onc_certification_g10_test_kit 3.0.1 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. checksums.yaml +4 -4
  2. data/lib/inferno/terminology/expected_manifest.yml +36 -693
  3. data/lib/inferno/terminology/fhir_package_manager.rb +16 -14
  4. data/lib/inferno/terminology/loader.rb +24 -2
  5. data/lib/inferno/terminology/tasks/download_umls.rb +2 -1
  6. data/lib/inferno/terminology/tasks/expand_value_set_to_file.rb +1 -1
  7. data/lib/inferno/terminology/tasks/run_umls_jar.rb +2 -1
  8. data/lib/inferno/terminology/value_set.rb +58 -56
  9. data/lib/onc_certification_g10_test_kit/base_token_refresh_group.rb +2 -0
  10. data/lib/onc_certification_g10_test_kit/bulk_data_group_export_stu1.rb +2 -0
  11. data/lib/onc_certification_g10_test_kit/bulk_data_group_export_stu2.rb +1 -1
  12. data/lib/onc_certification_g10_test_kit/bulk_data_group_export_validation.rb +7 -4
  13. data/lib/onc_certification_g10_test_kit/bulk_export_validation_tester.rb +2 -11
  14. data/lib/onc_certification_g10_test_kit/configuration_checker.rb +22 -0
  15. data/lib/onc_certification_g10_test_kit/export_kick_off_performer.rb +3 -2
  16. data/lib/onc_certification_g10_test_kit/g10_options.rb +46 -0
  17. data/lib/onc_certification_g10_test_kit/incorrectly_permitted_tls_versions_messages_setup_test.rb +34 -0
  18. data/lib/onc_certification_g10_test_kit/limited_scope_grant_test.rb +3 -1
  19. data/lib/onc_certification_g10_test_kit/multi_patient_api_stu1.rb +11 -0
  20. data/lib/onc_certification_g10_test_kit/multi_patient_api_stu2.rb +10 -0
  21. data/lib/onc_certification_g10_test_kit/onc_program_procedure.yml +1502 -658
  22. data/lib/onc_certification_g10_test_kit/profile_selector.rb +34 -24
  23. data/lib/onc_certification_g10_test_kit/resource_access_test.rb +1 -2
  24. data/lib/onc_certification_g10_test_kit/restricted_resource_type_access_group.rb +2 -2
  25. data/lib/onc_certification_g10_test_kit/short_id_manager.rb +46 -0
  26. data/lib/onc_certification_g10_test_kit/short_id_map.yml +1536 -0
  27. data/lib/onc_certification_g10_test_kit/single_patient_api_group.rb +7 -0
  28. data/lib/onc_certification_g10_test_kit/single_patient_us_core_4_api_group.rb +7 -0
  29. data/lib/onc_certification_g10_test_kit/single_patient_us_core_5_api_group.rb +9 -2
  30. data/lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb +2 -2
  31. data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb +61 -6
  32. data/lib/onc_certification_g10_test_kit/smart_invalid_token_refresh_test.rb +37 -0
  33. data/lib/onc_certification_g10_test_kit/smart_limited_app_group.rb +3 -2
  34. data/lib/onc_certification_g10_test_kit/smart_scopes_test.rb +4 -2
  35. data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb +60 -4
  36. data/lib/onc_certification_g10_test_kit/unrestricted_resource_type_access_group.rb +7 -4
  37. data/lib/onc_certification_g10_test_kit/version.rb +1 -1
  38. data/lib/onc_certification_g10_test_kit/visual_inspection_and_attestations_group.rb +88 -2
  39. data/lib/onc_certification_g10_test_kit/well_known_capabilities_test.rb +4 -2
  40. data/lib/onc_certification_g10_test_kit.rb +25 -20
  41. metadata +15 -10
data/lib/onc_certification_g10_test_kit/onc_program_procedure.yml CHANGED
@@ -2,7 +2,7 @@ procedure:
2
2
  - section: Paragraph (g)(10)(iii) - Application registration
3
3
  steps:
4
4
  - group: Application Registration
5
- id: APP-REGISTRATION-1
5
+ id: APP-REG-1
6
6
  SUT: |
7
7
  The health IT developer demonstrates the Health IT Module supports
8
8
  application registration with an authorization server for the purposes
@@ -16,13 +16,13 @@ procedure:
16
16
  registration functions to enable authentication and authorization in §
17
17
  170.315(g)(10)(v).
18
18
  inferno_tests:
19
- - 6.5.01
19
+ - 9.10.01
20
20
  inferno_supported: 'yes'
21
21
  inferno_notes: |
22
22
  This requires a visual inspection and attestation because it is not
23
23
  possible to automate without any standard method required for application
24
24
  registration.
25
- - id: APP-REGISTRATION-2
25
+ - id: APP-REG-2
26
26
  SUT: |
27
27
  The health IT developer demonstrates the Health IT Module supports
28
28
  application registration with an authorization server for the purposes
@@ -35,8 +35,8 @@ procedure:
35
35
  access for multiple patients including support for application
36
36
  registration functions to enable authentication and authorization in §
37
37
  170.315(g)(10)(v).
38
- inferno_tests:
39
- - 6.5.02
38
+ inferno_tests:
39
+ - 9.10.02
40
40
  inferno_supported: 'yes'
41
41
  inferno_notes: |
42
42
  This requires a visual inspection and attestation because it is not
@@ -45,36 +45,54 @@ procedure:
45
45
  - section: Paragraph (g)(10)(iv) – Secure connection
46
46
  steps:
47
47
  - group: Secure connection
48
- id: SECURE-CONNECTION-1
49
- SUT: |
48
+ id: SEC-CNN-1
49
+ SUT: |
50
50
  For all transmissions between the Health IT Module and the
51
- application, the health IT developer demonstrates the use of a
52
- secure and trusted connection in accordance with the
53
- implementation specifications adopted in § 170.215(a)(2) and §
54
- 170.215(a)(3), including:
51
+ application, the health IT developer demonstrates the use of a secure
52
+ and trusted connection in accordance with the implementation
53
+ specifications adopted in § 170.215(a)(2) and § 170.215(a)(3),
54
+ including:
55
55
  * Using TLS version 1.2 or higher; and
56
- * Conformance to FHIR Communications Security requirements.
56
+ * Conformance to FHIR® Communications Security requirements.
57
57
  TLV: |
58
58
  For all transmissions between the Health IT Module and the
59
59
  application, the tester verifies the use of a secure and trusted
60
60
  connection in accordance with the implementation specifications
61
61
  adopted in § 170.215(a)(2) and § 170.215(a)(3), including:
62
62
  * Using TLS version 1.2 or higher; and
63
- * Conformance to FHIR Communications Security requirements.
63
+ * Conformance to FHIR® Communications Security requirements.
64
64
  inferno_supported: 'yes'
65
65
  inferno_tests:
66
- - 1.2.01
67
- - 1.2.04
66
+ - 1.3.01
67
+ - 1.3.04
68
+ - 1.4.01
69
+ - 1.4.04
68
70
  - 2.1.01
69
71
  - 2.1.04
70
- - 3.2.03
71
- - 3.2.06
72
+ - 2.2.01
73
+ - 2.2.04
74
+ - 3.3.03
75
+ - 3.3.06
76
+ - 3.4.03
77
+ - 3.4.06
72
78
  - 4.1.01
73
79
  - 5.1.01
74
- - 5.2.01
75
- - 5.3.01
76
80
  - 6.1.01
77
- - 6.1.04
81
+ - 7.1.01
82
+ - 7.2.01
83
+ - 7.3.01
84
+ - 8.1.01
85
+ - 8.2.01
86
+ - 8.3.01
87
+ - 9.1.01
88
+ - 9.1.04
89
+ - 9.2.01
90
+ - 9.2.04
91
+ - 9.8.03
92
+ - 9.8.06
93
+ - 9.9.03
94
+ - 9.9.06
95
+ - 9.10.15
78
96
  inferno_notes: |
79
97
  Inferno tests that all endpoints provided support at least TLS
80
98
  version 1.2, and rejects all requests for TLS version 1.1 or below.
@@ -87,62 +105,64 @@ procedure:
87
105
  - section: Paragraph (g)(10)(v)(A) – Authentication and authorization for patient and user scopes
88
106
  steps:
89
107
  - group: Authentication and Authorization for Patient and User Scopes
90
- id: AUTH-PATIENT-1
91
- SUT: |
108
+ id: AUT-PAT-1
109
+ SUT: |
92
110
  The health IT developer demonstrates the ability of the Health IT
93
- Module to support the following for “EHR-Launch,” “StandaloneLaunch,”
94
- and “Both” (“EHR-Launch” and “Standalone-Launch”) as
95
- specified in the implementation specification adopted in §
96
- 170.215(a)(3).
111
+ Module to support the following for “EHR-Launch,” “Standalone-Launch,”
112
+ and “Both” (“EHR-Launch” and “Standalone-Launch”) as specified in the
113
+ implementation specification adopted in § 170.215(a)(3).
97
114
  TLV: |
98
- The tester verifies the ability of the Health IT Module to support
99
- the following for “EHR-Launch,” “Standalone-Launch,” and “Both”
115
+ The tester verifies the ability of the Health IT Module to support the
116
+ following for “EHR-Launch,” “Standalone-Launch,” and “Both”
100
117
  (“EHR-Launch” and “Standalone-Launch”) as specified in the
101
118
  implementation specification adopted in § 170.215(a)(3).
102
119
  inferno_supported: 'yes'
103
120
  inferno_tests:
104
- - 1.2.01 - 1.2.07
105
- - 3.2.01 - 3.2.09
121
+ - 1.3.01 - 1.3.07
122
+ - 1.4.01 - 1.4.07
123
+ - 3.3.01 - 3.3.09
124
+ - 3.4.01 - 3.4.09
106
125
  inferno_notes: |
107
126
  Complete demonstration of these capabilities are accomplished
108
127
  through subsequent steps in the test procedure.
109
- - id: AUTH-PATIENT-2
128
+ - id: AUT-PAT-2
110
129
  SUT: |
111
- [EHR-Launch] The health IT developer demonstrates the ability of
112
- the Health IT Module to initiate a “launch sequence” using the
113
- “launch-ehr" “SMART on FHIR Core Capability” SMART EHR Launch
114
- mode detailed in the implementation specification adopted in §
130
+ [EHR-Launch] The health IT developer demonstrates the ability of the
131
+ Health IT Module to initiate a “launch sequence” using the
132
+ “launch-ehr" “SMART on FHIR® Core Capability” SMART EHR Launch mode
133
+ detailed in the implementation specification adopted in §
115
134
  170.215(a)(3), including:
116
135
  * Launching the registered launch URL of the application; and
117
136
  * Passing the parameters: “iss” and “launch”.
118
137
  TLV: |
119
- [EHR-Launch] The tester verifies the ability of the Health IT
120
- Module to initiate a “launch sequence” using the “launch-ehr"
121
- “SMART on FHIR Core Capability” SMART EHR Launch mode
122
- detailed in the implementation specification adopted in §
123
- 170.215(a)(3), including:
138
+ [EHR-Launch] The tester verifies the ability of the Health IT Module
139
+ to initiate a “launch sequence” using the “launch-ehr" “SMART on FHIR®
140
+ Core Capability” SMART EHR Launch mode detailed in the implementation
141
+ specification adopted in § 170.215(a)(3), including:
124
142
  * Launching the registered launch URL of the application; and
125
143
  * Passing the parameters: “iss” and “launch”.
126
144
  inferno_supported: 'yes'
127
145
  inferno_tests:
128
- - 3.2.01 - 3.2.02
129
- - 3.2.04
130
- - id: AUTH-PATIENT-3
146
+ - 3.3.01 - 3.3.02
147
+ - 3.3.04
148
+ - 3.4.01 - 3.4.02
149
+ - 3.4.04
150
+ - id: AUT-PAT-3
131
151
  SUT: |
132
- [Standalone-Launch] The health IT developer demonstrates the
133
- ability of the Health IT Module to launch using the “launch-standalone"
134
- "SMART on FHIR Core Capability" SMART Standalone
135
- Launch mode detailed in the implementation specification
136
- adopted in § 170.215(a)(3).
152
+ [Standalone-Launch] The health IT developer demonstrates the ability
153
+ of the Health IT Module to launch using the “launch-standalone" “SMART
154
+ on FHIR® Core Capability SMART Standalone Launch mode detailed in the
155
+ implementation specification adopted in § 170.215(a)(3).
137
156
  TLV: |
138
157
  [Standalone-Launch] The tester verifies the ability of the Health IT
139
- Module to launch using the “launch-standalone" “SMART on FHIR
140
- Core Capability” SMART Standalone Launch mode detailed in the
158
+ Module to launch using the “launch-standalone" “SMART on FHIR® Core
159
+ Capability” SMART Standalone Launch mode detailed in the
141
160
  implementation specification adopted in § 170.215(a)(3).
142
161
  inferno_supported: 'yes'
143
162
  inferno_tests:
144
- - 1.2.02
145
- - id: AUTH-PATIENT-4
163
+ - 1.3.02
164
+ - 1.4.02
165
+ - id: AUT-PAT-4
146
166
  SUT: |
147
167
  [Standalone-Launch] The health IT developer demonstrates the ability
148
168
  of the Health IT Module to support SMART’s public client profile.
@@ -151,43 +171,62 @@ procedure:
151
171
  Module to support SMART’s public client profile.
152
172
  inferno_supported: 'yes'
153
173
  inferno_tests:
154
- - 6.1.02 - 6.1.03
155
- - 6.1.05 - 6.1.09
156
- - id: AUTH-PATIENT-5
174
+ - 9.1.02 - 9.1.03
175
+ - 9.1.05 - 9.1.09
176
+ - 9.2.02 - 9.2.03
177
+ - 9.2.05 - 9.2.09
178
+ - id: AUT-PAT-5
157
179
  SUT: |
158
- [Both] The health IT developer demonstrates the ability of the
159
- Health IT Module to support the following as detailed in the
160
- implementation specification adopted in § 170.215(a)(3) and
161
- standard adopted in § 170.215(a)(1):
180
+ [Both] The health IT developer demonstrates the ability of the Health
181
+ IT Module to support the following as detailed in the implementation
182
+ specification adopted in § 170.215(a)(3) and standard adopted in §
183
+ 170.215(a)(1):
162
184
  * The “.well-known/smart-configuration.json” path; and
163
- * A FHIR “CapabilityStatement”.
185
+ * A FHIR® “CapabilityStatement”.
164
186
  TLV: |
165
187
  [Both] The tester verifies the ability of the Health IT Module to
166
- support the following as detailed in the implementation
167
- specification adopted in § 170.215(a)(3) and standard adopted in §
168
- 170.215(a)(1):
188
+ support the following as detailed in the implementation specification
189
+ adopted in § 170.215(a)(3) and standard adopted in § 170.215(a)(1):
169
190
  * The “.well-known/smart-configuration.json” path; and
170
- * A FHIR “CapabilityStatement”.
191
+ * A FHIR® “CapabilityStatement”.
171
192
  inferno_supported: 'yes'
172
193
  inferno_tests:
173
194
  - 1.1.01 - 1.1.03
174
195
  - 3.1.01 - 3.1.03
175
- - id: AUTH-PATIENT-6
196
+ - id: AUT-PAT-24
197
+ SUT: |
198
+ [Both] The health IT developer demonstrates the ability of the Health
199
+ IT Module to support a “.well-known/smart-configuration.json” path as
200
+ detailed in the implementation specification adopted in §
201
+ 170.215(a)(3) and standard adopted in § 170.215(a)(1).
202
+ TLV: |
203
+ [Both] The tester verifies the ability of the Health IT Module to
204
+ support a “.well-known/smart-configuration.json” path as detailed in
205
+ the implementation specification adopted in § 170.215(a)(3) and
206
+ standard adopted in § 170.215(a)(1).
207
+ inferno_supported: 'yes'
208
+ inferno_tests:
209
+ - 1.2.01 - 1.2.03
210
+ - 3.2.01 - 3.2.03
211
+ - id: AUT-PAT-6
176
212
  SUT: |
177
213
  [Both] The health IT developer demonstrates the ability of the
178
- “.well-known/smart-configuration.json” path to support at least
179
- the following as detailed in the implementation specification
180
- adopted in § 170.215(a)(3):
214
+ “.well-known/smart-configuration.json” path to support at least the
215
+ following as detailed in the implementation specification adopted in §
216
+ 170.215(a)(3):
181
217
  * “authorization_endpoint”;
182
218
  * “token_endpoint”; and
183
- * “capabilities” (including support for all the “SMART on FHIR Core Capabilities”).
219
+ * “capabilities” (including support for all the “SMART on FHIR® Core
220
+ Capabilities”).
