onc_certification_g10_test_kit 5.4.2 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. checksums.yaml +4 -4
  2. data/lib/onc_certification_g10_test_kit/base_token_refresh_stu2_group.rb +49 -0
  3. data/lib/onc_certification_g10_test_kit/multi_patient_api_stu1.rb +13 -8
  4. data/lib/onc_certification_g10_test_kit/multi_patient_api_stu2.rb +12 -7
  5. data/lib/onc_certification_g10_test_kit/onc_program_procedure.yml +448 -468
  6. data/lib/onc_certification_g10_test_kit/short_id_map.yml +227 -17
  7. data/lib/onc_certification_g10_test_kit/single_patient_api_group.rb +6 -1
  8. data/lib/onc_certification_g10_test_kit/single_patient_us_core_4_api_group.rb +6 -1
  9. data/lib/onc_certification_g10_test_kit/single_patient_us_core_6_api_group.rb +8 -5
  10. data/lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb +16 -17
  11. data/lib/onc_certification_g10_test_kit/smart_asymmetric_launch_group.rb +194 -0
  12. data/lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group.rb +2 -4
  13. data/lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group_stu2.rb +7 -6
  14. data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb +23 -7
  15. data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_group.rb +188 -0
  16. data/lib/onc_certification_g10_test_kit/smart_granular_scope_selection_group.rb +150 -0
  17. data/lib/onc_certification_g10_test_kit/smart_granular_scope_selection_test.rb +53 -0
  18. data/lib/onc_certification_g10_test_kit/smart_invalid_pkce_group.rb +6 -7
  19. data/lib/onc_certification_g10_test_kit/smart_invalid_token_group.rb +8 -10
  20. data/lib/onc_certification_g10_test_kit/smart_invalid_token_group_stu2.rb +7 -9
  21. data/lib/onc_certification_g10_test_kit/smart_limited_app_group.rb +5 -3
  22. data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group.rb +14 -16
  23. data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group_stu2.rb +28 -4
  24. data/lib/onc_certification_g10_test_kit/smart_scopes_test.rb +34 -25
  25. data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb +20 -9
  26. data/lib/onc_certification_g10_test_kit/smart_v1_scopes_group.rb +241 -0
  27. data/lib/onc_certification_g10_test_kit/tasks/generate_matrix.rb +75 -51
  28. data/lib/onc_certification_g10_test_kit/token_introspection_group.rb +110 -0
  29. data/lib/onc_certification_g10_test_kit/token_revocation_group.rb +1 -1
  30. data/lib/onc_certification_g10_test_kit/version.rb +1 -1
  31. data/lib/onc_certification_g10_test_kit/visual_inspection_and_attestations_group.rb +57 -37
  32. data/lib/onc_certification_g10_test_kit.rb +84 -18
  33. metadata +13 -6
data/lib/onc_certification_g10_test_kit/onc_program_procedure.yml CHANGED
@@ -1,4 +1,4 @@
1
- procedure:
1
+ procedure:
2
2
  - section: Paragraph (g)(10)(iii) - Application registration
3
3
  steps:
4
4
  - group: Application Registration
@@ -16,7 +16,7 @@ procedure:
16
16
  registration functions to enable authentication and authorization in §
17
17
  170.315(g)(10)(v).
18
18
  inferno_tests:
19
- - 9.10.01
19
+ - '11.01'
20
20
  inferno_supported: 'yes'
21
21
  inferno_notes: |
22
22
  This requires a visual inspection and attestation because it is not
@@ -36,7 +36,7 @@ procedure:
36
36
  registration functions to enable authentication and authorization in §
37
37
  170.315(g)(10)(v).
38
38
  inferno_tests:
39
- - 9.10.02
39
+ - '11.02'
40
40
  inferno_supported: 'yes'
41
41
  inferno_notes: |
42
42
  This requires a visual inspection and attestation because it is not
@@ -50,7 +50,7 @@ procedure:
50
50
  For all transmissions between the Health IT Module and the
51
51
  application, the health IT developer demonstrates the use of a secure
52
52
  and trusted connection in accordance with the implementation
53
- specifications adopted in § 170.215(a)(2) and § 170.215(a)(3),
53
+ specifications adopted in § 170.215(b)(1) and § 170.215(c),
54
54
  including:
55
55
  * Using TLS version 1.2 or higher; and
56
56
  * Conformance to FHIR® Communications Security requirements.
@@ -58,7 +58,7 @@ procedure:
58
58
  For all transmissions between the Health IT Module and the
59
59
  application, the tester verifies the use of a secure and trusted
60
60
  connection in accordance with the implementation specifications
61
- adopted in § 170.215(a)(2) and § 170.215(a)(3), including:
61
+ adopted in § 170.215(b)(1) and § 170.215(c), including:
62
62
  * Using TLS version 1.2 or higher; and
63
63
  * Conformance to FHIR® Communications Security requirements.
64
64
  inferno_supported: 'yes'
@@ -92,7 +92,19 @@ procedure:
92
92
  - 9.8.06
93
93
  - 9.9.03
94
94
  - 9.9.06
95
- - 9.10.15
95
+ - '11.15'
96
+ - 9.11.1.2.01
97
+ - 9.11.1.2.04
98
+ - 9.12.2.01
99
+ - 9.12.2.04
100
+ - 9.13.2.01
101
+ - 9.13.2.04
102
+ - 9.14.1.1.2.01
103
+ - 9.14.1.1.2.04
104
+ - 9.14.2.1.2.01
105
+ - 9.14.2.1.2.04
106
+ - 9.15.2.01
107
+ - 9.15.2.04
96
108
  inferno_notes: |
97
109
  Inferno tests that all endpoints provided support at least TLS
98
110
  version 1.2, and rejects all requests for TLS version 1.1 or below.
@@ -110,12 +122,12 @@ procedure:
110
122
  The health IT developer demonstrates the ability of the Health IT
111
123
  Module to support the following for “EHR-Launch,” “Standalone-Launch,”
112
124
  and “Both” (“EHR-Launch” and “Standalone-Launch”) as specified in the
113
- implementation specification adopted in § 170.215(a)(3).
