(4).
2168
+ The tester verifies the ability of the Health IT Module to support a
2169
+ data response error according to the implementation adopted in §
2170
+ 170.215(a)(4).
1347
2171
  inferno_supported: 'yes'
1348
2172
  inferno_tests:
1349
- - 5.2.03
1350
- - id: RESPONSE-12
2173
+ - 7.2.03
2174
+ - 8.2.03
2175
+ - id: DAT-PAT-12
1351
2176
  SUT: |
1352
2177
  The health IT developer demonstrates the ability of the Health IT
1353
2178
  Module to support a bulk data delete request according to the
1354
2179
  implementation specification adopted in § 170.215(a)(4).
1355
2180
  TLV: |
1356
- The tester verifies the ability of the Health IT
1357
- Module to support a bulk data delete request according to the
1358
- implementation specification adopted in § 170.215(a)(4).
2181
+ The tester verifies the ability of the Health IT Module to support a
2182
+ bulk data delete request according to the implementation specification
2183
+ adopted in § 170.215(a)(4).
1359
2184
  inferno_supported: 'yes'
1360
2185
  inferno_tests:
1361
- - 5.2.07
1362
- - id: RESPONSE-13
2186
+ - 7.2.07
2187
+ - 8.2.07
2188
+ - id: DAT-PAT-13
1363
2189
  SUT: |
1364
2190
  The health IT developer demonstrates the ability of the Health IT
1365
2191
  Module to support a bulk data status request according to the
1366
2192
  implementation specification adopted in § 170.215(a)(4).
1367
2193
  TLV: |
1368
- The tester verifies the ability of the Health IT
1369
- Module to support a bulk data status request according to the
1370
- implementation specification adopted in § 170.215(a)(4).
2194
+ The tester verifies the ability of the Health IT Module to support a
2195
+ bulk data status request according to the implementation specification
2196
+ adopted in § 170.215(a)(4).
1371
2197
  inferno_supported: 'yes'
1372
2198
  inferno_tests:
1373
- - 5.2.05 - 5.2.06
1374
- - id: RESPONSE-14
2199
+ - 7.2.05 - 7.2.06
2200
+ - 8.2.05 - 8.2.06
2201
+ - id: DAT-PAT-14
1375
2202
  SUT: |
1376
2203
  The health IT developer demonstrates the ability of the Health IT
1377
2204
  Module to support a file request according to the implementation
1378
2205
  specification adopted in § 170.215(a)(4), including support for the
1379
2206
  “ndjson” format for files provided.
1380
2207
  TLV: |
1381
- The tester verifies the ability of the Health IT
1382
- Module to support a file request according to the implementation
1383
- specification adopted in § 170.215(a)(4), including support for the
1384
- “ndjson” format for files provided.
2208
+ The tester verifies the ability of the Health IT Module to support a
2209
+ file request according to the implementation specification adopted in
2210
+ § 170.215(a)(4), including support for the “ndjson” format for files
2211
+ provided.
1385
2212
  inferno_supported: 'yes'
1386
2213
  inferno_tests:
1387
- - 5.3.01 - 5.3.21
1388
- - id: RESPONSE-15
2214
+ - 7.3.01 - 7.3.27
2215
+ - 8.3.01 - 8.3.27
2216
+ - id: DAT-PAT-15
1389
2217
  SUT: |
1390
- The health IT developer demonstrates that the information
1391
- provided as part of this data response includes data for patients in
1392
- the group identifier provided during the “group-export” request.
2218
+ The health IT developer demonstrates that the information provided as
2219
+ part of this data response includes data for patients in the group
2220
+ identifier provided during the “group-export” request.
1393
2221
  TLV: |
1394
- The tester verifies the information
1395
- provided as part of this data response includes data for patients in
1396
- the group identifier provided during the “group-export” request.
2222
+ The tester verifies the information provided as part of this data
2223
+ response includes data for patients in the group identifier provided
2224
+ during the “group-export” request.
1397
2225
  inferno_supported: 'yes'
1398
2226
  inferno_tests:
1399
- - 5.3.05
2227
+ - 7.3.05
2228
+ - 8.3.05
1400
2229
  - section: Paragraph (g)(10)(viii) – Documentation
1401
2230
  steps:
1402
2231
  - group: Supported Search Operations for a Single Patient’s Data
1403
- id: DOCUMENTATION-1
2232
+ id: API-DOC-1
1404
2233
  SUT: |
1405
- The health IT developer supplies documentation describing the
1406
- API(s) of the Health IT Module and includes at a minimum:
2234
+ The health IT developer supplies documentation describing the API(s)
2235
+ of the Health IT Module and includes at a minimum:
1407
2236
  * API syntax;
1408
2237
  * Function names;
1409
2238
  * Required and optional parameters supported and their data types;
@@ -1411,10 +2240,12 @@ procedure:
1411
2240
  * Exceptions and exception handling methods and their returns;
1412
2241
  * Mandatory software components;
1413
2242
  * Mandatory software configurations; and
1414
- * All technical requirements and attributes necessary for registration.
2243
+ * All technical requirements and attributes necessary for
2244
+ registration.
1415
2245
  TLV: |
1416
- The tester verifies the
1417
- API(s) of the Health IT Module and includes at a minimum:
2246
+ The tester verifies that the documentation supplied by the health IT
2247
+ developer describing the API(s) of the Health IT Module includes at a
2248
+ minimum:
1418
2249
  * API syntax;
1419
2250
  * Function names;
1420
2251
  * Required and optional parameters supported and their data types;
@@ -1422,21 +2253,33 @@ procedure:
1422
2253
  * Exceptions and exception handling methods and their returns;
1423
2254
  * Mandatory software components;
1424
2255
  * Mandatory software configurations; and
1425
- * All technical requirements and attributes necessary for registration.
2256
+ * All technical requirements and attributes necessary for
2257
+ registration.
2258
+ inferno_supported: 'yes'
2259
+ inferno_tests:
2260
+ - 9.10.09
2261
+ - id: API-DOC-2
2262
+ SUT: |
2263
+ The health IT developer demonstrates that the documentation described
2264
+ in step 1, of this section is available via a publicly accessible
2265
+ hyperlink that does not require preconditions or additional steps to
2266
+ access.
2267
+ TLV: |
2268
+ The tester verifies the documentation described in step 1, of this
2269
+ section is available via a publicly accessible hyperlink that does not
2270
+ require preconditions or additional steps to access.
1426
2271
  inferno_supported: 'yes'
1427
2272
  inferno_tests:
1428
- - 6.5.09
1429
- - id: DOCUMENTATION-2
2273
+ - 9.10.09
2274
+ - id: API-DOC-3
1430
2275
  SUT: |
1431
- The health IT developer demonstrates that the documentation
1432
- described in step 1 of this section is available via a publicly
1433
- accessible hyperlink that does not require preconditions or
1434
- additional steps to access.
2276
+ To fulfill the API Maintenance of Certification requirement at §
2277
+ 170.404(b)(2), the health IT developer demonstrates the public
2278
+ location of its certified API technology service base URLs.
1435
2279
  TLV: |
1436
- The tester verifies the documentation
1437
- described in step 1 of this section is available via a publicly
1438
- accessible hyperlink that does not require preconditions or
1439
- additional steps to access.
2280
+ To fulfill the API Maintenance of Certification requirement at §
2281
+ 170.404(b)(2), the tester verifies the public location of the health
2282
+ IT developer's certified API technology service base URLs.
1440
2283
  inferno_supported: 'yes'
1441
2284
  inferno_tests:
1442
- - 6.5.09
2285
+ - 9.10.14