184
221
  TLV: |
185
- [Both] The tester verifies the ability of the “.well-known/smartconfiguration.json”
186
- path to support at least the following as detailed in the implementation specification
187
- adopted in § 170.215(a)(3):
222
+ [Both] The tester verifies the ability of the
223
+ “.well-known/smart-configuration.json” path to support at least the
224
+ following as detailed in the implementation specification adopted in §
225
+ 170.215(a)(3):
188
226
  * “authorization_endpoint”;
189
227
  * “token_endpoint”; and
190
- * “capabilities” (including support for all the “SMART on FHIR Core Capabilities”).
228
+ * “capabilities” (including support for all the “SMART on FHIR® Core
229
+ Capabilities”).
191
230
  inferno_supported: 'yes'
192
231
  inferno_tests:
193
232
  - 1.1.02
@@ -198,21 +237,68 @@ procedure:
198
237
  Inferno additionally checks that the "authorization endpoint" and the
199
238
  "token endpoint" are consistent between the Capability Statement and
200
239
  the well-known endpoint.
201
- - id: AUTH-PATIENT-7
240
+ - id: AUT-PAT-25
202
241
  SUT: |
203
242
  [Both] The health IT developer demonstrates the ability of the
204
- FHIR “CapabilityStatement” to support at least the following
205
- components as detailed in the implementation specification
206
- adopted in § 170.215(a)(3) and standard adopted in §
207
- 170.215(a)(1), including:
243
+ “.well-known/smart-configuration.jsonpath to support at least the
244
+ following as detailed in the implementation specification adopted in §
245
+ 170.215(a)(3):
246
+ * “authorization_endpoint”;
247
+ * “token_endpoint”;
248
+ * “capabilities” including support for “launch-ehr",
249
+ “launch-standalone”, “client-public”,
250
+ “client-confidential-symmetric", “sso-openid-connect",
251
+ “context-banner”, “context-style”, “context-ehr-patient",
252
+ “context-standalone-patient", “permission-offline”,
253
+ “permission-patient”, “permission-user”, “authorize-post”,
254
+ “permission-v2”;
255
+ * “grant_types_supported” with support for “authorization_code” and
256
+ “client_credentials”; and
257
+ * “code_challenge_methods_supported” with support for “S256” and shall
258
+ not include support for “plain”
259
+
260
+ Additionally, the following “capabilities” must be supported if using
261
+ US Core 5.0.1:
262
+ * "context-ehr-encounter"
263
+ TLV: |
264
+ [Both] The tester verifies the ability of the
265
+ “.well-known/smart-configuration.json” path to support at least the
266
+ following as detailed in the implementation specification adopted in §
267
+ 170.215(a)(3):
268
+ * “authorization_endpoint”;
269
+ * “token_endpoint”;
270
+ * “capabilities” including support for “launch-ehr",
271
+ “launch-standalone”, “client-public”,
272
+ “client-confidential-symmetric", “sso-openid-connect",
273
+ “context-banner”, “context-style”, “context-ehr-patient",
274
+ “context-standalone-patient", “permission-offline”,
275
+ “permission-patient”, “permission-user”, “authorize-post”,
276
+ “permission-v2”;
277
+ * “grant_types_supported” with support for “authorization_code” and
278
+ “client_credentials”; and
279
+ * “code_challenge_methods_supported” with support for “S256” and shall
280
+ not include support for “plain”
281
+
282
+ Additionally, the following “capabilities” must be supported if using
283
+ US Core 5.0.1:
284
+ * "context-ehr-encounter"
285
+ inferno_supported: 'yes'
286
+ inferno_tests:
287
+ - 1.2.01 - 1.2.03
288
+ - 3.2.01 - 3.2.03
289
+ - id: AUT-PAT-7
290
+ SUT: |
291
+ [Both] The health IT developer demonstrates the ability of the FHIR®
292
+ “CapabilityStatement” to support at least the following components as
293
+ detailed in the implementation specification adopted in §
294
+ 170.215(a)(3) and standard adopted in § 170.215(a)(1), including:
208
295
  * “authorize”; and
209
296
  * “token”.
210
297
  TLV: |
211
- [Both] The tester verifies the ability of the FHIR
212
- “CapabilityStatement” to support at least the following
213
- components as detailed in the implementation specification
214
- adopted in § 170.215(a)(3) and standard adopted in §
215
- 170.215(a)(1), including:
298
+ [Both] The tester verifies the ability of the FHIR®
299
+ “CapabilityStatement” to support at least the following components as
300
+ detailed in the implementation specification adopted in §
301
+ 170.215(a)(3) and standard adopted in § 170.215(a)(1), including:
216
302
  * “authorize”; and
217
303
  * “token”.
218
304
  inferno_supported: 'yes'
@@ -223,12 +309,12 @@ procedure:
223
309
  Inferno additionally checks that the "authorization endpoint" and the
224
310
  "token endpoint" are consistent between the Capability Statement and
225
311
  the well-known endpoint.
226
- - id: AUTH-PATIENT-8
312
+ - id: AUT-PAT-8
227
313
  SUT: |
228
- [Both] The health IT developer demonstrates the ability of the
229
- Health IT Module to receive an authorization request according to
230
- the implementation specification adopted in § 170.215(a)(3),
231
- including support for the following parameters:
314
+ [Both] The health IT developer demonstrates the ability of the Health
315
+ IT Module to receive an authorization request according to the
316
+ implementation specification adopted in § 170.215(a)(3), including
317
+ support for the following parameters:
232
318
  * “response_type”;
233
319
  * “client_id”;
234
320
  * “redirect_uri”;
@@ -249,138 +335,284 @@ procedure:
249
335
  * “state”; and
250
336
  * “aud”.
251
337
  inferno_supported: 'yes'
252
- inferno_tests:
253
- - 1.2.02 - 1.2.03
254
- - 3.2.04 - 3.2.05
255
- - id: AUTH-PATIENT-9
338
+ inferno_tests:
339
+ - 1.3.02 - 1.3.03
340
+ - 3.3.04 - 3.3.05
341
+ - id: AUT-PAT-26
342
+ SUT: |
343
+ [Both] The health IT developer demonstrates the ability of the Health
344
+ IT Module to receive an authorization request according to the
345
+ implementation specification adopted in § 170.215(a)(3), including
346
+ support for the following parameters:
347
+ * “response_type”;
348
+ * “client_id”;
349
+ * “redirect_uri”;
350
+ * “launch” (for EHR-Launch mode only);
351
+ * “scope”;
352
+ * “state”;
353
+ * “aud”;
354
+ * “code_challenge”; and
355
+ * “code_challenge_method”
356
+ TLV: |
357
+ [Both] The tester verifies the ability of the Health IT Module to
358
+ receive an authorization request according to the implementation
359
+ specification adopted in § 170.215(a)(3), including support for the
360
+ following parameters:
361
+ * “response_type”;
362
+ * “client_id”;
363
+ * “redirect_uri”;
364
+ * “launch” (for EHR-Launch mode only);
365
+ * “scope”;
366
+ * “state”;
367
+ * “aud”;
368
+ * “code_challenge”; and
369
+ * “code_challenge_method”
370
+ inferno_supported: 'yes'
371
+ inferno_tests:
372
+ - 1.4.02 - 1.4.03
373
+ - 3.4.04 - 3.4.05
374
+ - id: AUT-PAT-27
375
+ SUT: |
376
+ [Both] The health IT developer demonstrates the ability of the Health
377
+ IT Module’s Authorization Server to support the use of the HTTP GET
378
+ and POST methods at the Authorization Endpoint as detailed in the
379
+ implementation specification adopted in § 170.215(a)(3).
380
+ TLV: |
381
+ [Both] The tester verifies the ability of the Health IT Module’s
382
+ Authorization Server to support the use of the HTTP GET and POST
383
+ methods at the Authorization Endpoint as detailed in the
384
+ implementation specification adopted in § 170.215(a)(3).
385
+ inferno_supported: 'yes'
386
+ inferno_tests:
387
+ - 1.4.05 - 1.4.07
388
+ - 3.4.07 - 3.4.09
389
+ - id: AUT-PAT-9
390
+ SUT: |
391
+ [Both] The health IT developer demonstrates the ability of the Health
392
+ IT Module to support the receipt of the following scopes and
393
+ capabilities according to the implementation specification adopted in
394
+ § 170.215(a)(3) and standard adopted in § 170.215(b):
395
+ * “openid” (to support “sso-openid-connect” “SMART on FHIR® Core
396
+ Capability”);
397
+ * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR® Core
398
+ Capability”);
399
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
400
+ Core Capability” for EHR-Launch mode only);
401
+ * “smart_style_url” (to support “context-style” “SMART on FHIR® Core
402
+ Capability” for EHR-Launch mode only);
403
+ * “launch/patient” (to support “context-standalone-patient” “SMART on
404
+ FHIR® Core Capability” for Standalone-Launch mode only);
405
+ * “launch” (for EHR-Launch mode only);
406
+ * “offline_access” (to support “permission-offline” “SMART on FHIR®
407
+ Core Capability”);
408
+ * Patient-level scopes (to support “permission-patient” “SMART on
409
+ FHIR® Core Capability”); and
410
+ * User-level scopes (to support “permission-user” “SMART on FHIR® Core
411
+ Capability”).
412
+ TLV: |
413
+ [Both] The tester verifies the ability of the Health IT Module to
414
+ support the receipt of the following scopes according to the
415
+ implementation specification adopted in § 170.215(a)(3) and standard
416
+ adopted in § 170.215(b):
417
+ * “openid” (to support “sso-openid-connect” “SMART on FHIR® Core
418
+ Capability”);
419
+ * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR® Core
420
+ Capability”);
421
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
422
+ Core Capability” for EHR-Launch mode only);
423
+ * “smart_style_url” (to support “context-style” “SMART on FHIR® Core
424
+ Capability” for EHR-Launch mode only);
425
+ * “launch/patient” (to support “context-standalone-patient” “SMART on
426
+ FHIR® Core Capability” for Standalone-Launch mode only);
427
+ * “launch” (for EHR-Launch mode only);
428
+ * “offline_access” (to support “permission-offline” “SMART on FHIR®
429
+ Core Capability”);
430
+ * Patient-level scopes (to support “permission-patient” “SMART on
431
+ FHIR® Core Capability”); and
432
+ * User-level scopes (to support “permission-user” “SMART on FHIR® Core
433
+ Capability”).
434
+ inferno_supported: 'yes'
435
+ inferno_tests:
436
+ - 1.3.02
437
+ - 3.3.04
438
+ inferno_notes: |
439
+ This step refers to only the receipt of these scopes, which is covered in
440
+ Inferno in one step in each the EHR and Standalone launch cases. However,
441
+ it is not possible to tell if these scopes were properly granted until
442
+ verifying that the client has access to perform the necessary steps.
443
+ Inferno does this as well, but this mapping only refers to the 'receipt' portion
444
+ of the launch process.
445
+ - id: AUT-PAT-28
256
446
  SUT: |
257
447
  [Both] The health IT developer demonstrates the ability of the Health
258
448
  IT Module to support the receipt of the following scopes and
259
449
  capabilities according to the implementation specification adopted in
260
450
  § 170.215(a)(3) and standard adopted in § 170.215(b):
261
- * “openid” (to support “sso-openid-connect” “SMART on FHIR Core Capability”);
262
- * “fhirUser” (to support “sso-openid-connect” “SMART on FHIR Core Capability”);
263
- * “need_patient_banner” (to support “context-banner” “SMART on FHIR Core Capability” for EHR-Launch mode only);
264
- * “smart_style_url” (to support “context-style” “SMART on FHIR Core Capability” for EHR-Launch mode only);
265
- * “launch/patient” (to support “context-standalone-patient” “SMART on FHIR Core Capability” for Standalone-Launch mode only);
451
+ * “openid” (to support “sso-openid-connect” “SMART on FHIR®
452
+ Capability”);
453
+ * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR®
454
+ Capability”);
455
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
456
+ Capability” for EHR-Launch mode only);
457
+ * “smart_style_url” (to support “context-style” “SMART on FHIR®
458
+ Capability” for EHR-Launch mode only);
459
+ * “launch/patient” (to support “context-standalone-patient” “SMART on
460
+ FHIR® Capability” for Standalone-Launch mode only);
266
461
  * “launch” (for EHR-Launch mode only);
267
- * “offline_access” (to support “permission-offline” “SMART on FHIR Core Capability”);
268
- * Patient-level scopes(to support “permission-patient” “SMART on FHIR Core Capability”); and
269
- * User-level scopes (to support “permission-user” “SMART on FHIR Core Capability”).
462
+ * “offline_access” (to support “permission-offline” “SMART on FHIR®
463
+ Capability”);
464
+ * Patient-level scopes (to support “permission-patientand “SMART on
465
+ FHIR® Capability”); and
466
+ * User-level scopes (to support “permission-user” “SMART on FHIR®
467
+ Capability”).
468
+ * SMARTv2 scope syntax for patient-level and user-level scopes (to
469
+ support “permission-v2” “SMART on FHIR® Capability”)
270
470
  TLV: |
271
471
  [Both] The tester verifies the ability of the Health IT Module to
272
472
  support the receipt of the following scopes and capabilities according
273
473
  to the implementation specification adopted in § 170.215(a)(3) and
274
474
  standard adopted in § 170.215(b):
275
- * “openid” (to support “sso-openid-connect” “SMART on FHIR Core Capability”);
276
- * “fhirUser” (to support “sso-openid-connect” “SMART on FHIR Core Capability”);
277
- * “need_patient_banner” (to support “context-banner” “SMART on FHIR Core Capability” for EHR-Launch mode only);
278
- * “smart_style_url” (to support “context-style” “SMART on FHIR Core Capability” for EHR-Launch mode only);
279
- * “launch/patient” (to support “context-standalone-patient” “SMART on FHIR Core Capability” for Standalone-Launch mode only);
475
+ * “openid” (to support “sso-openid-connect” “SMART on FHIR®
476
+ Capability”);
477
+ * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR®
478
+ Capability”);
479
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
480
+ Capability” for EHR-Launch mode only);
481
+ * “smart_style_url” (to support “context-style” “SMART on FHIR®
482
+ Capability” for EHR-Launch mode only);
483
+ * “launch/patient” (to support “context-standalone-patient” “SMART on
484
+ FHIR® Capability” for Standalone-Launch mode only);
280
485
  * “launch” (for EHR-Launch mode only);
281
- * “offline_access” (to support “permission-offline” “SMART on FHIR Core Capability”);
282
- * Patient-level scopes (to support “permission-patient” “SMART on FHIR Core Capability”); and
283
- * User-level scopes (to support “permission-user” “SMART on FHIR Core Capability”).
486
+ * “offline_access” (to support “permission-offline” “SMART on FHIR®
487
+ Capability”);
488
+ * Patient-level scopes (to support “permission-patientand “SMART on
489
+ FHIR® Capability”); and
490
+ * User-level scopes (to support “permission-user” “SMART on FHIR®
491
+ Capability”).
492
+ * SMARTv2 scope syntax for patient-level and user-level scopes (to
493
+ support “permission-v2” “SMART on FHIR® Capability”)
284
494
  inferno_supported: 'yes'
285
495
  inferno_tests:
286
- - 1.2.02
287
- - 3.2.05
496
+ - 1.4.02
497
+ - 3.4.04
288
498
  inferno_notes: |
289
499
  This step refers to only the receipt of these scopes, which is covered in
290
500
  Inferno in one step in each the EHR and Standalone launch cases. However,
291
501
  it is not possible to tell if these scopes were properly granted until
292
- verifying that the client has access to perform the necessary steps.
502
+ verifying that the client has access to perform the necessary steps.
293
503
  Inferno does this as well, but this mapping only refers to the 'receipt' portion
294
504
  of the launch process.
295
- - id: AUTH-PATIENT-10
505
+ - id: AUT-PAT-10
296
506
  SUT: |
297
- [Both] The health IT developer demonstrates the ability of the
298
- Health IT Module to evaluate the authorization request and
299
- request end-user input, if applicable (required for patient-facing
300
- applications), including the ability for the end-user to authorize an
301
- application to receive Electronic Health Information (EHI) based
302
- on FHIR resource-level scopes for all of the FHIR resources
303
- associated with the profiles specified in the standard adopted in
304
- § 170.213 and implementation specification adopted in
305
- § 170.215(a)(2), including:
306
- * "AllergyIntolerance";
307
- * "CarePlan";
308
- * "CareTeam";
309
- * "Condition";
310
- * "Device";
311
- * "DiagnosticReport";
312
- * "DocumentReference";
313
- * "Goal";
314
- * "Immunization";
315
- * "Medication" (if supported);
316
- * "MedicationRequest";
317
- * "Observation";
318
- * "Patient";
319
- * "Procedure"; and
320
- * "Provenance".