125
+ implementation specification adopted in § 170.215(c)(1).
114
126
  TLV: |
115
127
  The tester verifies the ability of the Health IT Module to support the
116
128
  following for “EHR-Launch,” “Standalone-Launch,” and “Both”
117
129
  (“EHR-Launch” and “Standalone-Launch”) as specified in the
118
- implementation specification adopted in § 170.215(a)(3).
130
+ implementation specification adopted in § 170.215(c)(1).
119
131
  inferno_supported: 'yes'
120
132
  inferno_tests:
121
133
  - 1.3.01 - 1.3.07
@@ -131,14 +143,14 @@ procedure:
131
143
  Health IT Module to initiate a “launch sequence” using the
132
144
  “launch-ehr" “SMART on FHIR® Core Capability” SMART EHR Launch mode
133
145
  detailed in the implementation specification adopted in §
134
- 170.215(a)(3), including:
146
+ 170.215(c)(1), including:
135
147
  * Launching the registered launch URL of the application; and
136
148
  * Passing the parameters: “iss” and “launch”.
137
149
  TLV: |
138
150
  [EHR-Launch] The tester verifies the ability of the Health IT Module
139
151
  to initiate a “launch sequence” using the “launch-ehr" “SMART on FHIR®
140
152
  Core Capability” SMART EHR Launch mode detailed in the implementation
141
- specification adopted in § 170.215(a)(3), including:
153
+ specification adopted in § 170.215(c)(1), including:
142
154
  * Launching the registered launch URL of the application; and
143
155
  * Passing the parameters: “iss” and “launch”.
144
156
  inferno_supported: 'yes'
@@ -152,12 +164,12 @@ procedure:
152
164
  [Standalone-Launch] The health IT developer demonstrates the ability
153
165
  of the Health IT Module to launch using the “launch-standalone" “SMART
154
166
  on FHIR® Core Capability” SMART Standalone Launch mode detailed in the
155
- implementation specification adopted in § 170.215(a)(3).
167
+ implementation specification adopted in § 170.215(c)(1).
156
168
  TLV: |
157
169
  [Standalone-Launch] The tester verifies the ability of the Health IT
158
170
  Module to launch using the “launch-standalone" “SMART on FHIR® Core
159
171
  Capability” SMART Standalone Launch mode detailed in the
160
- implementation specification adopted in § 170.215(a)(3).
172
+ implementation specification adopted in § 170.215(c)(1).
161
173
  inferno_supported: 'yes'
162
174
  inferno_tests:
163
175
  - 1.3.02
@@ -179,15 +191,15 @@ procedure:
179
191
  SUT: |
180
192
  [Both] The health IT developer demonstrates the ability of the Health
181
193
  IT Module to support the following as detailed in the implementation
182
- specification adopted in § 170.215(a)(3) and standard adopted in §
194
+ specification adopted in § 170.215(c)(1) and standard adopted in §
183
195
  170.215(a)(1):
184
- * The “.well-known/smart-configuration.json” path; and
196
+ * The “.well-known/smart-configuration” path; and
185
197
  * A FHIR® “CapabilityStatement”.
186
198
  TLV: |
187
199
  [Both] The tester verifies the ability of the Health IT Module to
188
200
  support the following as detailed in the implementation specification
189
- adopted in § 170.215(a)(3) and standard adopted in § 170.215(a)(1):
190
- * The “.well-known/smart-configuration.json” path; and
201
+ adopted in § 170.215(c)(1) and standard adopted in § 170.215(a)(1):
202
+ * The “.well-known/smart-configuration” path; and
191
203
  * A FHIR® “CapabilityStatement”.
192
204
  inferno_supported: 'yes'
193
205
  inferno_tests:
@@ -196,14 +208,14 @@ procedure:
196
208
  - id: AUT-PAT-24
197
209
  SUT: |
198
210
  [Both] The health IT developer demonstrates the ability of the Health
199
- IT Module to support a “.well-known/smart-configuration.json” path as
211
+ IT Module to support a “.well-known/smart-configuration” path as
200
212
  detailed in the implementation specification adopted in §
201
- 170.215(a)(3) and standard adopted in § 170.215(a)(1).
213
+ 170.215(c)(2) and standard adopted in § 170.215(a)(1).
202
214
  TLV: |
203
215
  [Both] The tester verifies the ability of the Health IT Module to
204
- support a “.well-known/smart-configuration.json” path as detailed in
205
- the implementation specification adopted in § 170.215(a)(3) and
206
- standard adopted in § 170.215(a)(1).
216
+ support a “.well-known/smart-configuration” path as detailed in the
217
+ implementation specification adopted in § 170.215(c)(2) and standard
218
+ adopted in § 170.215(a)(1).
207
219
  inferno_supported: 'yes'
208
220
  inferno_tests:
209
221
  - 1.2.01 - 1.2.03
@@ -211,18 +223,18 @@ procedure:
211
223
  - id: AUT-PAT-6
212
224
  SUT: |
213
225
  [Both] The health IT developer demonstrates the ability of the
214
- “.well-known/smart-configuration.json” path to support at least the
226
+ “.well-known/smart-configuration” path to support at least the
215
227
  following as detailed in the implementation specification adopted in §
216
- 170.215(a)(3):
228
+ 170.215(c)(1):
217
229
  * “authorization_endpoint”;
218
230
  * “token_endpoint”; and
219
231
  * “capabilities” (including support for all the “SMART on FHIR® Core
220
232
  Capabilities”).