507
+ [Both] The health IT developer demonstrates the ability of the Health
508
+ IT Module to evaluate the authorization request and request end-user
509
+ input, if applicable (required for patient-facing applications),
510
+ including the ability for the end-user to authorize an application to
511
+ receive EHI based on FHIR® resource-level scopes for all of the FHIR®
512
+ resources associated with the profiles specified in the standard
513
+ adopted in § 170.213 and implementation specification adopted in
514
+ § 170.215(a)(2).
515
+
516
+ If using US Core 3.1.1, 4.0.0, or 5.0.1, these resources include:
517
+ * “AllergyIntolerance”;
518
+ * “CarePlan”;
519
+ * “CareTeam”;
520
+ * “Condition”;
521
+ * “Device”;
522
+ * “DiagnosticReport”;
523
+ * “DocumentReference”;
524
+ * “Goal”;
525
+ * “Immunization”;
526
+ * “Medication” (if supported);
527
+ * “MedicationRequest”;
528
+ * “Observation”;
529
+ * “Patient”;
530
+ * “Procedure”; and
531
+ * “Provenance”.
532
+
533
+ Additionally, the following resources must be supported if using US
534
+ Core 5.0.1:
535
+ * “Encounter”;
536
+ * “RelatedPerson”; and
537
+ * “ServiceRequest”
321
538
  TLV: |
322
- [Both] The tester verifies the ability of the
323
- Health IT Module to evaluate the authorization request and
324
- request end-user input, if applicable (required for patient-facing
325
- applications), including the ability for the end-user to authorize an
326
- application to receive Electronic Health Information (EHI) based
327
- on FHIR resource-level scopes for all of the FHIR resources
539
+ [Both] The tester verifies the ability of the Health IT Module to
540
+ evaluate the authorization request and request end-user input, if
541
+ applicable (required for patient-facing applications), including the
542
+ ability for the end-user to authorize an application to receive EHI
543
+ based on FHIR® resource-level scopes for all of the FHIR® resources
328
544
  associated with the profiles specified in the standard adopted in
329
- § 170.213 and implementation specification adopted in
330
- § 170.215(a)(2), including:
331
- * "AllergyIntolerance";
332
- * "CarePlan";
333
- * "CareTeam";
334
- * "Condition";
335
- * "Device";
336
- * "DiagnosticReport";
337
- * "DocumentReference";
338
- * "Goal";
339
- * "Immunization";
340
- * "Medication" (if supported);
341
- * "MedicationRequest";
342
- * "Observation";
343
- * "Patient";
344
- * "Procedure"; and
345
- * "Provenance".
346
- inferno_supported: 'yes'
347
- inferno_tests:
348
- - 1.2.02
349
- - 1.2.05
350
- - 3.2.04
351
- - 3.2.07
545
+ § 170.213 and implementation specification adopted in § 170.215(a)(2).
546
+
547
+ If using US Core 3.1.1, 4.0.0, or 5.0.1, these resources include:
548
+ * “AllergyIntolerance”;
549
+ * “CarePlan”;
550
+ * “CareTeam”;
551
+ * “Condition”;
552
+ * “Device”;
553
+ * “DiagnosticReport”;
554
+ * “DocumentReference”;
555
+ * “Goal”;
556
+ * “Immunization”;
557
+ * “Medication” (if supported);
558
+ * “MedicationRequest”;
559
+ * “Observation”;
560
+ * “Patient”;
561
+ * “Procedure”; and
562
+ * “Provenance”.
563
+
564
+ Additionally, the following resources must be supported if using US
565
+ Core 5.0.1:
566
+ * “Encounter”;
567
+ * “RelatedPerson”; and
568
+ * “ServiceRequest”
569
+ inferno_supported: 'yes'
570
+ inferno_tests:
571
+ - 1.3.02
572
+ - 1.3.05
573
+ - 1.4.02
574
+ - 1.4.05
575
+ - 3.3.04
576
+ - 3.3.07
577
+ - 3.4.04
578
+ - 3.4.07
352
579
  - 2.1.02
353
580
  - 2.1.05
354
- - 1.5.01 - 1.5.14
355
- - 2.2.01 - 2.2.13
581
+ - 2.2.02
582
+ - 2.2.05
583
+ - 1.7.01 - 1.7.16
584
+ - 2.3.01 - 2.3.15
356
585
  inferno_notes: |
357
586
  Inferno verifies that end-user input is requested by requiring one app
358
587
  launch have complete access to required resources and having one app
359
588
  launch have limited access based on the preferences of the tester.
360
- - id: AUTH-PATIENT-11
589
+ - id: AUT-PAT-11
361
590
  SUT: |
362
- [Both] The health IT developer demonstrates the ability of the
363
- Health IT Module to evaluate the authorization request and request
364
- end-user input, if applicable (required for patient-facing
365
- applications), including either the ability for the end-user to
366
- explicitly enable / disable the “offline_access” scope or
367
- information communicating the application’s request for the
368
- “offline_access” scope.
369
- TLV: |
591
+ [Both] The health IT developer demonstrates the ability of the Health
592
+ IT Module to evaluate the authorization request and request end-user
593
+ input, if applicable (required for patient-facing applications),
594
+ including either the ability for the end-user to explicitly enable /
595
+ disable the “offline_access” scope or information communicating the
596
+ application’s request for the “offline_access” scope.
597
+ TLV: |
370
598
  [Both] The tester verifies the ability of the Health IT Module to
371
599
  evaluate the authorization request and request end-user input, if
372
600
  applicable (required for patient-facing applications), including
373
- either the ability for the end-user to explicitly enable / disable
374
- the “offline_access” scope or information communicating the
375
- application’s request for the “offline_access” scope.
601
+ either the ability for the end-user to explicitly enable / disable the
602
+ “offline_access” scope or information communicating the application’s
603
+ request for the “offline_access” scope.
376
604
  inferno_supported: 'yes'
377
605
  inferno_tests:
378
- - 1.2.02
379
- - 1.2.05
606
+ - 1.3.02
607
+ - 1.3.05
608
+ - 1.4.02
609
+ - 1.4.05
380
610
  - 2.1.02
381
611
  - 2.1.05
382
- - 1.5.01 - 1.5.14
383
- - 2.2.01 - 2.2.13
612
+ - 2.2.02
613
+ - 2.2.05
614
+ - 1.7.01 - 1.7.16
615
+ - 2.3.01 - 2.3.15
384
616
  inferno_notes: |
385
617
  Inferno verifies that end-user input is requested by requiring one app
386
618
  launch have complete access to required resources and having one app
@@ -388,26 +620,31 @@ procedure:
388
620
  Inferno requests full resource and 'offline_access' access, and the tester
389
621
  is expected to select the correct subset of resources and deny 'offline_access'
390
622
  based on previously selected preferences.
391
- - id: AUTH-PATIENT-12
623
+ - id: AUT-PAT-12
392
624
  SUT: |
393
625
  [Both] The health IT developer demonstrates the ability of the Health
394
626
  IT Module to deny an application’s authorization request according to
395
- a patient’s preferences selected in steps 10 and 11 of this section in
396
- accordance with the implementation specification adopted in §
397
- 170.215(a)(3).
627
+ a patient’s preferences selected in AUT-PAT-10, and AUT-PAT-11, of
628
+ this section in accordance with the implementation specification
629
+ adopted in § 170.215(a)(3).
398
630
  TLV: |
399
631
  [Both] The tester verifies the ability of the Health IT Module to deny
400
632
  an application’s authorization request according to a patient’s
401
- preferences selected in steps 10 and 11 of this section in accordance
402
- with the implementation specification adopted in § 170.215(a)(3).
633
+ preferences selected in AUT-PAT-10, and AUT-PAT-11, of this section in
634
+ accordance with the implementation specification adopted in §
635
+ 170.215(a)(3).
403
636
  inferno_supported: 'yes'
404
637
  inferno_tests:
405
- - 1.2.02
406
- - 1.2.05
638
+ - 1.3.02
639
+ - 1.3.05
640
+ - 1.4.02
641
+ - 1.4.05
407
642
  - 2.1.02
408
643
  - 2.1.05
409
- - 1.5.01 - 1.5.14
410
- - 2.2.01 - 2.2.13
644
+ - 2.2.02
645
+ - 2.2.05
646
+ - 1.7.01 - 1.7.16
647
+ - 2.3.01 - 2.3.15
411
648
  inferno_notes: |
412
649
  Inferno verifies that end-user input is requested by requiring one app
413
650
  launch have complete access to required resources and having one app
@@ -415,139 +652,222 @@ procedure:
415
652
  Inferno requests full resource and 'offline_access' access, and the tester
416
653
  is expected to select the correct subset of resources and deny 'offline_access'
417
654
  based on previously selected preferences.
418
- - id: AUTH-PATIENT-13
655
+ - id: AUT-PAT-29
656
+ SUT: |
657
+ [EHR-Launch] The health IT developer demonstrates the ability of the
658
+ Health IT Module to establish a patient in context if an application
659
+ requests a clinical scope which is restricted to a single patient as
660
+ detailed in the implementation specification adopted in §
661
+ 170.215(a)(3).
662
+ TLV: |
663
+ [EHR-Launch] The tester verifies the ability of the Health IT Module
664
+ to establish a patient in context if an application requests a
665
+ clinical scope which is restricted to a single patient as detailed in
666
+ the implementation specification adopted in § 170.215(a)(3).
667
+ inferno_supported: 'yes'
668
+ inferno_tests:
669
+ - 9.9.01 - 9.9.10
670
+ - id: AUT-PAT-13
419
671
  SUT: |
420
672
  [Both] The health IT developer demonstrates the ability of the Health
421
673
  IT Module to return an error response if the "aud" parameter provided
422
- by an application to the Health IT Module in Step 8, is not a valid
674
+ by an application to the Health IT Module in AUT-PAT-8, is not a valid
423
675
  FHIR® resource server associated with the Health IT Module's
424
676
  authorization server.
425
677
  TLV: |
426
678
  [Both] The tester verifies the ability of the Health IT Module to
427
679
  return an error response if the "aud" parameter provided by an
428
- application to the Health IT Module in Step 8, is not a valid FHIR®
680
+ application to the Health IT Module in AUT-PAT-8, is not a valid FHIR®
429
681
  resource server associated with the Health IT Module's authorization
430
682
  server.
431
683
  inferno_supported: 'yes'
432
684
  inferno_tests:
433
- - 6.3.01 - 6.3.02
434
- - id: AUTH-PATIENT-14
685
+ - 9.4.01 - 9.4.03
686
+ - id: AUT-PAT-14
435
687
  SUT: |
436
- [Both] The health IT developer demonstrates the ability of the
437
- Health IT Module to grant an application access to EHI by
438
- returning an authorization code to the application according to
439
- the implementation specification adopted in § 170.215(a)(3),
440
- including the following parameters:
688
+ [Both] The health IT developer demonstrates the ability of the Health
689
+ IT Module to grant an application access to EHI by returning an
690
+ authorization code to the application according to the implementation
691
+ specification adopted in § 170.215(a)(3), including the following
692
+ parameters:
441
693
  * “code”; and
442
694
  * “state”.
443
695
  TLV: |
444
- [Both] The tester verifies the ability of the
445
- Health IT Module to grant an application access to EHI by
446
- returning an authorization code to the application according to
447
- the implementation specification adopted in § 170.215(a)(3),
448
- including the following parameters:
696
+ [Both] The tester verifies the ability of the Health IT Module to
697
+ grant an application access to EHI by returning an authorization code
698
+ to the application according to the implementation specification
699
+ adopted in § 170.215(a)(3), including the following parameters:
449
700
  * “code”; and
450
701
  * “state”.
451
702
  inferno_supported: 'yes'
452
- inferno_tests:
453
- - 1.2.03
454
- - 3.2.05
455
- - id: AUTH-PATIENT-15
703
+ inferno_tests:
704
+ - 1.3.03
705
+ - 1.4.03
706
+ - 3.3.05
707
+ - 3.4.05
708
+ - id: AUT-PAT-15
456
709
  SUT: |
457
- [Both] The health IT developer demonstrates the ability of the
458
- Health IT Module to receive the following parameters from an
459
- application according to the implementation specification adopted
460
- in § 170.215(a)(3):
710
+ [Both] The health IT developer demonstrates the ability of the Health
711
+ IT Module to receive the following parameters from an application
712
+ according to the implementation specification adopted in §
713
+ 170.215(a)(3):
461
714
  * “grant_type”;
462
715
  * “code”;
463
716
  * “redirect_uri”;
464
717
  * “client_id”; and
465
- * Authorization header including “client_id” and "client_secret"
718
+ * Authorization header including “client_id” and client_secret”.
466
719
  TLV: |
467
- [Both] The tester verifies the ability of the
468
- Health IT Module to receive the following parameters from an
469
- application according to the implementation specification adopted
470
- in § 170.215(a)(3):
720
+ [Both] The tester verifies the ability of the Health IT Module to
721
+ receive the following parameters from an application according to the
722
+ implementation specification adopted in § 170.215(a)(3):
471
723
  * “grant_type”;
472
724
  * “code”;
473
725
  * “redirect_uri”;
474
726
  * “client_id”; and
475
- * Authorization header including “client_id” and "client_secret"
727
+ * Authorization header including “client_id” and client_secret”.
476
728
  inferno_supported: 'yes'
477
729
  inferno_tests:
478
- - 1.2.05
479
- - 3.2.07
730
+ - 1.3.05
731
+ - 3.3.07
480
732
  inferno_notes: |
481
733
  "client_secret" is only provided in the case of confidential clients.
482
- - id: AUTH-PATIENT-16
734
+ - id: AUT-PAT-30
483
735
  SUT: |
484
- [Both] The health IT developer demonstrates the ability of the
485
- Health IT Module to return a JSON object to applications according
486
- to the implementation specification adopted in § 170.215(a)(3)
487
- and standard adopted in § 170.215(b), including the following:
736
+ [Both] The health IT developer demonstrates the ability of the Health
737
+ IT Module to receive the following access token request parameters
738
+ from an application according to the implementation specification
739
+ adopted in § 170.215(a)(3):
740
+ * “grant_type”;
741
+ * “code”;
742
+ * “redirect_uri”;
743
+ * “code_verifier”;
744
+ * “client_id”; and
745
+ * Authorization header including “client_id” and “client_secret”.
746
+ TLV: |
747
+ [Both] The tester verifies the ability of the Health IT Module to
748
+ receive the following access token request parameters from an
749
+ application according to the implementation specification adopted in §
750
+ 170.215(a)(3):
751
+ * “grant_type”;
752
+ * “code”;
753
+ * “redirect_uri”;
754
+ * “code_verifier”;
755
+ * “client_id”; and
756
+ * Authorization header including “client_id” and “client_secret”.
757
+ inferno_supported: 'yes'
758
+ inferno_tests:
759
+ - 1.3.05
760
+ - 3.3.07
761
+ - id: AUT-PAT-31
762
+ SUT: |
763
+ [Both] The health IT developer demonstrates the ability of the Health
764
+ IT Module to return an error response if an invalid “code_verifier”
765
+ value is supplied with an access token request according to the
766
+ implementation specification adopted in § 170.215(a)(3).
767
+ TLV: |
768
+ [Both] The tester verifies the ability of the Health IT Module to
769
+ return an error response if an invalid “code_verifier” value is
770
+ supplied with an access token request according to the implementation
771
+ specification adopted in § 170.215(a)(3).
772
+ inferno_supported: 'yes'
773
+ inferno_tests:
774
+ - 1.4.05
775
+ - 3.4.07
776
+ - id: AUT-PAT-16
777
+ SUT: |
778
+ [Both] The health IT developer demonstrates the ability of the Health
779
+ IT Module to return a JSON object to applications according to the
780
+ implementation specification adopted in § 170.215(a)(3) and standard
781
+ adopted in § 170.215(b), including the following:
488
782
  * “access_token”;
489
783
  * “token_type”;
490
784
  * “scope”;
491
785
  * “id_token”;
492
- * “refresh_token” (valid for a period of no shorter than three months);
493
- * HTTP “Cache-Control” response header field with a value of “no-store”;
494
- * HTTP “Pragma” response header field with a value of “nocache”;
495
- * patient” (to support “context-ehr-patient” and “contextstandalone-patient” “SMART on FHIR Core Capabilities”);
496
- * “need_patient_banner(to support “context-banner” “SMART on FHIR Core Capability” for EHR-Launch mode only); and
497
- * “smart_style_url” (to support “context-style“SMART on FHIR Core Capability” for EHR-Launch mode only).
786
+ * “refresh_token” (valid for a period of no shorter than three
787
+ months);
788
+ * HTTP “Cache-Control” response header field with a value of
789
+ no-store”;
790
+ * HTTP Pragmaresponse header field with a value of “no-cache”;
791
+ * “patient” (to support “context-ehr-patientand
792
+ “context-standalone-patient” “SMART on FHIR® Core Capabilities”);
793
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
794
+ Core Capability” for EHR-Launch mode only); and
795
+ * “smart_style_url” (to support “context-style” “SMART on FHIR® Core
796
+ Capability” for EHR-Launch mode only).
797
+
798
+ Additionally, the following must be supported if using US Core 5.0.1:
799
+ * “encounter” (to support"context-ehr-encounter" “SMART on FHIR®
800
+ Capability”)
498
801
  TLV: |
499
- [Both] The tester verifies the ability of the
500
- Health IT Module to return a JSON object to applications according
501
- to the implementation specification adopted in § 170.215(a)(3)
502
- and standard adopted in § 170.215(b), including the following:
802
+ [Both] The tester verifies the ability of the Health IT Module to
803
+ return a JSON object to applications according to the implementation
804
+ specification adopted in § 170.215(a)(3) and standard adopted in §
805
+ 170.215(b), including the following:
503
806
  * “access_token”;
504
807
  * “token_type”;
505
808
  * “scope”;
506
809
  * “id_token”;
507
- * “refresh_token” (valid for a period of no shorter than three months);
508
- * HTTP “Cache-Control” response header field with a value of “no-store”;
509
- * HTTP “Pragma” response header field with a value of “nocache”;
510
- * patient” (to support “context-ehr-patient” and “contextstandalone-patient” “SMART on FHIR Core Capabilities”);
511
- * “need_patient_banner(to support “context-banner” “SMART on FHIR Core Capability” for EHR-Launch mode only); and
512
- * “smart_style_url” (to support “context-style“SMART on FHIR Core Capability” for EHR-Launch mode only).
810
+ * “refresh_token” (valid for a period of no shorter than three
811
+ months);
812
+ * HTTP “Cache-Control” response header field with a value of
813
+ no-store”;
814
+ * HTTP Pragmaresponse header field with a value of “no-cache”;
815
+ * “patient” (to support “context-ehr-patientand
816
+ “context-standalone-patient” “SMART on FHIR® Core Capabilities”);
817
+ * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
818
+ Core Capability” for EHR-Launch mode only); and
819
+ * “smart_style_url” (to support “context-style” “SMART on FHIR® Core
820
+ Capability” for EHR-Launch mode only).
821
+
822
+ Additionally, the following must be supported if using US Core 5.0.1:
823
+ * “encounter” (to support"context-ehr-encounter" “SMART on FHIR®
824
+ Capability”)
513
825
  inferno_supported: 'yes'
514
- inferno_tests:
515
- - 1.2.06 - 1.2.07
516
- - 3.2.08 - 3.2.09
517
- - id: AUTH-PATIENT-17
826
+ inferno_tests:
827
+ - 1.3.06 - 1.3.07
828
+ - 1.4.06 - 1.4.07
829
+ - 3.3.08 - 3.3.09
830
+ - 3.3.13
831
+ - 3.4.08 - 3.4.09
832
+ - 3.4.13
833
+ - 9.8.08 - 9.8.09
834
+ - 9.9.08 - 9.9.09
835
+ - id: AUT-PAT-17
518
836
  SUT: |
519
- [Both] The health IT developer demonstrates the ability of the
520
- Health IT Module to provide an OpenID Connect well-known URI in
521
- accordance with the implementation specification adopted in §
522
- 170.215(b), including:
523
- * All required fields populated according to implementation specification adopted in § 170.215(b)
524
- * Valid JWKS populated according to implementation specification can be retrieved via JWKS URI
837
+ [Both] The health IT developer demonstrates the ability of the Health
838
+ IT Module to provide an OpenID Connect well-known URI in accordance
839
+ with the implementation specification adopted in § 170.215(b),
840
+ including:
841
+ * All required fields populated according to implementation
842
+ specification adopted in § 170.215(b); and
843
+ * Valid JWKS populated according to implementation specification can
844
+ be retrieved via JWKS URI.
525
845
  TLV: |
526
- [Both] The tester verfies the ability of the Health IT Module to
846
+ [Both] The tester verifies the ability of the Health IT Module to
527
847
  provide an OpenID Connect well-known URI in accordance with the
528
848
  implementation specification adopted in § 170.215(b), including:
529
- * All required fields populated according to implementation specification adopted in § 170.215(b)
530
- * Valid JWKS populated according to implementation specification can be retrieved via JWKS URI
849
+ * All required fields populated according to implementation
850
+ specification adopted in § 170.215(b); and
851
+ * Valid JWKS populated according to implementation specification can
852
+ be retrieved via JWKS URI.
531
853
  inferno_supported: 'yes'
532
854
  inferno_tests:
533
- - 1.3.01 - 1.3.07
534
- - 3.3.01 - 3.3.07
855
+ - 1.5.01 - 1.5.07
856
+ - 3.5.01 - 3.5.07
535
857
  inferno_notes: |
536
858
  Inferno decodes the id_token provided during authentication and
537
859
  verifies that it contains the correct claims, has a valid signature,
538
860
  and the fhirUser claim contains a reference to the current user that
539
861
  can be retreived using the bearer token provided during the application launch.
540
- - id: AUTH-PATIENT-18
862
+ - id: AUT-PAT-18
541
863
  SUT: |
542
- [Both] The health IT developer demonstrates the ability of the
543
- Health IT Module to deny an application’s authorization request in
544
- accordance with the implementation specification adopted in §
545
- 170.215(a)(3).
864
+ [Both] The health IT developer demonstrates the ability of the Health
865
+ IT Module to deny an application’s authorization request in accordance
866
+ with the implementation specification adopted in § 170.215(a)(3).
546
867
  TLV: |
547
- [Both] The tester demonstrates the ability of the
548
- Health IT Module to deny an application’s authorization request in
549
- accordance with the implementation specification adopted in §
550
- 170.215(a)(3).
868
+ [Both] The tester verifies the ability of the Health IT Module to deny
869
+ an application’s authorization request in accordance with the
870
+ implementation specification adopted in § 170.215(a)(3).
551
871
  inferno_supported: 'yes'
552
872
  inferno_notes: |
553
873
  Inferno verifies that the user has the ability to explicitly authorize
@@ -556,98 +876,118 @@ procedure:
556
876
  are denied.
557
877
  inferno_tests:
558
878
  - 2.1.02 - 2.1.09
559
- - 2.2.01 - 2.2.13
560
- - 6.4.01 - 6.4.04
561
- - id: AUTH-PATIENT-19
879
+ - 2.2.02 - 2.2.09
880
+ - 2.3.01 - 2.3.15
881
+ - 9.5.01 - 9.5.04
882
+ - 9.6.01 - 9.6.04
883
+ - id: AUT-PAT-19
562
884
  SUT: |
563
- [Standalone-Launch] The health IT developer the ability of the Health IT
564
- Module to return a “Patient” FHIR resource that matches the
565
- patient context provided in step 9 of this section according to the
566
- implementation specification adopted in § 170.215(a)(2).
885
+ [Both] The health IT developer demonstrates the ability of the Health
886
+ IT Module to return a “Patient” FHIR® resource that matches the
887
+ patient context provided in step AUT-PAT-9 of this section according
888
+ to the implementation specification adopted in § 170.215(a)(2).
567
889
  TLV: |
568
- [Standalone-Launch] The tester verifies the ability of the Health IT
569
- Module to return a “Patient” FHIR resource that matches the
570
- patient context provided in step 9 of this section according to the
890
+ [Both] The tester verifies the ability of the Health IT Module to
891
+ return a “Patient” FHIR® resource that matches the patient context
892
+ provided in step AUT-PAT-9 of this section according to the
571
893
  implementation specification adopted in § 170.215(a)(2).
572
894
  inferno_supported: 'yes'
573
895
  inferno_tests:
574
- - 1.2.08
575
- - 3.2.12
576
- - id: AUTH-PATIENT-20
896
+ - 1.3.10
897
+ - 1.4.10
898
+ - 3.3.12
899
+ - 3.4.12
900
+ - 9.8.10
901
+ - 9.9.10
902
+ - id: AUT-PAT-32
577
903
  SUT: |
578
- [Both] The health IT developer demonstrates the ability of the
579
- Health IT Module to grant an access token when a refresh token is
580
- supplied according to the implementation specification adopted in
581
- § 170.215(a)(2).
904
+ [EHR-Launch] The following must be supported if using US Core 5.0.1:
905
+ The health IT developer demonstrates the ability of the Health IT
906
+ Module to return an “Encounter” FHIR® resource that matches the
907
+ encounter context provided in step AUT-PAT-9 of this section according
908
+ to the implementation specification adopted in § 170.215(a)(2).
582
909
  TLV: |
583
- [Both] The health IT developer demonstrates the ability of the
584
- Health IT Module to grant an access token when a refresh token is
585
- supplied according to the implementation specification adopted in
586
- § 170.215(a)(2).
910
+ [EHR-Launch] The following must be supported if using US Core 5.0.1:
911
+ The tester verifies the ability of the Health IT Module to return an
912
+ “Encounter” FHIR® resource that matches the encounter context provided
913
+ in step AUT-PAT-9 of this section according to the implementation
914
+ specification adopted in § 170.215(a)(2).
587
915
  inferno_supported: 'yes'
588
916
  inferno_tests:
589
- - 1.4.03 - 1.4.05
590
- - 3.4.05 - 3.4.05
591
- - id: AUTH-PATIENT-21
917
+ - 3.3.13
918
+ - 3.4.13
919
+ - id: AUT-PAT-20
592
920
  SUT: |
593
- [Both] The health IT developer demonstrates the ability of the
594
- Health IT Module to grant a refresh token valid for a period of no
595
- less than three months to native applications capable of storing a
596
- refresh token.
921
+ [Both] The health IT developer demonstrates the ability of the Health
922
+ IT Module to grant an access token when a refresh token is supplied
923
+ according to the implementation specification adopted in §
924
+ 170.215(a)(2).
597
925
  TLV: |
598
926
  [Both] The tester verifies the ability of the Health IT Module to
599
- grant a refresh token valid for a period of no less than three
600
- months to native applications capable of storing a refresh token.
927
+ grant an access token when a refresh token is supplied according to
928
+ the implementation specification adopted in § 170.215(a)(2).
601
929
  inferno_supported: 'yes'
602
930
  inferno_tests:
603
- - 6.5.13
931
+ - 1.6.03 - 1.6.05
932
+ - 3.6.05 - 3.6.05
933
+ - id: AUT-PAT-21
934
+ SUT: |
935
+ [Both] The health IT developer demonstrates the ability of the Health
936
+ IT Module to grant a refresh token valid for a period of no less than
937
+ three months to native applications capable of securing a refresh
938
+ token.
939
+ TLV: |
940
+ [Both] The tester verifies the ability of the Health IT Module to
941
+ grant a refresh token valid for a period of no less than three months
942
+ to native applications capable of securing a refresh token.
943
+ inferno_supported: 'yes'
944
+ inferno_tests:
945
+ - 9.10.13
604
946
  - group: 'Subsequent Connections: Authentication and Authorization for Patient and User Scopes'
605
- id: AUTH-PATIENT-22
606
- SUT: |
947
+ id: AUT-PAT-22
948
+ SUT: |
607
949
  The health IT developer demonstrates the ability of the Health IT
608
- Module to issue a new refresh token valid for a new period of no
609
- shorter than three months without requiring re-authentication
610
- and re-authorization when a valid refresh token is supplied by the
611
- application according to the implementation specification adopted
612
- in § 170.215(a)(3).
613
- TLV: |
614
- The tester verifies the ability of the Health IT
615
- Module to issue a new refresh token valid for a new period of no
616
- shorter than three months without requiring re-authentication
617
- and re-authorization when a valid refresh token is supplied by the
618
- application according to the implementation specification adopted
619
- in § 170.215(a)(3).
620
- inferno_supported: 'yes'
621
- inferno_tests:
622
- - 6.5.05
950
+ Module to issue a refresh token valid for a new period of no shorter
951
+ than three months without requiring re-authentication and
952
+ re-authorization when a valid refresh token is supplied by the
953
+ application according to the implementation specification adopted in §
954
+ 170.215(a)(3).
955
+ TLV: |
956
+ The tester verifies the ability of the Health IT Module to issue a
957
+ refresh token valid for a new period of no shorter than three months
958
+ without requiring re-authentication and re-authorization when a valid
959
+ refresh token is supplied by the application according to the
960
+ implementation specification adopted in § 170.215(a)(3).
961
+ inferno_supported: 'yes'
962
+ inferno_tests:
963
+ - 9.10.05
623
964
  inferno_notes: |
624
965
  Inferno cannot verify the three month token expiration requirement
625
966
  automatically during the token refresh tests, but the tester can
626
967
  register an attestation that this requirement is met.
627
- - id: AUTH-PATIENT-23
968
+ - id: AUT-PAT-23
628
969
  SUT: |
629
970
  The health IT developer demonstrates the ability of the Health IT
630
- Module to return an error response when supplied an invalid
631
- refresh token as specified in the implementation specification
632
- adopted in § 170.215(a)(3).
971
+ Module to return an error response when supplied an invalid refresh
972
+ token as specified in the implementation specification adopted in §
973
+ 170.215(a)(3).
633
974
  TLV: |
634
- The tester verifies the ability of the Health IT
635
- Module to return an error response when supplied an invalid
636
- refresh token as specified in the implementation specification
637
- adopted in § 170.215(a)(3).
975
+ The tester verifies the ability of the Health IT Module to return an
976
+ error response when supplied an invalid refresh token as specified in
977
+ the implementation specification adopted in § 170.215(a)(3).
638
978
  inferno_supported: 'yes'
639
979
  inferno_tests:
640
- - 1.4.01 - 1.4.02
641
- - 3.4.01 - 3.4.02
980
+ - 1.6.06
981
+ - 3.6.06
642
982
  - section: Paragraph (g)(10)(vi) – Patient authorization revocation
643
983
  steps:
644
984
  - group: Patient Authorization Revocation
645
- id: REVOCATION-1
985
+ id: PAR-1
646
986
  SUT: |
647
- The health IT developer demonstrates the ability of the Health IT Module to revoke
648
- access to an authorized application at a patient’s direction,
649
- including a demonstration of the inability of the application with
650
- revoked access to receive patient EHI.
987
+ The health IT developer demonstrates the ability of the Health IT
988
+ Module to revoke access to an authorized application at a patient’s
989
+ direction, including a demonstration of the inability of the
990
+ application with revoked access to receive patient EHI.
651
991
  TLV: |
652
992
  The tester verifies the ability of the Health IT Module to revoke
653
993
  access to an authorized application at a patient’s direction,
@@ -655,25 +995,25 @@ procedure:
655
995
  revoked access to receive patient EHI.
656
996
  inferno_supported: 'yes'
657
997
  inferno_tests:
658
- - 6.2.01 - 6.2.03
659
- - section: Authentication and authorization for system scopes
998
+ - 9.3.01 - 9.3.03
999
+ - section: Paragraph (g)(10)(v)(B) Authentication and authorization for system scopes
660
1000
  steps:
661
1001
  - group: Authentication and Authorization for System Scopes
662
- id: AUTH-SYSTEM-1
1002
+ id: AUT-SYS-1
663
1003
  SUT: |
664
1004
  The health IT developer demonstrates the ability of the Health IT
665
1005
  Module to support OAuth 2.0 client credentials grant flow in
666
1006
  accordance with the implementation specification adopted in §
667
1007
  170.215(a)(4).
668
1008
  TLV: |
669
- The tester verfies the ability of the Health IT
670
- Module to support OAuth 2.0 client credentials grant flow in
671
- accordance with the implementation specification adopted in §
672
- 170.215(a)(4).
1009
+ The tester verifies the ability of the Health IT Module to support
1010
+ OAuth 2.0 client credentials grant flow in accordance with the
1011
+ implementation specification adopted in § 170.215(a)(4).
673
1012
  inferno_supported: 'yes'
674
1013
  inferno_tests:
675
- - 5.1.02 - 5.1.06
676
- - id: AUTH-SYSTEM-2
1014
+ - 7.1.02 - 7.1.06
1015
+ - 8.1.02 - 8.1.06
1016
+ - id: AUT-SYS-2
677
1017
  SUT: |
678
1018
  The health IT developer demonstrates the ability of the Health IT
679
1019
  Module to support the following parameters according to the
@@ -681,24 +1021,25 @@ procedure:
681
1021
  * “scope”;
682
1022
  * “grant_type”;
683
1023
  * “client_assertion_type”; and
684
- * “client_assertion
1024
+ * “client_assertion”.