221
233
  TLV: |
222
234
  [Both] The tester verifies the ability of the
223
- “.well-known/smart-configuration.json” path to support at least the
235
+ “.well-known/smart-configuration” path to support at least the
224
236
  following as detailed in the implementation specification adopted in §
225
- 170.215(a)(3):
237
+ 170.215(c)(1):
226
238
  * “authorization_endpoint”;
227
239
  * “token_endpoint”; and
228
240
  * “capabilities” (including support for all the “SMART on FHIR® Core
@@ -240,19 +252,18 @@ procedure:
240
252
  - id: AUT-PAT-25
241
253
  SUT: |
242
254
  [Both] The health IT developer demonstrates the ability of the
243
- “.well-known/smart-configuration.json” path to support at least the
255
+ “.well-known/smart-configuration” path to support at least the
244
256
  following as detailed in the implementation specification adopted in §
245
- 170.215(a)(3):
246
-
257
+ 170.215(c)(2):
247
258
  * “authorization_endpoint”;
248
259
  * “token_endpoint”;
249
260
  * “capabilities” including support for “launch-ehr",
250
- “launch-standalone”, “client-public”,
251
- “client-confidential-symmetric",sso-openid-connect",
252
- “context-banner”, “context-style”, “context-ehr-patient",
253
- “context-standalone-patient", “permission-offline”,
254
- “permission-patient”, “permission-user”, “authorize-post”,
255
- “permission-v2”;
261
+ “launch-standalone”, “authorize-post”, “client-public”,
262
+ “client-confidential-symmetric”,client-confidential-asymmetric”,
263
+ sso-openid-connect", “context-banner”, “context-style”,
264
+ “context-ehr-patient", “context-standalone-patient",
265
+ “permission-offline”, “permission-patient”, “permission-user”,
266
+ authorize-post”, “permission-v1”, “permission-v2”;
256
267
  * “grant_types_supported” with support for “authorization_code” and
257
268
  “client_credentials”; and
258
269
  * “code_challenge_methods_supported” with support for “S256” and shall
@@ -263,19 +274,18 @@ procedure:
263
274
  * "context-ehr-encounter"
264
275
  TLV: |
265
276
  [Both] The tester verifies the ability of the
266
- “.well-known/smart-configuration.json” path to support at least the
277
+ “.well-known/smart-configuration” path to support at least the
267
278
  following as detailed in the implementation specification adopted in §
268
- 170.215(a)(3):
269
-
279
+ 170.215(c)(2):
270
280
  * “authorization_endpoint”;
271
281
  * “token_endpoint”;
272
282
  * “capabilities” including support for “launch-ehr",
273
- “launch-standalone”, “client-public”,
274
- “client-confidential-symmetric", “sso-openid-connect",
275
- “context-banner”, “context-style”, “context-ehr-patient",
276
- “context-standalone-patient", “permission-offline”,
277
- “permission-patient”, “permission-user”, “authorize-post”,
278
- “permission-v2”;
283
+ “launch-standalone”, “authorize-post”, “client-public”,
284
+ “client-confidential-symmetric", “client-confidential-asymmetric”,
285
+ sso-openid-connect", “context-banner”, “context-style”,
286
+ “context-ehr-patient", “context-standalone-patient",
287
+ “permission-offline”, “permission-patient”, “permission-user”,
288
+ authorize-post”, “permission-v1”, “permission-v2”;
279
289
  * “grant_types_supported” with support for “authorization_code” and
280
290
  “client_credentials”; and
281
291
  * “code_challenge_methods_supported” with support for “S256” and shall
@@ -293,14 +303,14 @@ procedure:
293
303
  [Both] The health IT developer demonstrates the ability of the FHIR®
294
304
  “CapabilityStatement” to support at least the following components as
295
305
  detailed in the implementation specification adopted in §
296
- 170.215(a)(3) and standard adopted in § 170.215(a)(1), including:
306
+ 170.215(c)(1) and standard adopted in § 170.215(a)(1), including:
297
307
  * “authorize”; and
298
308
  * “token”.
299
309
  TLV: |
300
310
  [Both] The tester verifies the ability of the FHIR®
301
311
  “CapabilityStatement” to support at least the following components as
302
312
  detailed in the implementation specification adopted in §
303
- 170.215(a)(3) and standard adopted in § 170.215(a)(1), including:
313
+ 170.215(c)(1) and standard adopted in § 170.215(a)(1), including:
304
314
  * “authorize”; and
305
315
  * “token”.
306
316
  inferno_supported: 'yes'
@@ -315,7 +325,7 @@ procedure:
315
325
  SUT: |
316
326
  [Both] The health IT developer demonstrates the ability of the Health
317
327
  IT Module to receive an authorization request according to the
318
- implementation specification adopted in § 170.215(a)(3), including
328
+ implementation specification adopted in § 170.215(c)(1), including
319
329
  support for the following parameters:
320
330
  * “response_type”;
321
331
  * “client_id”;
@@ -327,7 +337,7 @@ procedure:
327
337
  TLV: |
328
338
  [Both] The tester verifies the ability of the Health IT Module to
329
339
  receive an authorization request according to the implementation
330
- specification adopted in § 170.215(a)(3), including support for the
340
+ specification adopted in § 170.215(c)(1), including support for the
331
341
  following parameters:
332
342
  * “response_type”;
333
343
  * “client_id”;
@@ -344,7 +354,7 @@ procedure:
344
354
  SUT: |
345
355
  [Both] The health IT developer demonstrates the ability of the Health
346
356
  IT Module to receive an authorization request according to the
347
- implementation specification adopted in § 170.215(a)(3), including
357
+ implementation specification adopted in § 170.215(c)(2), including
348
358
  support for the following parameters:
349
359
  * “response_type”;
350
360
  * “client_id”;
@@ -358,7 +368,7 @@ procedure:
358
368
  TLV: |
359
369
  [Both] The tester verifies the ability of the Health IT Module to
360
370
  receive an authorization request according to the implementation
361
- specification adopted in § 170.215(a)(3), including support for the
371
+ specification adopted in § 170.215(c)(2), including support for the
362
372
  following parameters:
363
373
  * “response_type”;
364
374
  * “client_id”;
@@ -378,12 +388,12 @@ procedure:
378
388
  [Both] The health IT developer demonstrates the ability of the Health
379
389
  IT Module’s Authorization Server to support the use of the HTTP GET
380
390
  and POST methods at the Authorization Endpoint as detailed in the
381
- implementation specification adopted in § 170.215(a)(3).