685
1025
  TLV: |
686
- The tester verifies the ability of the Health IT
687
- Module to support the following parameters according to the
688
- implementation specification adopted in § 170.215(a)(4):
1026
+ The tester verifies the ability of the Health IT Module to support the
1027
+ following parameters according to the implementation specification
1028
+ adopted in § 170.215(a)(4):
689
1029
  * “scope”;
690
1030
  * “grant_type”;
691
1031
  * “client_assertion_type”; and
692
- * “client_assertion
1032
+ * “client_assertion”.
693
1033
  inferno_supported: 'yes'
694
1034
  inferno_tests:
695
- - 5.1.05
696
- - id: AUTH-SYSTEM-3
1035
+ - 7.1.05
1036
+ - 8.1.05
1037
+ - id: AUT-SYS-3
697
1038
  SUT: |
698
- The tester verifies the ability of the Health IT
699
- Module to support the following JSON Web Token (JWT) Headers
700
- and Claims according to the implementation specification adopted
701
- in § 170.215(a)(4):
1039
+ The health IT developer demonstrates the ability of the Health IT
1040
+ Module to support the following JSON Web Token (JWT) Headers and
1041
+ Claims according to the implementation specification adopted in §
1042
+ 170.215(a)(4):
702
1043
  * “alg” header;
703
1044
  * “kid” header;
704
1045
  * “typ” header;
@@ -708,10 +1049,9 @@ procedure:
708
1049
  * “exp” claim; and
709
1050
  * “jti” claim.
710
1051
  TLV: |
711
- The tester verifies the ability of the Health IT
712
- Module to support the following JSON Web Token (JWT) Headers
713
- and Claims according to the implementation specification adopted
714
- in § 170.215(a)(4):
1052
+ The tester verifies the ability of the Health IT Module to support the
1053
+ following JSON Web Token (JWT) Headers and Claims according to the
1054
+ implementation specification adopted in § 170.215(a)(4):
715
1055
  * “alg” header;
716
1056
  * “kid” header;
717
1057
  * “typ” header;
@@ -722,79 +1062,78 @@ procedure:
722
1062
  * “jti” claim.
723
1063
  inferno_supported: 'yes'
724
1064
  inferno_tests:
725
- - 5.1.05
726
- - id: AUTH-SYSTEM-4
1065
+ - 7.1.05
1066
+ - 8.1.05
1067
+ - id: AUT-SYS-4
727
1068
  SUT: |
728
- The tester verifies the ability of the Health IT
1069
+ The health IT developer demonstrates the ability of the Health IT
729
1070
  Module to receive and process the JSON Web Key (JWK) Set via a
730
1071
  TLS-protected URL to support authorization for system scopes in §
731
1072
  170.315(g)(10)(v)(B).
732
1073
  TLV: |
733
- The tester verifies the ability of the Health IT
734
- Module to receive and process the JSON Web Key (JWK) Set via a
735
- TLS-protected URL to support authorization for system scopes in §
736
- 170.315(g)(10)(v)(B).
1074
+ The tester verifies the ability of the Health IT Module to receive and
1075
+ process the JWK structure via a TLS-protected URL to support
1076
+ authorization for system scopes in § 170.315(g)(10)(v)(B).
737
1077
  inferno_supported: 'yes'
738
1078
  inferno_tests:
739
- - 5.1.05
740
- - id: AUTH-SYSTEM-5
1079
+ - 7.1.05
1080
+ - 8.1.05
1081
+ - id: AUT-SYS-5
741
1082
  SUT: |
742
- The health IT developer demonstrates that the Health IT Module
743
- does not cache a JWK Set received via a TLS-protected URL for
744
- longer than the “cache-control” header received by an application
745
- indicates.
1083
+ The health IT developer demonstrates that the Health IT Module does
1084
+ not cache a JWK Set received via a TLS-protected URL for longer than
1085
+ the “cache-control” header sent by an application indicates.
746
1086
  TLV: |
747
- The tester verifies the Health IT Module
748
- does not cache a JWK Set received via a TLS-protected URL for
749
- longer than the “cache-control” header received by an application
750
- indicates.
1087
+ The tester verifies that the Health IT Module does not cache a JWK Set
1088
+ received via a TLS-protected URL for longer than the “cache-control”
1089
+ header sent by an application indicates.
751
1090
  inferno_supported: 'yes'
752
1091
  inferno_notes: |
753
1092
  This test requires the tester to register an attestation from the
754
1093
  Health IT Module that the "cache-control" header is obeyed.
755
1094
  inferno_tests:
756
- - 6.5.10
757
- - id: AUTH-SYSTEM-6
1095
+ - 9.10.10
1096
+ - id: AUT-SYS-6
758
1097
  SUT: |
759
1098
  The health IT developer demonstrates the ability of the Health IT
760
1099
  Module to validate an application’s JWT, including its JSON Web
761
- Signatures, according to the implementation specification adopted
762
- in § 170.215(a)(4).
1100
+ Signatures, according to the implementation specification adopted in §
1101
+ 170.215(a)(4).
763
1102
  TLV: |
764
- The tester verifies the ability of the Health IT
765
- Module to validate an application’s JWT, including its JSON Web
766
- Signatures, according to the implementation specification adopted
767
- in § 170.215(a)(4).
1103
+ The tester verifies the ability of the Health IT Module to validate an
1104
+ application’s JWT, including its JSON Web Signatures, according to the
1105
+ implementation specification adopted in § 170.215(a)(4).
768
1106
  inferno_supported: 'yes'
769
1107
  inferno_tests:
770
- - 5.1.05
771
- - id: AUTH-SYSTEM-7
1108
+ - 7.1.05
1109
+ - 8.1.05
1110
+ - id: AUT-SYS-7
772
1111
  SUT: |
773
1112
  The health IT developer demonstrates the ability of the Health IT
774
1113
  Module to respond with an “invalid_client” error for errors
775
1114
  encountered during the authentication process according to the
776
1115
  implementation specification adopted in § 170.215(a)(4).
777
1116
  TLV: |
778
- The tester verifies the ability of the Health IT
779
- Module to respond with an “invalid_client” error for errors
780
- encountered during the authentication process according to the
781
- implementation specification adopted in § 170.215(a)(4).
1117
+ The tester verifies the ability of the Health IT Module to respond
1118
+ with an “invalid_client” error for errors encountered during the
1119
+ authentication process according to the implementation specification
1120
+ adopted in § 170.215(a)(4).
782
1121
  inferno_supported: 'yes'
783
1122
  inferno_tests:
784
- - 5.1.02 - 5.1.04
785
- - id: AUTH-SYSTEM-8
1123
+ - 7.1.02 - 7.1.04
1124
+ - 8.1.02 - 8.1.04
1125
+ - id: AUT-SYS-8
786
1126
  SUT: |
787
1127
  The health IT developer demonstrates the ability of the Health IT
788
- Module to assure the scope requested by an application is no
789
- greater than the pre-authorized scope for multiple patients
790
- according to the implementation specification adopted in §
1128
+ Module to assure the scope granted based on the scope requested by an
1129
+ application is no greater than the pre-authorized scope for multiple
1130
+ patients according to the implementation specification adopted in §
791
1131
  170.215(a)(4).
792
1132
  TLV: |
793
- The tester verifies the ability of the Health IT
794
- Module to assure the scope requested by an application is no
795
- greater than the pre-authorized scope for multiple patients
796
- according to the implementation specification adopted in §
797
- 170.215(a)(4).
1133
+ The tester verifies the ability of the Health IT Module to assure the
1134
+ scope granted based on the scope requested by an application is no
1135
+ greater than the pre-authorized scope for multiple patients according
1136
+ to the implementation specification adopted in § 170.215(a)(4).
798
1137
  inferno_supported: 'yes'
799
1138
  inferno_notes: |
800
1139
  There is no requirement for support of a subset of the resources
@@ -802,65 +1141,67 @@ procedure:
802
1141
  more than what was pre-authorized. The Health IT module must
803
1142
  demonstrate this and register its attestation within Inferno.
804
1143
  inferno_tests:
805
- - 6.5.08
806
- - id: AUTH-SYSTEM-9
1144
+ - 9.10.08
1145
+ - id: AUT-SYS-9
807
1146
  SUT: |
808
1147
  The health IT developer demonstrates the ability of the Health IT
809
- Module to issue an access token to an application as a JSON object
810
- in accordance with the implementation specification adopted in §
1148
+ Module to issue an access token to an application as a JSON object in
1149
+ accordance with the implementation specification adopted in §
811
1150
  170.215(a)(4), including the following property names:
812
1151
  * “access_token”;
813
1152
  * “token_type”;
814
1153
  * “expires_in”; and
815
- * “scope
1154
+ * “scope”.
816
1155
  TLV: |
817
- The tester verifies the ability of the Health IT
818
- Module to issue an access token to an application as a JSON object
819
- in accordance with the implementation specification adopted in §
820
- 170.215(a)(4), including the following property names:
1156
+ The tester verifies the ability of the Health IT Module to issue an
1157
+ access token to an application as a JSON object in accordance with the
1158
+ implementation specification adopted in § 170.215(a)(4), including the
1159
+ following property names:
821
1160
  * “access_token”;
822
1161
  * “token_type”;
823
1162
  * “expires_in”; and
824
- * “scope
1163
+ * “scope”.
825
1164
  inferno_supported: 'yes'
826
1165
  inferno_tests:
827
- - 5.1.06
828
- - id: AUTH-SYSTEM-10
1166
+ - 7.1.06
1167
+ - 8.1.06
1168
+ - id: AUT-SYS-10
829
1169
  SUT: |
830
1170
  The health IT developer demonstrates the ability of the Health IT
831
- Module to respond to errors using the appropriate error messages
832
- as specified in the implementation specification adopted in §
1171
+ Module to respond to errors using the appropriate error messages as
1172
+ specified in the implementation specification adopted in §
833
1173
  170.215(a)(4).
834
1174
  TLV: |
835
- The tester verifies the ability of the Health IT
836
- Module to respond to errors using the appropriate error messages
837
- as specified in the implementation specification adopted in §
838
- 170.215(a)(4).
1175
+ The tester verifies the ability of the Health IT Module to respond to
1176
+ errors using the appropriate error messages as specified in the
1177
+ implementation specification adopted in § 170.215(a)(4).
839
1178
  inferno_supported: 'yes'
840
1179
  inferno_tests:
841
- - 5.1.02 - 5.1.04
842
- - 5.2.03
1180
+ - 7.1.02 - 7.1.04
1181
+ - 8.1.02 - 8.1.04
1182
+ - 7.2.03
1183
+ - 8.2.03
843
1184
  - section: Paragraph (g)(10)(vii) – Token introspection
844
1185
  steps:
845
1186
  - group: Token Introspection
846
- id: INTROSPECTION-1
1187
+ id: TOK-INTRO-1
847
1188
  SUT: |
848
1189
  The health IT developer demonstrates the ability of the Health IT
849
1190
  Module to receive and validate a token it has issued.
850
1191
  TLV: |
851
- The tester verifies the ability of the Health IT
852
- Module to receive and validate a token it has issued.
1192
+ The tester verifies the ability of the Health IT Module to receive and
1193
+ validate a token it has issued.
853
1194
  inferno_supported: 'yes'
854
1195
  inferno_notes: |
855
1196
  No standard is required and therefore Inferno cannot do this in
856
1197
  an automated fashion and this is recorded as an attestation
857
1198
  within Inferno.
858
1199
  inferno_tests:
859
- - 6.5.06
1200
+ - 9.10.06
860
1201
  - section: Paragraph (g)(10)(ii) – Supported search operations
861
1202
  steps:
862
1203
  - group: Supported Search Operations for a Single Patient’s Data
863
- id: SEARCH-1
1204
+ id: SH-PAT-1
864
1205
  SUT: |
865
1206
  The health IT developer demonstrates the ability of the Health IT
866
1207
  Module to support the “capabilities” interaction as specified in the
@@ -869,32 +1210,33 @@ procedure:
869
1210
  170.215(a)(1) and implementation specification adopted in §
870
1211
  170.215(a)(2).
871
1212
  TLV: |
872
- The tester verfies the ability of the Health IT
873
- Module to support the “capabilities” interaction as specified in the
874
- standard adopted in § 170.215(a)(1), including support for a
875
- “CapabilityStatement” as specified in the standard adopted in §
876
- 170.215(a)(1) and implementation specification adopted in §
877
- 170.215(a)(2).
1213
+ The tester verifies the ability of the Health IT Module to support the
1214
+ “capabilities” interaction as specified in the standard adopted in §
1215
+ 170.215(a)(1), including support for a “CapabilityStatement” as
1216
+ specified in the standard adopted in § 170.215(a)(1) and
1217
+ implementation specification adopted in § 170.215(a)(2).
878
1218
  inferno_supported: 'yes'
879
1219
  inferno_tests:
880
1220
  - 4.1.02 - 4.1.05
881
- - id: SEARCH-2
1221
+ - 5.1.02 - 5.1.06
1222
+ - 6.1.02 - 6.1.06
1223
+ - id: SH-PAT-2
882
1224
  SUT: |
883
1225
  The health IT developer demonstrates the ability of the Health IT
884
- Module to respond to requests for a single patient’s data
885
- consistent with the search criteria detailed in the “US Core Server
1226
+ Module to respond to requests for a single patient’s data consistent
1227
+ with the search criteria detailed in the “US Core Server
886
1228
  CapabilityStatement” section of the implementation specification
887
- adopted in § 170.215(a)(2), including demonstrating search
888
- support for “SHALL” operations and parameters for all the data
889
- included in the standard adopted in § 170.213.
1229
+ adopted in § 170.215(a)(2), including demonstrating search support for
1230
+ “SHALL” operations and parameters for all the data included in the
1231
+ standard adopted in § 170.213.
890
1232
  TLV: |
891
1233
  The tester verifies the ability of the Health IT Module to respond to
892
1234
  requests for a single patient’s data consistent with the search
893
- criteria detailed in the “US Core Server CapabilityStatement”
894
- section of the implementation specification adopted in §
895
- 170.215(a)(2), including demonstrating search support for “SHALL”
896
- operations and parameters for all the data included in the standard
897
- adopted in § 170.213.
1235
+ criteria detailed in the “US Core Server CapabilityStatement” section
1236
+ of the implementation specification adopted in § 170.215(a)(2),
1237
+ including demonstrating search support for “SHALL” operations and
1238
+ parameters for all the data included in the standard adopted in §
1239
+ 170.213.
898
1240
  inferno_supported: 'yes'
899
1241
  inferno_tests:
900
1242
  - 4.2.01
@@ -914,34 +1256,93 @@ procedure:
914
1256
  - 4.16.01
915
1257
  - 4.17.01
916
1258
  - 4.18.01
1259
+ - 4.19.01
917
1260
  - 4.20.01
918
1261
  - 4.21.01
919
1262
  - 4.22.01
920
1263
  - 4.23.01
921
- - 4.19.01
922
1264
  - 4.24.01
923
1265
  - 4.25.01
924
1266
  - 4.26.01
925
- - 4.31.01
926
- - 4.28.01
927
- - 4.30.01
928
- - id: SEARCH-3
1267
+ - 5.2.01
1268
+ - 5.3.01
1269
+ - 5.4.01
1270
+ - 5.5.01
1271
+ - 5.6.01
1272
+ - 5.7.01
1273
+ - 5.8.01
1274
+ - 5.9.01
1275
+ - 5.10.01
1276
+ - 5.11.01
1277
+ - 5.12.01
1278
+ - 5.13.01
1279
+ - 5.14.01
1280
+ - 5.15.01
1281
+ - 5.16.01
1282
+ - 5.17.01
1283
+ - 5.18.01
1284
+ - 5.19.01
1285
+ - 5.20.01
1286
+ - 5.21.01
1287
+ - 5.22.01
1288
+ - 5.23.01
1289
+ - 5.24.01
1290
+ - 5.25.01
1291
+ - 5.26.01
1292
+ - 5.27.01
1293
+ - 5.28.01
1294
+ - 6.2.01
1295
+ - 6.3.01
1296
+ - 6.4.01
1297
+ - 6.5.01
1298
+ - 6.6.01
1299
+ - 6.7.01
1300
+ - 6.8.01
1301
+ - 6.9.01
1302
+ - 6.10.01
1303
+ - 6.11.01
1304
+ - 6.12.01
1305
+ - 6.13.01
1306
+ - 6.14.01
1307
+ - 6.15.01
1308
+ - 6.16.01
1309
+ - 6.17.01
1310
+ - 6.18.01
1311
+ - 6.19.01
1312
+ - 6.20.01
1313
+ - 6.21.01
1314
+ - 6.22.01
1315
+ - 6.23.01
1316
+ - 6.24.01
1317
+ - 6.25.01
1318
+ - 6.26.01
1319
+ - 6.27.01
1320
+ - 6.28.01
1321
+ - 6.29.01
1322
+ - 6.30.01
1323
+ - 6.31.01
1324
+ - 6.32.01
1325
+ - 6.33.01
1326
+ - 6.34.01
1327
+ - 6.35.01
1328
+ - 6.36.01
1329
+ - id: SH-PAT-3
929
1330
  SUT: |
930
1331
  The health IT developer demonstrates the ability of the Health IT
931
1332
  Module to support a resource search for the provenance target
932
- “(_revIncludes: Provenance:target)” for all the FHIR resources
1333
+ “(_revIncludes: Provenance:target)” for all the FHIR® resources
933
1334
  included in the standard adopted in § 170.213 and implementation
934
1335
  specification adopted in § 170.215(a)(2) according to the “Basic
935
1336
  Provenance Guidance” section of the implementation specification
936
1337
  adopted in § 170.215(a)(2).
937
1338
  TLV: |
938
- The tester verifies the ability of the Health IT
939
- Module to support a resource search for the provenance target
940
- “(_revIncludes: Provenance:target)” for all the FHIR resources
941
- included in the standard adopted in § 170.213 and implementation
942
- specification adopted in § 170.215(a)(2) according to the “Basic
943
- Provenance Guidance” section of the implementation specification
944
- adopted in § 170.215(a)(2).
1339
+ The tester verifies the ability of the Health IT Module to support a
1340
+ resource search for the provenance target “(_revIncludes:
1341
+ Provenance:target)” for all the FHIR® resources included in the
1342
+ standard adopted in § 170.213 and implementation specification adopted
1343
+ in § 170.215(a)(2) according to the “Basic Provenance Guidance”
1344
+ section of the implementation specification adopted in §
1345
+ 170.215(a)(2).
945
1346
  inferno_supported: 'yes'
946
1347
  inferno_tests:
947
1348
  - 4.2.07
@@ -953,24 +1354,86 @@ procedure:
953
1354
  - 4.8.06
954
1355
  - 4.9.06
955
1356
  - 4.10.07
956
- - 4.11.04
1357
+ - 4.11.03
957
1358
  - 4.12.03
958
1359
  - 4.13.04
959
1360
  - 4.14.03
960
1361
  - 4.15.05
961
- - 4.16.06
1362
+ - 4.16.05
962
1363
  - 4.17.05
963
1364
  - 4.18.05
1365
+ - 4.19.05
964
1366
  - 4.20.05
965
1367
  - 4.21.05
966
1368
  - 4.22.05
967
1369
  - 4.23.05
968
- - 4.19.05
969
1370
  - 4.24.05
970
1371
  - 4.25.05
971
1372
  - 4.26.04
1373
+ - 5.2.07
1374
+ - 5.3.03
1375
+ - 5.4.03
1376
+ - 5.5.03
1377
+ - 5.6.03
1378
+ - 5.7.03
1379
+ - 5.8.06
1380
+ - 5.9.06
1381
+ - 5.10.07
1382
+ - 5.11.03
1383
+ - 5.12.03
1384
+ - 5.13.04
1385
+ - 5.14.05
1386
+ - 5.15.05
1387
+ - 5.16.05
1388
+ - 5.17.05
1389
+ - 5.18.05
1390
+ - 5.19.05
1391
+ - 5.20.05
1392
+ - 5.21.05
1393
+ - 5.22.05
1394
+ - 5.23.05
1395
+ - 5.24.05
1396
+ - 5.25.05
1397
+ - 5.26.05
1398
+ - 5.27.05
1399
+ - 5.28.04
1400
+ - 6.2.07
1401
+ - 6.3.03
1402
+ - 6.4.03
1403
+ - 6.5.03
1404
+ - 6.6.03
1405
+ - 6.7.03
1406
+ - 6.8.03
1407
+ - 6.9.06
1408
+ - 6.10.06
1409
+ - 6.11.07
1410
+ - 6.12.05
1411
+ - 6.13.03
1412
+ - 6.14.03
1413
+ - 6.15.04
1414
+ - 6.16.05
1415
+ - 6.17.05
1416
+ - 6.18.05
1417
+ - 6.19.05
1418
+ - 6.20.05
1419
+ - 6.21.05
1420
+ - 6.22.05
1421
+ - 6.23.05
1422
+ - 6.24.05
1423
+ - 6.25.03
1424
+ - 6.26.05
1425
+ - 6.27.05
1426
+ - 6.28.05
1427
+ - 6.29.05
1428
+ - 6.30.05
1429
+ - 6.31.05
1430
+ - 6.32.05
1431
+ - 6.33.05
1432
+ - 6.34.05
1433
+ - 6.35.04
1434
+ - 6.36.07
972
1435
  - group: Supported Search Operations for Multiple Patients’ Data
973
- id: SEARCH-4
1436
+ id: SH-PAT-4
974
1437
  SUT: |
975
1438
  The health IT developer demonstrates the ability of the Health IT
976
1439
  Module to support the “capabilities” interaction as specified in the
@@ -979,37 +1442,45 @@ procedure:
979
1442
  170.215(a)(1) and implementation specification adopted in §
980
1443
  170.215(a)(4).
981
1444
  TLV: |
982
- The tester verifies the ability of the Health IT
983
- Module to support the “capabilities” interaction as specified in the
984
- standard adopted in § 170.215(a)(1), including support for a
985
- “CapabilityStatement” as specified in the standard adopted in §
986
- 170.215(a)(1) and implementation specification adopted in §
987
- 170.215(a)(4).
1445
+ The tester verifies the ability of the Health IT Module to support the
1446
+ “capabilities” interaction as specified in the standard adopted in §
1447
+ 170.215(a)(1), including support for a “CapabilityStatement” as
1448
+ specified in the standard adopted in § 170.215(a)(1) and
1449
+ implementation specification adopted in § 170.215(a)(4).
988
1450
  inferno_supported: 'yes'
989
1451
  inferno_tests:
990
- - 5.2.02
991
- - id: SEARCH-5
1452
+ - 7.2.02
1453
+ - 8.2.02
1454
+ - id: SH-PAT-5
992
1455
  SUT: |
993
1456
  The health IT developer demonstrates the ability of the Health IT
994
1457
  Module to support requests for multiple patients’ data as a group
995
- using the “group-export” operation as detailed in the
996
- implementation specification adopted in § 170.215(a)(4).
1458
+ using the “group-export” operation as detailed in the implementation
1459
+ specification adopted in § 170.215(a)(4).
997
1460
  TLV: |
998
1461
  The tester verifies the ability of the Health IT Module to support
999
- requests for multiple patients’ data as a group using the “group
1000
- export” operation as detailed in the implementation specification
1001
- adopted in § 170.215(a)(4).
1462
+ requests for multiple patients’ data as a group using the
1463
+ “group-export” operation as detailed in the implementation
1464
+ specification adopted in § 170.215(a)(4).
1002
1465
  inferno_supported: 'yes'
1003
1466
  inferno_tests:
1004
- - 5.2.07
1467
+ - 7.2.04
1468
+ - 8.2.04
1005
1469
  - section: Paragraph (g)(10)(i) – Data response
1006
1470
  steps:
1007
1471
  - group: Data Response Checks for Single and Multiple Patients
1008
- id: RESPONSE-1
1472
+ id: DAT-PAT-1
1009
1473
  SUT: |
1010
- For responses to data for single and multiple patients as described
1011
- in steps 7 and 8 of this section respectively, the health IT developer
1012
- demonstrates the ability of the Health IT Module to respond to
1474
+ For responses to data for single and multiple patients as described in
1475
+ steps DAT-PAT-7, and DAT-PAT-8, of this section respectively, the
1476
+ health IT developer demonstrates the ability of the Health IT Module
1477
+ to respond to requests for data according to the implementation
1478
+ specification adopted in § 170.215(a)(2), including the following
1479
+ steps.
1480
+ TLV: |
1481
+ For responses to data for single and multiple patients as described in
1482
+ steps DAT-PAT-7, and DAT-PAT-8, of this section respectively, the
1483
+ tester verifies the ability of the Health IT Module to respond to
1013
1484
  requests for data according to the implementation specification
1014
1485
  adopted in § 170.215(a)(2), including the following steps.
1015
1486
  inferno_supported: 'yes'
@@ -1031,70 +1502,227 @@ procedure:
1031
1502
  - 4.16.04
1032
1503
  - 4.17.04
1033
1504
  - 4.18.04
1505
+ - 4.19.04
1034
1506
  - 4.20.04
1035
1507
  - 4.21.04
1036
1508
  - 4.22.04
1037
1509
  - 4.23.04
1038
- - 4.19.04
1039
1510
  - 4.24.04
1040
1511
  - 4.25.04
1041
1512
  - 4.26.03
1042
- - 4.28.02
1513
+ - 4.27.01
1514
+ - 4.28.01
1515
+ - 4.29.01
1043
1516
  - 4.30.01
1044
- - 5.3.06 - 5.3.23
1045
- - id: RESPONSE-2
1517
+ - 5.2.06
1518
+ - 5.3.02
1519
+ - 5.4.02
1520
+ - 5.5.02
1521
+ - 5.6.02
1522
+ - 5.7.02
1523
+ - 5.8.05
1524
+ - 5.9.05
1525
+ - 5.10.06
1526
+ - 5.11.02
1527
+ - 5.12.02
1528
+ - 5.13.03
1529
+ - 5.14.04
1530
+ - 5.15.04
1531
+ - 5.16.04
1532
+ - 5.17.04
1533
+ - 5.18.04
1534
+ - 5.19.04
1535
+ - 5.20.04
1536
+ - 5.21.04
1537
+ - 5.22.04
1538
+ - 5.23.04
1539
+ - 5.24.04
1540
+ - 5.25.04
1541
+ - 5.26.04
1542
+ - 5.27.04
1543
+ - 5.28.03
1544
+ - 5.29.01
1545
+ - 5.30.01
1546
+ - 5.31.01
1547
+ - 5.32.01
1548
+ - 6.2.06
1549
+ - 6.3.02
1550
+ - 6.4.02
1551
+ - 6.5.02
1552
+ - 6.6.02
1553
+ - 6.7.02
1554
+ - 6.8.02
1555
+ - 6.9.05
1556
+ - 6.10.05
1557
+ - 6.11.06
1558
+ - 6.12.04
1559
+ - 6.13.02
1560
+ - 6.14.02
1561
+ - 6.15.03
1562
+ - 6.16.04
1563
+ - 6.17.04
1564
+ - 6.18.04
1565
+ - 6.19.04
1566
+ - 6.20.04
1567
+ - 6.21.04
1568
+ - 6.22.04
1569
+ - 6.23.04
1570
+ - 6.24.04
1571
+ - 6.25.02
1572
+ - 6.26.04
1573
+ - 6.27.04
1574
+ - 6.28.04
1575
+ - 6.29.04
1576
+ - 6.30.04
1577
+ - 6.31.04
1578
+ - 6.32.04
1579
+ - 6.33.04
1580
+ - 6.34.04
1581
+ - 6.35.03
1582
+ - 6.36.06
1583
+ - 6.37.01
1584
+ - 6.38.01
1585
+ - 6.39.01
1586
+ - 6.40.01
1587
+ - 7.3.03
1588
+ - 7.3.06 - 7.3.27
1589
+ - 8.3.03
1590
+ - 8.3.06 - 8.3.27
1591
+ - id: DAT-PAT-2
1046
1592
  SUT: |
1047
1593
  The health IT developer demonstrates the ability of the Health IT
1048
1594
  Module to respond with data that meet the following conditions:
1049
- * All data elements indicated with a cardinality of one or greater and / or “must support” are included;
1595
+ * All data elements indicated with a cardinality of one or greater and
1596
+ / or “must support” are included;
1050
1597
  * Content is structurally correct;
1051
1598
  * All invariant rules are met;
1052
- * All data elements with required “ValueSet” bindings contain codes within the bound “ValueSet”;
1599
+ * All data elements with required “ValueSet” bindings contain codes
1600
+ within the bound “ValueSet”;
1053
1601
  * All information is accurate and without omission; and
1054
- * All references within the resources can be resolved and validated, as applicable, according to steps 2-6 of this section
1602
+ * All references within the resources can be resolved and validated,
1603
+ as applicable, according to steps DAT-PAT-2, DAT-PAT-3, DAT-PAT-4,
1604
+ DAT-PAT-5, and DAT-PAT-6, of this section.
1055
1605
  TLV: |
1056
- The tester verfies the ability of the Health IT
1057
- Module to respond with data that meet the following conditions:
1058
- * All data elements indicated with a cardinality of one or greater and / or “must support” are included;
1606
+ The tester verifies the ability of the Health IT Module to respond
1607
+ with data that meet the following conditions:
1608
+ * All data elements indicated with a cardinality of one or greater and
1609
+ / or “must support” are included;
1059
1610
  * Content is structurally correct;
1060
1611
  * All invariant rules are met;
1061
- * All data elements with required “ValueSet” bindings contain codes within the bound “ValueSet”;
1612
+ * All data elements with required “ValueSet” bindings contain codes
1613
+ within the bound “ValueSet”;
1062
1614
  * All information is accurate and without omission; and
1063
- * All references within the resources can be resolved and validated, as applicable, according to steps 2-6 of this section
1615
+ * All references within the resources can be resolved and validated,
1616
+ as applicable, according to steps DAT-PAT-2, DAT-PAT-3, DAT-PAT-4,
1617
+ DAT-PAT-5, and DAT-PAT-6, of this section.