391
+ implementation specification adopted in § 170.215(c)(2).
382
392
  TLV: |
383
393
  [Both] The tester verifies the ability of the Health IT Module’s
384
394
  Authorization Server to support the use of the HTTP GET and POST
385
395
  methods at the Authorization Endpoint as detailed in the
386
- implementation specification adopted in § 170.215(a)(3).
396
+ implementation specification adopted in § 170.215(c)(2).
387
397
  inferno_supported: 'yes'
388
398
  inferno_tests:
389
399
  - 1.4.05 - 1.4.07
@@ -393,10 +403,10 @@ procedure:
393
403
  [Both] The health IT developer demonstrates the ability of the Health
394
404
  IT Module to support the receipt of the following scopes and
395
405
  capabilities according to the implementation specification adopted in
396
- § 170.215(a)(3) and standard adopted in § 170.215(b):
406
+ § 170.215(c)(1) and standard adopted in § 170.215(e)(1):
397
407
  * “openid” (to support “sso-openid-connect” “SMART on FHIR® Core
398
408
  Capability”);
399
- * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR® Core
409
+ * “fhirUser” (to support “sso-openid-connect” “SMART on FHIR® Core
400
410
  Capability”);
401
411
  * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
402
412
  Core Capability” for EHR-Launch mode only);
@@ -414,11 +424,11 @@ procedure:
414
424
  TLV: |
415
425
  [Both] The tester verifies the ability of the Health IT Module to
416
426
  support the receipt of the following scopes according to the
417
- implementation specification adopted in § 170.215(a)(3) and standard
418
- adopted in § 170.215(b):
427
+ implementation specification adopted in § 170.215(c)(1) and standard
428
+ adopted in § 170.215(e)(1):
419
429
  * “openid” (to support “sso-openid-connect” “SMART on FHIR® Core
420
430
  Capability”);
421
- * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR® Core
431
+ * “fhirUser” (to support “sso-openid-connect” “SMART on FHIR® Core
422
432
  Capability”);
423
433
  * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
424
434
  Core Capability” for EHR-Launch mode only);
@@ -449,10 +459,10 @@ procedure:
449
459
  [Both] The health IT developer demonstrates the ability of the Health
450
460
  IT Module to support the receipt of the following scopes and
451
461
  capabilities according to the implementation specification adopted in
452
- § 170.215(a)(3) and standard adopted in § 170.215(b):
462
+ § 170.215(c)(2) and standard adopted in § 170.215(e)(1):
453
463
  * “openid” (to support “sso-openid-connect” “SMART on FHIR®
454
464
  Capability”);
455
- * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR®
465
+ * “fhirUser” (to support “sso-openid-connect” “SMART on FHIR®
456
466
  Capability”);
457
467
  * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
458
468
  Capability” for EHR-Launch mode only);
@@ -464,19 +474,28 @@ procedure:
464
474
  * “offline_access” (to support “permission-offline” “SMART on FHIR®
465
475
  Capability”);
466
476
  * Patient-level scopes (to support “permission-patient” and “SMART on
467
- FHIR® Capability”); and
477
+ FHIR® Capability”);
468
478
  * User-level scopes (to support “permission-user” “SMART on FHIR®
469
- Capability”).
470
- * SMARTv2 scope syntax for patient-level and user-level scopes (to
471
- support “permission-v2” “SMART on FHIR® Capability”)
479
+ Capability”); and
480
+ * SMART v1 scope syntax for patient-level and user-level scopes to
481
+ support the “permission-v1” “SMART on FHIR® Capability”
482
+ * SMART v2 scope syntax for patient-level and user-level scopes to
483
+ support the “permission-v2” “SMART on FHIR® Capability”, including
484
+ support for finer-grained resource constraints using search
485
+ parameters according to section 3.0.2.3 of the implementation
486
+ specification at § 170.215(c)(2) for the “category” parameter for
487
+ the following resources: (1) Condition resource with Condition
488
+ sub-resources Encounter Diagnosis, Problem List, and Health Concern;
489
+ and (2) Observation resource with Observation sub-resources Clinical
490
+ Test, Laboratory, Social History, SDOH, Survey, and Vital Signs
472
491
  TLV: |
473
492
  [Both] The tester verifies the ability of the Health IT Module to
474
493
  support the receipt of the following scopes and capabilities according
475
- to the implementation specification adopted in § 170.215(a)(3) and
476
- standard adopted in § 170.215(b):
494
+ to the implementation specification adopted in § 170.215(c)(2) and
495
+ standard adopted in § 170.215(e)(1):
477
496
  * “openid” (to support “sso-openid-connect” “SMART on FHIR®
478
497
  Capability”);
479
- * “FHIR®User” (to support “sso-openid-connect” “SMART on FHIR®
498
+ * “fhirUser” (to support “sso-openid-connect” “SMART on FHIR®
480
499
  Capability”);
481
500
  * “need_patient_banner” (to support “context-banner” “SMART on FHIR®
482
501
  Capability” for EHR-Launch mode only);
@@ -488,15 +507,29 @@ procedure:
488
507
  * “offline_access” (to support “permission-offline” “SMART on FHIR®
489
508
  Capability”);
490
509
  * Patient-level scopes (to support “permission-patient” and “SMART on
491
- FHIR® Capability”); and
510
+ FHIR® Capability”);
492
511
  * User-level scopes (to support “permission-user” “SMART on FHIR®
493
- Capability”).