1064
1618
  inferno_supported: 'yes'
1065
1619
  inferno_tests:
1066
- - 6.5.07
1067
- - 6.5.11
1068
- - 6.5.12
1069
- - 4.2.01
1070
- - 4.3.01
1071
- - 4.4.01
1072
- - 4.5.01
1073
- - 4.6.01
1074
- - 4.7.01
1075
- - 4.8.01
1076
- - 4.9.01
1077
- - 4.10.01
1078
- - 4.11.01
1079
- - 4.12.01
1080
- - 4.13.01
1081
- - 4.14.01
1082
- - 4.15.01
1083
- - 4.16.01
1084
- - 4.17.01
1085
- - 4.18.01
1086
- - 4.20.01
1087
- - 4.21.01
1088
- - 4.22.01
1089
- - 4.23.01
1090
- - 4.19.01
1091
- - 4.24.01
1092
- - 4.25.01
1093
- - 4.26.01
1094
- - 4.31.01
1095
- - 4.28.01
1096
- - 4.30.01
1097
- - 5.3.02
1620
+ - 9.10.07
1621
+ - 9.10.11
1622
+ - 9.10.12
1623
+ - 4.2.08 - 4.2.09
1624
+ - 4.3.04 - 4.3.05
1625
+ - 4.4.04 - 4.4.05
1626
+ - 4.5.04 - 4.5.05
1627
+ - 4.6.04 - 4.6.05
1628
+ - 4.7.04 - 4.7.05
1629
+ - 4.8.07 - 4.8.08
1630
+ - 4.9.07 - 4.9.08
1631
+ - 4.10.08 - 4.10.09
1632
+ - 4.11.04 - 4.11.05
1633
+ - 4.12.04 - 4.12.05
1634
+ - 4.13.06 - 4.13.07
1635
+ - 4.14.04 - 4.14.05
1636
+ - 4.15.06 - 4.15.07
1637
+ - 4.16.06 - 4.16.07
1638
+ - 4.17.06 - 4.17.07
1639
+ - 4.18.06 - 4.18.07
1640
+ - 4.19.06 - 4.19.07
1641
+ - 4.20.06 - 4.20.07
1642
+ - 4.21.06 - 4.21.07
1643
+ - 4.22.06 - 4.22.07
1644
+ - 4.23.06 - 4.23.07
1645
+ - 4.24.06 - 4.24.07
1646
+ - 4.25.06 - 4.25.07
1647
+ - 4.26.05 - 4.26.06
1648
+ - 4.27.02 - 4.27.03
1649
+ - 4.28.02 - 4.28.03
1650
+ - 4.29.02 - 4.29.03
1651
+ - 4.30.02 - 4.30.03
1652
+ - 5.2.08 - 5.2.09
1653
+ - 5.3.04 - 5.3.05
1654
+ - 5.4.04 - 5.4.05
1655
+ - 5.5.04 - 5.5.05
1656
+ - 5.6.04 - 5.6.05
1657
+ - 5.7.04 - 5.7.05
1658
+ - 5.8.07 - 5.8.08
1659
+ - 5.9.07 - 5.9.08
1660
+ - 5.10.08 - 5.10.09
1661
+ - 5.11.04 - 5.11.05
1662
+ - 5.12.04 - 5.12.05
1663
+ - 5.13.06 - 5.13.07
1664
+ - 5.14.06 - 5.14.07
1665
+ - 5.15.06 - 5.15.07
1666
+ - 5.16.06 - 5.16.07
1667
+ - 5.17.06 - 5.17.07
1668
+ - 5.18.06 - 5.18.07
1669
+ - 5.19.06 - 5.19.07
1670
+ - 5.20.06 - 5.20.07
1671
+ - 5.21.06 - 5.21.07
1672
+ - 5.22.06 - 5.22.07
1673
+ - 5.23.06 - 5.23.07
1674
+ - 5.24.06 - 5.24.07
1675
+ - 5.25.06 - 5.25.07
1676
+ - 5.26.05 - 5.26.06
1677
+ - 5.27.06 - 5.27.07
1678
+ - 5.28.05 - 5.28.06
1679
+ - 5.29.02 - 5.29.03
1680
+ - 5.30.02 - 5.30.03
1681
+ - 5.31.02 - 5.31.03
1682
+ - 5.32.02 - 5.32.03
1683
+ - 6.2.08 - 6.2.09
1684
+ - 6.3.04 - 6.3.05
1685
+ - 6.4.04 - 6.4.05
1686
+ - 6.5.04 - 6.5.05
1687
+ - 6.6.04 - 6.6.05
1688
+ - 6.7.04 - 6.7.05
1689
+ - 6.8.05 - 6.8.06
1690
+ - 6.9.07 - 6.9.08
1691
+ - 6.10.07 - 6.10.08
1692
+ - 6.11.08 - 6.11.09
1693
+ - 6.12.06 - 6.12.07
1694
+ - 6.13.04 - 6.13.05
1695
+ - 6.14.04 - 6.14.05
1696
+ - 6.15.06 - 6.15.07
1697
+ - 6.16.06 - 6.16.07
1698
+ - 6.17.06 - 6.17.07
1699
+ - 6.18.06 - 6.18.07
1700
+ - 6.19.06 - 6.19.07
1701
+ - 6.20.06 - 6.20.07
1702
+ - 6.21.06 - 6.21.07
1703
+ - 6.22.06 - 6.22.07
1704
+ - 6.23.06 - 6.23.07
1705
+ - 6.24.06 - 6.24.07
1706
+ - 6.25.04 - 6.25.05
1707
+ - 6.26.06 - 6.26.07
1708
+ - 6.27.06 - 6.27.07
1709
+ - 6.28.06 - 6.28.07
1710
+ - 6.29.06 - 6.29.07
1711
+ - 6.30.06 - 6.30.07
1712
+ - 6.31.06 - 6.31.07
1713
+ - 6.32.06 - 6.32.07
1714
+ - 6.33.06 - 6.33.07
1715
+ - 6.34.06 - 6.34.07
1716
+ - 6.35.05 - 6.35.06
1717
+ - 6.36.08 - 6.36.09
1718
+ - 6.37.02 - 6.37.03
1719
+ - 6.38.02 - 6.38.03
1720
+ - 6.39.02 - 6.39.03
1721
+ - 6.40.02 - 6.40.03
1722
+ - 7.3.03
1723
+ - 7.3.06 - 7.3.27
1724
+ - 8.3.03
1725
+ - 8.3.06 - 8.3.27
1098
1726
  inferno_notes: |
1099
1727
  The requirement "all information is accurate and without omission"
1100
1728
  cannot be verified automatically by Inferno, as Inferno only has
@@ -1106,33 +1734,33 @@ procedure:
1106
1734
  not include three required USCDI v1 data elements for Patient Demographics
1107
1735
  and Allergy and Intolerances, and this requires visual inspection
1108
1736
  by the tester.
1109
- - id: RESPONSE-3
1737
+ - id: DAT-PAT-3
1110
1738
  SUT: |
1111
1739
  The health IT developer demonstrates the ability of the Health IT
1112
- Module to support a “Provenance” FHIR resource for all the FHIR
1740
+ Module to support a “Provenance” FHIR® resource for all the FHIR®
1113
1741
  resources included in the standard adopted in § 170.213 and
1114
- implementation specification adopted in § 170.215(a)(2) according
1115
- to the “Basic Provenance Guidance” section of the implementation
1742
+ implementation specification adopted in § 170.215(a)(2) according to
1743
+ the “Basic Provenance Guidance” section of the implementation
1116
1744
  specification adopted in § 170.215(a)(2).
1117
1745
  TLV: |
1118
- The tester verfies the ability of the Health IT
1119
- Module to support a “Provenance” FHIR resource for all the FHIR
1120
- resources included in the standard adopted in § 170.213 and
1121
- implementation specification adopted in § 170.215(a)(2) according
1122
- to the “Basic Provenance Guidance” section of the implementation
1123
- specification adopted in § 170.215(a)(2).
1746
+ The tester verifies the ability of the Health IT Module to support a
1747
+ “Provenance” FHIR® resource for all the FHIR® resources included in
1748
+ the standard adopted in § 170.213 and implementation specification
1749
+ adopted in § 170.215(a)(2) according to the “Basic Provenance
1750
+ Guidance” section of the implementation specification adopted in §
1751
+ 170.215(a)(2).
1124
1752
  inferno_supported: 'yes'
1125
1753
  inferno_tests:
1126
1754
  - 4.2.07
1127
1755
  - 4.3.03
1128
- - 4.4.05
1756
+ - 4.4.03
1129
1757
  - 4.5.03
1130
- - 4.6.04
1758
+ - 4.6.03
1131
1759
  - 4.7.03
1132
1760
  - 4.8.06
1133
1761
  - 4.9.06
1134
1762
  - 4.10.07
1135
- - 4.11.04
1763
+ - 4.11.03
1136
1764
  - 4.12.03
1137
1765
  - 4.13.04
1138
1766
  - 4.14.03
@@ -1140,82 +1768,152 @@ procedure:
1140
1768
  - 4.16.05
1141
1769
  - 4.17.05
1142
1770
  - 4.18.05
1771
+ - 4.19.05
1143
1772
  - 4.20.05
1144
1773
  - 4.21.05
1145
1774
  - 4.22.05
1146
1775
  - 4.23.05
1147
- - 4.19.05
1148
1776
  - 4.24.05
1149
1777
  - 4.25.05
1150
1778
  - 4.26.04
1151
1779
  - 4.30.01 - 4.30.04
1152
- - 5.3.01
1153
- - id: RESPONSE-4
1780
+ - 5.2.07
1781
+ - 5.3.03
1782
+ - 5.4.03
1783
+ - 5.5.03
1784
+ - 5.6.03
1785
+ - 5.7.03
1786
+ - 5.8.06
1787
+ - 5.9.06
1788
+ - 5.10.07
1789
+ - 5.11.03
1790
+ - 5.12.03
1791
+ - 5.13.04
1792
+ - 5.14.05
1793
+ - 5.15.05
1794
+ - 5.16.05
1795
+ - 5.17.05
1796
+ - 5.18.05
1797
+ - 5.19.05
1798
+ - 5.20.05
1799
+ - 5.21.05
1800
+ - 5.22.05
1801
+ - 5.23.05
1802
+ - 5.24.05
1803
+ - 5.25.05
1804
+ - 5.26.05
1805
+ - 5.27.05
1806
+ - 5.28.04
1807
+ - 5.32.01 - 5.32.04
1808
+ - 6.2.07
1809
+ - 6.3.03
1810
+ - 6.4.03
1811
+ - 6.5.03
1812
+ - 6.6.03
1813
+ - 6.7.03
1814
+ - 6.8.03
1815
+ - 6.9.06
1816
+ - 6.10.06
1817
+ - 6.11.07
1818
+ - 6.12.05
1819
+ - 6.13.03
1820
+ - 6.14.03
1821
+ - 6.15.04
1822
+ - 6.16.05
1823
+ - 6.17.05
1824
+ - 6.18.05
1825
+ - 6.19.05
1826
+ - 6.20.05
1827
+ - 6.21.05
1828
+ - 6.22.05
1829
+ - 6.23.05
1830
+ - 6.24.05
1831
+ - 6.25.03
1832
+ - 6.26.05
1833
+ - 6.27.05
1834
+ - 6.28.05
1835
+ - 6.29.05
1836
+ - 6.30.05
1837
+ - 6.31.05
1838
+ - 6.32.05
1839
+ - 6.33.05
1840
+ - 6.34.05
1841
+ - 6.35.04
1842
+ - 6.36.07
1843
+ - 6.39.01 - 6.39.04
1844
+ - 7.3.21
1845
+ - 8.3.21
1846
+ - id: DAT-PAT-4
1154
1847
  SUT: |
1155
1848
  The health IT developer demonstrates the ability of the Health IT
1156
- Module to support a “DocumentReference” and/or “DiagnosticReport” FHIR
1157
- resource for each of the “Clinical Notes” and “Diagnostic Reports”
1158
- included in and according to the “Clinical Notes Guidance” section of
1159
- the implementation specification adopted in § 170.215(a)(2)..
1849
+ Module to support a “DocumentReference” and/or “DiagnosticReport”
1850
+ FHIR® resource for each of the “Clinical Notes” and “Diagnostic
1851
+ Reports” included in and according to the “Clinical Notes Guidance”
1852
+ section of the implementation specification adopted in §
1853
+ 170.215(a)(2).
1160
1854
  TLV: |
1161
- The tester verifies the ability of the Health IT Module to support
1162
- a “DocumentReference” and/or “DiagnosticReport” FHIR resource for each
1855
+ The tester verifies the ability of the Health IT Module to support a
1856
+ “DocumentReference” and/or “DiagnosticReport” FHIR® resource for each
1163
1857
  of the “Clinical Notes” and “Diagnostic Reports” included in and
1164
1858
  according to the “Clinical Notes Guidance” section of the
1165
1859
  implementation specification adopted in § 170.215(a)(2).
1166
1860
  inferno_supported: 'yes'
1167
1861
  inferno_tests:
1168
1862
  - 4.31.01 - 4.31.02
1169
- - id: RESPONSE-5
1863
+ - 5.33.01 - 5.33.02
1864
+ - 6.41.01 - 6.41.02
1865
+ - id: DAT-PAT-5
1170
1866
  SUT: |
1171
1867
  If supported, and for responses to data for a single patient only, the
1172
- health IT developer demonstrates the ability of the Health IT
1173
- Module to support a “Medication” FHIR resource according to the
1174
- “Medication List Guidance” section of the implementation
1175
- specification adopted in § 170.215(a)(2).
1868
+ health IT developer demonstrates the ability of the Health IT Module
1869
+ to support a “Medication” FHIR® resource according to the “Medication
1870
+ List Guidance” section of the implementation specification adopted in
1871
+ § 170.215(a)(2).
1176
1872
  TLV: |
1177
1873
  If supported, and for responses to data for a single patient only, the
1178
- tester verfies the ability of the Health IT
1179
- Module to support a “Medication” FHIR resource according to the
1180
- “Medication List Guidance” section of the implementation
1181
- specification adopted in § 170.215(a)(2).
1874
+ tester verifies the ability of the Health IT Module to support a
1875
+ “Medication” FHIR® resource according to the “Medication List
1876
+ Guidance” section of the implementation specification adopted in §
1877
+ 170.215(a)(2).
1182
1878
  inferno_supported: 'yes'
1183
1879
  inferno_tests:
1184
1880
  - 4.13.06
1185
- - id: RESPONSE-6
1881
+ - 5.13.06
1882
+ - 6.15.06
1883
+ - id: DAT-PAT-6
1186
1884
  SUT: |
1187
1885
  The health IT developer demonstrates the ability of the Health IT
1188
- Module to support “DataAbsentReasonas specified in the
1189
- implementation specification adopted in § 170. 215(a)(2),
1190
- including:
1191
- * “DataAbsentReason” Extension; and
1192
- * “DataAbsentReason” Code System.
1886
+ Module to support “Missing Dataaccording to the implementation
1887
+ specification adopted in § 170. 215(a)(2), including:
1888
+ * For non-coded data elements; and
1889
+ * For coded data elements, including support for the
1890
+ “DataAbsentReason” Code System.
1193
1891
  TLV: |
1194
- The tester verfies the ability of the Health IT
1195
- Module to support “DataAbsentReason” as specified in the
1196
- implementation specification adopted in § 170. 215(a)(2),
1197
- including:
1198
- * “DataAbsentReason” Extension; and
1199
- * “DataAbsentReason” Code System.
1892
+ The tester verifies the ability of the Health IT Module to support
1893
+ “Missing Data” according to the implementation specification adopted
1894
+ in § 170. 215(a)(2), including:
1895
+ * For non-coded data elements; and
1896
+ * For coded data elements, including support for the
1897
+ “DataAbsentReason” Code System.
1200
1898
  inferno_supported: 'yes'
1201
1899
  inferno_tests:
1202
1900
  - 4.32.01 - 4.32.02
1901
+ - 5.34.01 - 5.34.02
1902
+ - 6.42.01 - 6.42.02
1203
1903
  - group: Response to Requests for a Single Patient’s Data
1204
- id: RESPONSE-7
1904
+ id: DAT-PAT-7
1205
1905
  SUT: |
1206
1906
  The health IT developer demonstrates the ability of the Health IT
1207
- Module to return all of the data associated with requests for a
1208
- single patient’s data according to the “US Core Server
1209
- CapabilityStatement” section of the implementation specification
1210
- adopted in § 170.215(a)(2) for all the data included in the standard
1211
- adopted in § 170.213.
1907
+ Module to return all of the data associated with requests for a single
1908
+ patient’s data according to the “US Core Server CapabilityStatement”
1909
+ section of the implementation specification adopted in § 170.215(a)(2)
1910
+ for all the data included in the standard adopted in § 170.213.
1212
1911
  TLV: |
1213
- The tester verifies the ability of the Health IT
1214
- Module to return all of the data associated with requests for a
1215
- single patient’s data according to the “US Core Server
1216
- CapabilityStatement” section of the implementation specification
1217
- adopted in § 170.215(a)(2) for all the data included in the standard
1218
- adopted in § 170.213.
1912
+ The tester verifies the ability of the Health IT Module to return all
1913
+ of the data associated with requests for a single patient’s data
1914
+ according to the “US Core Server CapabilityStatement” section of the
1915
+ implementation specification adopted in § 170.215(a)(2) for all the
1916
+ data included in the standard adopted in § 170.213.
1219
1917
  inferno_supported: 'yes'
1220
1918
  inferno_tests:
1221
1919
  - 4.2.01
@@ -1235,27 +1933,85 @@ procedure:
1235
1933
  - 4.16.01
1236
1934
  - 4.17.01
1237
1935
  - 4.18.01
1936
+ - 4.19.01
1238
1937
  - 4.20.01
1239
1938
  - 4.21.01
1240
1939
  - 4.22.01
1241
1940
  - 4.23.01
1242
- - 4.19.01
1243
1941
  - 4.24.01
1244
1942
  - 4.25.01
1245
1943
  - 4.26.01
1246
- - 4.31.01
1247
- - 4.28.01
1248
- - 4.30.01
1944
+ - 5.2.01
1945
+ - 5.3.01
1946
+ - 5.4.01
1947
+ - 5.5.01
1948
+ - 5.6.01
1949
+ - 5.7.01
1950
+ - 5.8.01
1951
+ - 5.9.01
1952
+ - 5.10.01
1953
+ - 5.11.01
1954
+ - 5.12.01
1955
+ - 5.13.01
1956
+ - 5.14.01
1957
+ - 5.15.01
1958
+ - 5.16.01
1959
+ - 5.17.01
1960
+ - 5.18.01
1961
+ - 5.19.01
1962
+ - 5.20.01
1963
+ - 5.21.01
1964
+ - 5.22.01
1965
+ - 5.23.01
1966
+ - 5.24.01
1967
+ - 5.25.01
1968
+ - 5.26.01
1969
+ - 5.27.01
1970
+ - 5.28.01
1971
+ - 6.2.01
1972
+ - 6.3.01
1973
+ - 6.4.01
1974
+ - 6.5.01
1975
+ - 6.6.01
1976
+ - 6.7.01
1977
+ - 6.8.01
1978
+ - 6.9.01
1979
+ - 6.10.01
1980
+ - 6.11.01
1981
+ - 6.12.01
1982
+ - 6.13.01
1983
+ - 6.14.01
1984
+ - 6.15.01
1985
+ - 6.16.01
1986
+ - 6.17.01
1987
+ - 6.18.01
1988
+ - 6.19.01
1989
+ - 6.20.01
1990
+ - 6.21.01
1991
+ - 6.22.01
1992
+ - 6.23.01
1993
+ - 6.24.01
1994
+ - 6.25.01
1995
+ - 6.26.01
1996
+ - 6.27.01
1997
+ - 6.28.01
1998
+ - 6.29.01
1999
+ - 6.30.01
2000
+ - 6.31.01
2001
+ - 6.32.01
2002
+ - 6.33.01
2003
+ - 6.34.01
2004
+ - 6.35.01
2005
+ - 6.36.01
1249
2006
  - group: Response to Requests for Multiple Patients’ Data
1250
- id: RESPONSE-8
2007
+ id: DAT-PAT-8
1251
2008
  SUT: |
1252
2009
  The health IT developer demonstrates the ability of the Health IT
1253
- Module to respond to requests for multiple patients’ data
1254
- according to the implementation specification adopted in §
1255
- 170.215(a)(4) for all of the FHIR resources associated with the
1256
- profiles and Data Elements specified in and according to the
1257
- standard adopted in § 170.213 and implementation specification
1258
- adopted in § 170.215(a)(2), including the following FHIR resources:
2010
+ Module to respond to requests for multiple patients’ data according to
2011
+ the implementation specification adopted in § 170.215(a)(4) for all of
2012
+ the FHIR® resources associated with the profiles and Data Elements
2013
+ specified in and according to the standard adopted in § 170.213 and
2014
+ implementation specification adopted in § 170.215(a)(2).:
1259
2015
  * “AllergyIntolerance”;
1260
2016
  * “CarePlan”;
1261
2017
  * “CareTeam”;
@@ -1266,23 +2022,22 @@ procedure:
1266
2022
  * “Encounter”;
1267
2023
  * “Goal”;
1268
2024
  * “Immunization”;
1269
- * “Location”;
2025
+ * “Location” (if supported);
1270
2026
  * “Medication” (if supported);
1271
2027
  * “MedicationRequest”;
1272
2028
  * “Observation”;
1273
2029
  * “Organization”;
1274
2030
  * “Patient”;
1275
- * “Practitioner”;
2031
+ * “Practitioner
1276
2032
  * “Procedure”; and
1277
- * “Provenance”;
2033
+ * “Provenance”.