494
- * SMARTv2 scope syntax for patient-level and user-level scopes (to
495
- support “permission-v2” “SMART on FHIR® Capability”)
512
+ Capability”); and
513
+ * SMART v1 scope syntax for patient-level and user-level scopes to
514
+ support the “permission-v1” “SMART on FHIR® Capability”
515
+ * SMART v2 scope syntax for patient-level and user-level scopes to
516
+ support the “permission-v2” “SMART on FHIR® Capability”, including
517
+ support for finer-grained resource constraints using search
518
+ parameters according to section 3.0.2.3 of the implementation
519
+ specification at § 170.215(c)(2) for the “category” parameter for
520
+ the following resources: (1) Condition resource with Condition
521
+ sub-resources Encounter Diagnosis, Problem List, and Health Concern;
522
+ and (2) Observation resource with Observation sub-resources Clinical
523
+ Test, Laboratory, Social History, SDOH, Survey, and Vital Signs
496
524
  inferno_supported: 'yes'
497
525
  inferno_tests:
498
526
  - 1.4.02
499
527
  - 3.4.04
528
+ - 9.13.2.02
529
+ - 9.14.1.1.2.02
530
+ - 9.14.2.1.2.02
531
+ - '11.18'
532
+ - 9.15.2.05
500
533
  inferno_notes: |
501
534
  This step refers to only the receipt of these scopes, which is covered in
502
535
  Inferno in one step in each the EHR and Standalone launch cases. However,
@@ -511,9 +544,9 @@ procedure:
511
544
  input, if applicable (required for patient-facing applications),
512
545
  including the ability for the end-user to authorize an application to
513
546
  receive EHI based on FHIR® resource-level scopes for all of the FHIR®
514
- resources associated with the profiles specified in the standard
515
- adopted in § 170.213 and implementation specification adopted in
516
- § 170.215(a)(2).
547
+ resources associated with the profiles specified in a standard adopted
548
+ in § 170.213 and the corresponding implementation specification
549
+ adopted in § 170.215(b)(1).
517
550
 
518
551
  If using US Core 3.1.1, 4.0.0, or 6.1.0 these resources include:
519
552
 
@@ -546,8 +579,9 @@ procedure:
546
579
  applicable (required for patient-facing applications), including the
547
580
  ability for the end-user to authorize an application to receive EHI
548
581
  based on FHIR® resource-level scopes for all of the FHIR® resources
549
- associated with the profiles specified in the standard adopted in
550
- § 170.213 and implementation specification adopted in § 170.215(a)(2).
582
+ associated with the profiles specified in a standard adopted in
583
+ § 170.213 and the corresponding implementation specification adopted
584
+ in § 170.215(b)(1).
551
585
 
552
586
  If using US Core 3.1.1, 4.0.0, or 6.1.0 these resources include:
553
587
 
@@ -620,28 +654,20 @@ procedure:
620
654
  - 2.1.05
621
655
  - 2.2.02
622
656
  - 2.2.05
623
- - 1.7.01 - 1.7.20
624
- - 2.3.01 - 2.3.19
625
- inferno_notes: |
626
- Inferno verifies that end-user input is requested by requiring one app
627
- launch have complete access to required resources and having one app
628
- launch have limited access based on the preferences of the tester.
629
- Inferno requests full resource and 'offline_access' access, and the tester
630
- is expected to select the correct subset of resources and deny 'offline_access'
631
- based on previously selected preferences.
657
+ - '11.04'
632
658
  - id: AUT-PAT-12
633
659
  SUT: |
634
660
  [Both] The health IT developer demonstrates the ability of the Health
635
661
  IT Module to deny an application’s authorization request according to
636
662
  a patient’s preferences selected in AUT-PAT-10, and AUT-PAT-11, of
637
663
  this section in accordance with the implementation specification
638
- adopted in § 170.215(a)(3).
664
+ adopted in § 170.215(c)(1).
639
665
  TLV: |
640
666
  [Both] The tester verifies the ability of the Health IT Module to deny
641
667
  an application’s authorization request according to a patient’s
642
668
  preferences selected in AUT-PAT-10, and AUT-PAT-11, of this section in
643
669
  accordance with the implementation specification adopted in §
644
- 170.215(a)(3).
670
+ 170.215(c)(1).
645
671
  inferno_supported: 'yes'
646
672
  inferno_tests:
647
673
  - 1.3.02
@@ -667,12 +693,12 @@ procedure:
667
693
  Health IT Module to establish a patient in context if an application
668
694
  requests a clinical scope which is restricted to a single patient as
669
695
  detailed in the implementation specification adopted in §
670
- 170.215(a)(3).
696
+ 170.215(c)(2).
671
697
  TLV: |
672
698
  [EHR-Launch] The tester verifies the ability of the Health IT Module
673
699
  to establish a patient in context if an application requests a
674
700
  clinical scope which is restricted to a single patient as detailed in
675
- the implementation specification adopted in § 170.215(a)(3).
701
+ the implementation specification adopted in § 170.215(c)(2).
676
702
  inferno_supported: 'yes'
677
703
  inferno_tests:
678
704
  - 9.9.01 - 9.9.10
@@ -697,7 +723,7 @@ procedure:
697
723
  [Both] The health IT developer demonstrates the ability of the Health
698
724
  IT Module to grant an application access to EHI by returning an
699
725
  authorization code to the application according to the implementation
700
- specification adopted in § 170.215(a)(3), including the following
726
+ specification adopted in § 170.215(c)(1), including the following
701
727
  parameters:
702
728
  * “code”; and
703
729
  * “state”.
@@ -705,7 +731,7 @@ procedure:
705
731
  [Both] The tester verifies the ability of the Health IT Module to
706
732
  grant an application access to EHI by returning an authorization code
707
733
  to the application according to the implementation specification
708
- adopted in § 170.215(a)(3), including the following parameters:
734
+ adopted in § 170.215(c)(1), including the following parameters:
709
735
  * “code”; and
710
736
  * “state”.
711
737
  inferno_supported: 'yes'
@@ -719,25 +745,32 @@ procedure:
719
745
  [Both] The health IT developer demonstrates the ability of the Health
720
746
  IT Module to receive the following parameters from an application
721
747
  according to the implementation specification adopted in §
722
- 170.215(a)(3):
748
+ 170.215(c)(1):
723
749
  * “grant_type”;
724
750
  * “code”;
725
751
  * “redirect_uri”;
726
- * “client_id”; and
727
- * Authorization header including “client_id” and “client_secret”.
752
+ * “client_id (to support “client-public” “SMART on FHIR®
753
+ Capability); and
754
+ * Authorization header including “client_id” and “client_secret” (to
755
+ support “client-confidential-symmetric” “SMART on FHIR®
756
+ Capability”).
728
757
  TLV: |
729
758
  [Both] The tester verifies the ability of the Health IT Module to
730
759
  receive the following parameters from an application according to the
731
- implementation specification adopted in § 170.215(a)(3):
760
+ implementation specification adopted in § 170.215(c)(1):
732
761
  * “grant_type”;
733
762
  * “code”;
734
763
  * “redirect_uri”;
735
- * “client_id”; and
736
- * Authorization header including “client_id” and “client_secret”.
764
+ * “client_id (to support “client-public” “SMART on FHIR®
765
+ Capability); and
766
+ * Authorization header including “client_id” and “client_secret” (to
767
+ support “client-confidential-symmetric” “SMART on FHIR®
768
+ Capability”).
737
769
  inferno_supported: 'yes'
738
770
  inferno_tests:
739
771
  - 1.3.05
740
772
  - 3.3.07
773
+ - 9.1.05
741
774
  inferno_notes: |
742
775
  "client_secret" is only provided in the case of confidential clients.
743
776
  - id: AUT-PAT-30
@@ -745,50 +778,59 @@ procedure:
745
778
  [Both] The health IT developer demonstrates the ability of the Health
746
779
  IT Module to receive the following access token request parameters
747
780
  from an application according to the implementation specification
748
- adopted in § 170.215(a)(3):
781
+ adopted in § 170.215(c)(2):
749
782
  * “grant_type”;
750
783
  * “code”;
751
784
  * “redirect_uri”;
752
785
  * “code_verifier”;
753
- * “client_id”; and
754
- * Authorization header including “client_id and “client_secret”.
786
+ * “client_id (to support “client-public” “SMART on FHIR®
787
+ Capability);
788
+ * Authorization header including “client_id” and “client_secret” (to
789
+ support “client-confidential-symmetric” “SMART on FHIR®
790
+ Capability”); and
791
+ * Authentication JSON Web Token (to support
792
+ “client-confidential-asymmetric” “SMART on FHIR® Capability”)
755
793
  TLV: |
756
794
  [Both] The tester verifies the ability of the Health IT Module to
757
795
  receive the following access token request parameters from an
758
796
  application according to the implementation specification adopted in §
759
- 170.215(a)(3):
797
+ 170.215(c)(2):
760
798
  * “grant_type”;
761
799
  * “code”;
762
800
  * “redirect_uri”;
763
801
  * “code_verifier”;
764
- * “client_id”; and
765
- * Authorization header including “client_id and “client_secret”.
802
+ * “client_id (to support “client-public” “SMART on FHIR®
803
+ Capability);
804
+ * Authorization header including “client_id” and “client_secret” (to
805
+ support “client-confidential-symmetric” “SMART on FHIR®
806
+ Capability”); and
807
+ * Authentication JSON Web Token (to support
808
+ “client-confidential-asymmetric” “SMART on FHIR® Capability”)
766
809
  inferno_supported: 'yes'
767
810
  inferno_tests:
768
- - 1.3.05
769
- - 3.3.07
811
+ - 1.4.05
812
+ - 3.4.07
813
+ - 9.12.2.05
770
814
  - id: AUT-PAT-31
771
815
  SUT: |
772
816
  [Both] The health IT developer demonstrates the ability of the Health
773
817
  IT Module to return an error response if an invalid “code_verifier”
774
818
  value is supplied with an access token request according to the
775
- implementation specification adopted in § 170.215(a)(3).
819
+ implementation specification adopted in § 170.215(c)(2).
776
820
  TLV: |
777
821
  [Both] The tester verifies the ability of the Health IT Module to
778
822
  return an error response if an invalid “code_verifier” value is
779
823
  supplied with an access token request according to the implementation
780
- specification adopted in § 170.215(a)(3).
824
+ specification adopted in § 170.215(c)(2).
781
825
  inferno_supported: 'yes'
782
826
  inferno_tests:
783
- - 1.4.05
784
- - 3.4.07
827
+ - 9.7.01 - 9.7.12
785
828
  - id: AUT-PAT-16
786
829
  SUT: |
787
830
  [Both] The health IT developer demonstrates the ability of the Health
788
831
  IT Module to return a JSON object to applications according to the
789
- implementation specification adopted in § 170.215(a)(3) and standard
790
- adopted in § 170.215(b), including the following:
791
-
832
+ implementation specification adopted in § 170.215(c)(1) and standard
833
+ adopted in § 170.215(e)(1), including the following:
792
834
  * “access_token”;
793
835
  * “token_type”;
794
836
  * “scope”;
@@ -811,9 +853,8 @@ procedure:
811
853
  TLV: |
812
854
  [Both] The tester verifies the ability of the Health IT Module to
813
855
  return a JSON object to applications according to the implementation
814
- specification adopted in § 170.215(a)(3) and standard adopted in §
815
- 170.215(b), including the following:
816
-
856
+ specification adopted in § 170.215(c)(1) and standard adopted in §
857
+ 170.215(e)(1), including the following:
817
858
  * “access_token”;
818
859
  * “token_type”;
819
860
  * “scope”;
@@ -835,30 +876,32 @@ procedure:
835
876
  Capability”)
836
877
  inferno_supported: 'yes'
837
878
  inferno_tests:
838
- - 1.3.06 - 1.3.07
839
- - 1.4.06 - 1.4.07
840
- - 3.3.08 - 3.3.09
841
- - 3.3.13
842
- - 3.4.08 - 3.4.09
843
- - 3.4.13
844
- - 9.8.08 - 9.8.09
845
- - 9.9.08 - 9.9.09
879
+ - 1.3.06 - 1.3.08
880
+ - 1.4.06 - 1.4.08
881
+ - 3.3.08 - 3.3.10
882
+ - 3.3.16
883
+ - 3.4.08 - 3.4.10
884
+ - 3.4.16
885
+ - 9.8.08 - 9.8.10
886
+ - 9.9.08 - 9.9.10
887
+ - 9.12.2.06 - 9.12.2.07
888
+ - 9.12.2.09
846
889
  - id: AUT-PAT-17
847
890
  SUT: |
848
891
  [Both] The health IT developer demonstrates the ability of the Health
849
892
  IT Module to provide an OpenID Connect well-known URI in accordance
850
- with the implementation specification adopted in § 170.215(b),
893
+ with the implementation specification adopted in § 170.215(e)(1),
851
894
  including:
852
895
  * All required fields populated according to implementation
853
- specification adopted in § 170.215(b); and
896
+ specification adopted in § 170.215(e)(1); and
854
897
  * Valid JWKS populated according to implementation specification can
855
898
  be retrieved via JWKS URI.