1278
2034
  TLV: |
1279
- The tester verifies the ability of the Health IT
1280
- Module to respond to requests for multiple patients’ data
1281
- according to the implementation specification adopted in §
1282
- 170.215(a)(4) for all of the FHIR resources associated with the
1283
- profiles and Data Elements specified in and according to the
1284
- standard adopted in § 170.213 and implementation specification
1285
- adopted in § 170.215(a)(2), including the following FHIR resources:
2035
+ The tester verifies the ability of the Health IT Module to respond to
2036
+ requests for multiple patients’ data according to the implementation
2037
+ specification adopted in § 170.215(a)(4) for all of the FHIR®
2038
+ resources associated with the profiles and Data Elements specified in
2039
+ and according to the standard adopted in § 170.213 and implementation
2040
+ specification adopted in § 170.215(a)(2).
1286
2041
  * “AllergyIntolerance”;
1287
2042
  * “CarePlan”;
1288
2043
  * “CareTeam”;
@@ -1293,117 +2048,192 @@ procedure:
1293
2048
  * “Encounter”;
1294
2049
  * “Goal”;
1295
2050
  * “Immunization”;
1296
- * “Location”;
2051
+ * “Location” (if supported);
1297
2052
  * “Medication” (if supported);
1298
2053
  * “MedicationRequest”;
1299
2054
  * “Observation”;
1300
2055
  * “Organization”;
1301
2056
  * “Patient”;
1302
- * “Practitioner”;
2057
+ * “Practitioner
1303
2058
  * “Procedure”; and
1304
- * “Provenance”;
2059
+ * “Provenance”.
1305
2060
  inferno_supported: 'yes'
1306
2061
  inferno_tests:
1307
- - 5.3.03
1308
- - 5.3.06 - 5.3.21
1309
- - id: RESPONSE-9
2062
+ - 7.3.03
2063
+ - 7.3.06 - 7.3.23
2064
+ - 8.3.03
2065
+ - 8.3.06 - 8.3.23
2066
+ - id: DAT-PAT-16
1310
2067
  SUT: |
1311
2068
  The health IT developer demonstrates the ability of the Health IT
1312
- Module to limit the data returned to only those FHIR resources for
1313
- which the client is authorized according to the implementation
1314
- specification adopted in § 170.215(a)(4).
2069
+ Module to respond to requests for multiple patients’ data according to
2070
+ the implementation specification adopted in § 170.215(a)(4) for all of
2071
+ the FHIR® resources associated with the profiles and Data Elements
2072
+ specified in and according to the standard adopted in § 170.213 and
2073
+ implementation specification adopted in § 170.215(a)(2).
2074
+ * “AllergyIntolerance”;
2075
+ * “CarePlan”;
2076
+ * “CareTeam”;
2077
+ * “Condition”;
2078
+ * “Device”;
2079
+ * “DiagnosticReport”;
2080
+ * “DocumentReference”;
2081
+ * “Encounter”;
2082
+ * “Goal”;
2083
+ * “Immunization”;
2084
+ * “Location” (if supported);
2085
+ * “Medication” (if supported);
2086
+ * “MedicationRequest”;
2087
+ * “Observation”;
2088
+ * “Organization”;
2089
+ * “Patient”;
2090
+ * “Practitioner”
2091
+ * “Procedure”; and
2092
+ * “Provenance”.
2093
+ * “PractitionerRole” (if supported);
2094
+ * “QuestionnaireReponse” (if supported);
2095
+ * “RelatedPerson”; and
2096
+ * “ServiceRequest”
1315
2097
  TLV: |
1316
- The tester verifies the ability of the Health IT
1317
- Module to limit the data returned to only those FHIR resources for
2098
+ The health IT developer verifies the ability of the Health IT Module
2099
+ to respond to requests for multiple patients’ data according to the
2100
+ implementation specification adopted in § 170.215(a)(4) for all of the
2101
+ FHIR® resources associated with the profiles and Data Elements
2102
+ specified in and according to the standard adopted in § 170.213 and
2103
+ implementation specification adopted in § 170.215(a)(2).
2104
+ * “AllergyIntolerance”;
2105
+ * “CarePlan”;
2106
+ * “CareTeam”;
2107
+ * “Condition”;
2108
+ * “Device”;
2109
+ * “DiagnosticReport”;
2110
+ * “DocumentReference”;
2111
+ * “Encounter”;
2112
+ * “Goal”;
2113
+ * “Immunization”;
2114
+ * “Location” (if supported);
2115
+ * “Medication” (if supported);
2116
+ * “MedicationRequest”;
2117
+ * “Observation”;
2118
+ * “Organization”;
2119
+ * “Patient”;
2120
+ * “Practitioner”
2121
+ * “Procedure”; and
2122
+ * “Provenance”.
2123
+ * “PractitionerRole” (if supported);
2124
+ * “QuestionnaireReponse” (if supported);
2125
+ * “RelatedPerson”; and
2126
+ * “ServiceRequest”
2127
+ inferno_supported: 'yes'
2128
+ inferno_tests:
2129
+ - 7.3.03
2130
+ - 7.3.06 - 7.3.27
2131
+ - 8.3.03
2132
+ - 8.3.06 - 8.3.27
2133
+ - id: DAT-PAT-9
2134
+ SUT: |
2135
+ The health IT developer demonstrates the ability of the Health IT
2136
+ Module to limit the data returned to only those FHIR® resources for
1318
2137
  which the client is authorized according to the implementation
1319
2138
  specification adopted in § 170.215(a)(4).
2139
+ TLV: |
2140
+ The tester verifies the ability of the Health IT Module to limit the
2141
+ data returned to only those FHIR® resources for which the client is
2142
+ authorized according to the implementation specification adopted in §
2143
+ 170.215(a)(4).
1320
2144
  inferno_supported: 'yes'
1321
2145
  inferno_tests:
1322
- - 2.2.01 - 2.2.13
2146
+ - 2.3.01 - 2.3.15
1323
2147
  inferno_notes: |
1324
2148
  Inferno does not do this because there is no requirement to only
1325
2149
  supported a subset of the scopes.
1326
- - id: RESPONSE-10
2150
+ - id: DAT-PAT-10
1327
2151
  SUT: |
1328
2152
  The health IT developer demonstrates the ability of the Health IT
1329
2153
  Module to support a successful data response according to the
1330
2154
  implementation adopted in § 170.215(a)(4).
1331
2155
  TLV: |
1332
- The tester verifies the ability of the Health IT
1333
- Module to support a successful data response according to the
1334
- implementation adopted in § 170.215(a)(4).
2156
+ The tester verifies the ability of the Health IT Module to support a
2157
+ successful data response according to the implementation adopted in §
2158
+ 170.215(a)(4).
1335
2159
  inferno_supported: 'yes'
1336
2160
  inferno_tests:
1337
- - 5.2.04 - 5.2.05
1338
- - id: RESPONSE-11
2161
+ - 7.2.04 - 7.2.05
2162
+ - 8.2.04 - 8.2.05
2163
+ - id: DAT-PAT-11
1339
2164
  SUT: |
1340
2165
  The health IT developer demonstrates the ability of the Health IT
1341
2166
  Module to support a data response error according to the
1342
2167
  implementation adopted in § 170.215(a)(4).
1343
2168
  TLV: |
1344
- The tester verifies the ability of the Health IT
1345
- Module to support a data response error according to the
1346
- implementation adopted in § 170.215(a)(4).
2169
+ The tester verifies the ability of the Health IT Module to support a
2170
+ data response error according to the implementation adopted in §
2171
+ 170.215(a)(4).
1347
2172
  inferno_supported: 'yes'
1348
2173
  inferno_tests:
1349
- - 5.2.03
1350
- - id: RESPONSE-12
2174
+ - 7.2.03
2175
+ - 8.2.03
2176
+ - id: DAT-PAT-12
1351
2177
  SUT: |
1352
2178
  The health IT developer demonstrates the ability of the Health IT
1353
2179
  Module to support a bulk data delete request according to the
1354
2180
  implementation specification adopted in § 170.215(a)(4).
1355
2181
  TLV: |
1356
- The tester verifies the ability of the Health IT
1357
- Module to support a bulk data delete request according to the
1358
- implementation specification adopted in § 170.215(a)(4).
2182
+ The tester verifies the ability of the Health IT Module to support a
2183
+ bulk data delete request according to the implementation specification
2184
+ adopted in § 170.215(a)(4).
1359
2185
  inferno_supported: 'yes'
1360
2186
  inferno_tests:
1361
- - 5.2.07
1362
- - id: RESPONSE-13
2187
+ - 7.2.07
2188
+ - 8.2.07
2189
+ - id: DAT-PAT-13
1363
2190
  SUT: |
1364
2191
  The health IT developer demonstrates the ability of the Health IT
1365
2192
  Module to support a bulk data status request according to the
1366
2193
  implementation specification adopted in § 170.215(a)(4).
1367
2194
  TLV: |
1368
- The tester verifies the ability of the Health IT
1369
- Module to support a bulk data status request according to the
1370
- implementation specification adopted in § 170.215(a)(4).
2195
+ The tester verifies the ability of the Health IT Module to support a
2196
+ bulk data status request according to the implementation specification
2197
+ adopted in § 170.215(a)(4).
1371
2198
  inferno_supported: 'yes'
1372
2199
  inferno_tests:
1373
- - 5.2.05 - 5.2.06
1374
- - id: RESPONSE-14
2200
+ - 7.2.05 - 7.2.06
2201
+ - 8.2.05 - 8.2.06
2202
+ - id: DAT-PAT-14
1375
2203
  SUT: |
1376
2204
  The health IT developer demonstrates the ability of the Health IT
1377
2205
  Module to support a file request according to the implementation
1378
2206
  specification adopted in § 170.215(a)(4), including support for the
1379
2207
  “ndjson” format for files provided.
1380
2208
  TLV: |
1381
- The tester verifies the ability of the Health IT
1382
- Module to support a file request according to the implementation
1383
- specification adopted in § 170.215(a)(4), including support for the
1384
- “ndjson” format for files provided.
2209
+ The tester verifies the ability of the Health IT Module to support a
2210
+ file request according to the implementation specification adopted in
2211
+ § 170.215(a)(4), including support for the “ndjson” format for files
2212
+ provided.
1385
2213
  inferno_supported: 'yes'
1386
2214
  inferno_tests:
1387
- - 5.3.01 - 5.3.21
1388
- - id: RESPONSE-15
2215
+ - 7.3.01 - 7.3.27
2216
+ - 8.3.01 - 8.3.27
2217
+ - id: DAT-PAT-15
1389
2218
  SUT: |
1390
- The health IT developer demonstrates that the information
1391
- provided as part of this data response includes data for patients in
1392
- the group identifier provided during the “group-export” request.
2219
+ The health IT developer demonstrates that the information provided as
2220
+ part of this data response includes data for patients in the group
2221
+ identifier provided during the “group-export” request.
1393
2222
  TLV: |
1394
- The tester verifies the information
1395
- provided as part of this data response includes data for patients in
1396
- the group identifier provided during the “group-export” request.
2223
+ The tester verifies the information provided as part of this data
2224
+ response includes data for patients in the group identifier provided
2225
+ during the “group-export” request.
1397
2226
  inferno_supported: 'yes'
1398
2227
  inferno_tests:
1399
- - 5.3.05
2228
+ - 7.3.05
2229
+ - 8.3.05
1400
2230
  - section: Paragraph (g)(10)(viii) – Documentation
1401
2231
  steps:
1402
2232
  - group: Supported Search Operations for a Single Patient’s Data
1403
- id: DOCUMENTATION-1
2233
+ id: API-DOC-1
1404
2234
  SUT: |
1405
- The health IT developer supplies documentation describing the
1406
- API(s) of the Health IT Module and includes at a minimum:
2235
+ The health IT developer supplies documentation describing the API(s)
2236
+ of the Health IT Module and includes at a minimum:
1407
2237
  * API syntax;
1408
2238
  * Function names;
1409
2239
  * Required and optional parameters supported and their data types;
@@ -1411,10 +2241,12 @@ procedure:
1411
2241
  * Exceptions and exception handling methods and their returns;
1412
2242
  * Mandatory software components;
1413
2243
  * Mandatory software configurations; and
1414
- * All technical requirements and attributes necessary for registration.
2244
+ * All technical requirements and attributes necessary for
2245
+ registration.
1415
2246
  TLV: |
1416
- The tester verifies the
1417
- API(s) of the Health IT Module and includes at a minimum:
2247
+ The tester verifies that the documentation supplied by the health IT
2248
+ developer describing the API(s) of the Health IT Module includes at a
2249
+ minimum:
1418
2250
  * API syntax;
1419
2251
  * Function names;
1420
2252
  * Required and optional parameters supported and their data types;
@@ -1422,21 +2254,33 @@ procedure:
1422
2254
  * Exceptions and exception handling methods and their returns;
1423
2255
  * Mandatory software components;
1424
2256
  * Mandatory software configurations; and
1425
- * All technical requirements and attributes necessary for registration.
2257
+ * All technical requirements and attributes necessary for
2258
+ registration.
2259
+ inferno_supported: 'yes'
2260
+ inferno_tests:
2261
+ - 9.10.09
2262
+ - id: API-DOC-2
2263
+ SUT: |
2264
+ The health IT developer demonstrates that the documentation described
2265
+ in step 1, of this section is available via a publicly accessible
2266
+ hyperlink that does not require preconditions or additional steps to
2267
+ access.
2268
+ TLV: |
2269
+ The tester verifies the documentation described in step 1, of this
2270
+ section is available via a publicly accessible hyperlink that does not
2271
+ require preconditions or additional steps to access.
1426
2272
  inferno_supported: 'yes'
1427
2273
  inferno_tests:
1428
- - 6.5.09
1429
- - id: DOCUMENTATION-2
2274
+ - 9.10.09
2275
+ - id: API-DOC-3
1430
2276
  SUT: |
1431
- The health IT developer demonstrates that the documentation
1432
- described in step 1 of this section is available via a publicly
1433
- accessible hyperlink that does not require preconditions or
1434
- additional steps to access.
2277
+ To fulfill the API Maintenance of Certification requirement at §
2278
+ 170.404(b)(2), the health IT developer demonstrates the public
2279
+ location of its certified API technology service base URLs.
1435
2280
  TLV: |
1436
- The tester verifies the documentation
1437
- described in step 1 of this section is available via a publicly
1438
- accessible hyperlink that does not require preconditions or
1439
- additional steps to access.
2281
+ To fulfill the API Maintenance of Certification requirement at §
2282
+ 170.404(b)(2), the tester verifies the public location of the health
2283
+ IT developer's certified API technology service base URLs.
1440
2284
  inferno_supported: 'yes'
1441
2285
  inferno_tests:
1442
- - 6.5.09
2286
+ - 9.10.14