856
899
  TLV: |
857
900
  [Both] The tester verifies the ability of the Health IT Module to
858
901
  provide an OpenID Connect well-known URI in accordance with the
859
- implementation specification adopted in § 170.215(b), including:
902
+ implementation specification adopted in § 170.215(e)(1) , including:
860
903
  * All required fields populated according to implementation
861
- specification adopted in § 170.215(b); and
904
+ specification adopted in § 170.215(e)(1); and
862
905
  * Valid JWKS populated according to implementation specification can
863
906
  be retrieved via JWKS URI.
864
907
  inferno_supported: 'yes'
@@ -874,11 +917,11 @@ procedure:
874
917
  SUT: |
875
918
  [Both] The health IT developer demonstrates the ability of the Health
876
919
  IT Module to deny an application’s authorization request in accordance
877
- with the implementation specification adopted in § 170.215(a)(3).
920
+ with the implementation specification adopted in § 170.215(c)(1).
878
921
  TLV: |
879
922
  [Both] The tester verifies the ability of the Health IT Module to deny
880
923
  an application’s authorization request in accordance with the
881
- implementation specification adopted in § 170.215(a)(3).
924
+ implementation specification adopted in § 170.215(c)(1).
882
925
  inferno_supported: 'yes'
883
926
  inferno_notes: |
884
927
  Inferno verifies that the user has the ability to explicitly authorize
@@ -895,34 +938,39 @@ procedure:
895
938
  SUT: |
896
939
  [Both] The health IT developer demonstrates the ability of the Health
897
940
  IT Module to return a “Patient” FHIR® resource that matches the
898
- patient context provided in step AUT-PAT-9 of this section according
899
- to the implementation specification adopted in § 170.215(a)(2).
941
+ patient context provided in step AUT-PAT-16 of this section according
942
+ to an implementation specification adopted in § 170.215(b)(1).
900
943
  TLV: |
901
944
  [Both] The tester verifies the ability of the Health IT Module to
902
945
  return a “Patient” FHIR® resource that matches the patient context
903
- provided in step AUT-PAT-9 of this section according to the
904
- implementation specification adopted in § 170.215(a)(2).
946
+ provided in step AUT-PAT-16 of this section according to the
947
+ implementation specification adopted in § 170.215(b)(1).
905
948
  inferno_supported: 'yes'
906
949
  inferno_tests:
907
950
  - 1.3.10
908
951
  - 1.4.10
909
952
  - 3.3.12
910
953
  - 3.4.12
954
+ - 9.1.08
955
+ - 9.2.08
911
956
  - 9.8.10
912
957
  - 9.9.10
958
+ - 9.12.2.08
959
+ - 9.13.2.10
913
960
  - id: AUT-PAT-32
914
961
  SUT: |
915
962
  [EHR-Launch] The following must be supported if using US Core 6.1.0:
916
- The health IT developer demonstrates the ability of the Health
917
- IT Module to return an “Encounter” FHIR® resource that matches the
918
- encounter context provided in step AUT-PAT-9 of this section according
919
- to the implementation specification adopted in § 170.215(a)(2).
963
+ The health IT developer demonstrates the ability of the Health IT
964
+ Module to return an “Encounter” FHIR® resource that matches the
965
+ encounter context provided in step AUT-PAT-16 of this section
966
+ according to an implementation specification adopted in §
967
+ 170.215(b)(1).
920
968
  TLV: |
921
- [EHR-Launch] The following must be supported if using US Core 6.1.0:
922
- The tester verifies the ability of the Health IT Module to
969
+ AUT-PAT-32: [EHR-Launch] The following must be supported if using US
970
+ Core 6.1.0: The tester verifies the ability of the Health IT Module to
923
971
  return an “Encounter” FHIR® resource that matches the encounter
924
- context provided in step AUT-PAT-9 of this section according to the
925
- implementation specification adopted in § 170.215(a)(2).
972
+ context provided in step AUT-PAT-16 of this section according to an
973
+ implementation specification adopted in § 170.215(b)(1).
926
974
  inferno_supported: 'yes'
927
975
  inferno_tests:
928
976
  - 3.3.16
@@ -931,16 +979,17 @@ procedure:
931
979
  SUT: |
932
980
  [Both] The health IT developer demonstrates the ability of the Health
933
981
  IT Module to grant an access token when a refresh token is supplied
934
- according to the implementation specification adopted in §
935
- 170.215(a)(2).
982
+ according to an implementation specification adopted in §
983
+ 170.215(b)(1).
936
984
  TLV: |
937
985
  [Both] The tester verifies the ability of the Health IT Module to
938
- grant an access token when a refresh token is supplied according to
939
- the implementation specification adopted in § 170.215(a)(2).
986
+ grant an access token when a refresh token is supplied according to an
987
+ implementation specification adopted in § 170.215(b)(1).
940
988
  inferno_supported: 'yes'
941
989
  inferno_tests:
942
- - 1.6.03 - 1.6.05
943
- - 3.6.05 - 3.6.05
990
+ - 1.6.01 - 1.6.04
991
+ - 3.6.01 - 3.6.04
992
+ - 9.12.3.01 - 9.12.3.04
944
993
  - id: AUT-PAT-21
945
994
  SUT: |
946
995
  [Both] The health IT developer demonstrates the ability of the Health
@@ -953,7 +1002,7 @@ procedure:
953
1002
  to native applications capable of securing a refresh token.
954
1003
  inferno_supported: 'yes'
955
1004
  inferno_tests:
956
- - 9.10.13
1005
+ - '11.13'
957
1006
  - group: 'Subsequent Connections: Authentication and Authorization for Patient and User Scopes'
958
1007
  id: AUT-PAT-22
959
1008
  SUT: |
@@ -962,16 +1011,16 @@ procedure:
962
1011
  than three months without requiring re-authentication and
963
1012
  re-authorization when a valid refresh token is supplied by the
964
1013
  application according to the implementation specification adopted in §
965
- 170.215(a)(3).
1014
+ 170.215(c)(1).
966
1015
  TLV: |
967
1016
  The tester verifies the ability of the Health IT Module to issue a
968
1017
  refresh token valid for a new period of no shorter than three months
969
1018
  without requiring re-authentication and re-authorization when a valid
970
1019
  refresh token is supplied by the application according to the
971
- implementation specification adopted in § 170.215(a)(3).
1020
+ implementation specification adopted in § 170.215(c)(1).
972
1021
  inferno_supported: 'yes'
973
1022
  inferno_tests:
974
- - 9.10.16
1023
+ - '11.16'
975
1024
  inferno_notes: |
976
1025
  Inferno cannot verify the three month token expiration requirement
977
1026
  automatically during the token refresh tests, but the tester can
@@ -981,15 +1030,16 @@ procedure:
981
1030
  The health IT developer demonstrates the ability of the Health IT
982
1031
  Module to return an error response when supplied an invalid refresh
983
1032
  token as specified in the implementation specification adopted in §
984
- 170.215(a)(3).
1033
+ 170.215(c)(1).
985
1034
  TLV: |
986
1035
  The tester verifies the ability of the Health IT Module to return an
987
1036
  error response when supplied an invalid refresh token as specified in
988
- the implementation specification adopted in § 170.215(a)(3).
1037
+ the implementation specification adopted in § 170.215(c)(1).
989
1038
  inferno_supported: 'yes'
990
1039
  inferno_tests:
991
1040
  - 1.6.06
992
1041
  - 3.6.06
1042
+ - 9.12.3.06
993
1043
  - section: Paragraph (g)(10)(vi) – Patient authorization revocation
994
1044
  steps:
995
1045
  - group: Patient Authorization Revocation
@@ -1014,12 +1064,12 @@ procedure:
1014
1064
  SUT: |
1015
1065
  The health IT developer demonstrates the ability of the Health IT
1016
1066
  Module to support OAuth 2.0 client credentials grant flow in
1017
- accordance with the implementation specification adopted in §
1018
- 170.215(a)(4).
1067
+ accordance with an implementation specification adopted in §
1068
+ 170.215(d).
1019
1069
  TLV: |
1020
1070
  The tester verifies the ability of the Health IT Module to support
1021
- OAuth 2.0 client credentials grant flow in accordance with the
1022
- implementation specification adopted in § 170.215(a)(4).
1071
+ OAuth 2.0 client credentials grant flow in accordance with an
1072
+ implementation specification adopted in § 170.215(d).
1023
1073
  inferno_supported: 'yes'
1024
1074
  inferno_tests:
1025
1075
  - 7.1.02 - 7.1.06
@@ -1027,16 +1077,16 @@ procedure:
1027
1077
  - id: AUT-SYS-2
1028
1078
  SUT: |
1029
1079
  The health IT developer demonstrates the ability of the Health IT
1030
- Module to support the following parameters according to the
1031
- implementation specification adopted in § 170.215(a)(4):
1080
+ Module to support the following parameters according to an
1081
+ implementation specification adopted in § 170.215(d):
1032
1082
  * “scope”;
1033
1083
  * “grant_type”;
1034
1084
  * “client_assertion_type”; and
1035
1085
  * “client_assertion”.
1036
1086
  TLV: |
1037
1087
  The tester verifies the ability of the Health IT Module to support the
1038
- following parameters according to the implementation specification
1039
- adopted in § 170.215(a)(4):
1088
+ following parameters according to an implementation specification
1089
+ adopted in § 170.215(d):
1040
1090
  * “scope”;
1041
1091
  * “grant_type”;
1042
1092
  * “client_assertion_type”; and
@@ -1049,8 +1099,8 @@ procedure:
1049
1099
  SUT: |
1050
1100
  The health IT developer demonstrates the ability of the Health IT
1051
1101
  Module to support the following JSON Web Token (JWT) Headers and
1052
- Claims according to the implementation specification adopted in §
1053
- 170.215(a)(4):
1102
+ Claims according to an implementation specification adopted in §
1103
+ 170.215(d):
1054
1104
  * “alg” header;
1055
1105
  * “kid” header;
1056
1106
  * “typ” header;
@@ -1061,8 +1111,8 @@ procedure:
1061
1111
  * “jti” claim.
1062
1112
  TLV: |
1063
1113
  The tester verifies the ability of the Health IT Module to support the
1064
- following JSON Web Token (JWT) Headers and Claims according to the
1065
- implementation specification adopted in § 170.215(a)(4):
1114
+ following JSON Web Token (JWT) Headers and Claims according to an
1115
+ implementation specification adopted in § 170.215(d):
1066
1116
  * “alg” header;
1067
1117
  * “kid” header;
1068
1118
  * “typ” header;
@@ -1103,17 +1153,17 @@ procedure:
1103
1153
  This test requires the tester to register an attestation from the
1104
1154
  Health IT Module that the "cache-control" header is obeyed.
1105
1155
  inferno_tests:
1106
- - 9.10.10
1156
+ - '11.10'
1107
1157
  - id: AUT-SYS-6
1108
1158
  SUT: |
1109
1159
  The health IT developer demonstrates the ability of the Health IT
1110
1160
  Module to validate an application’s JWT, including its JSON Web
1111
- Signatures, according to the implementation specification adopted in §
1112
- 170.215(a)(4).
1161
+ Signatures, according to an implementation specification adopted in §
1162
+ 170.215(d).
1113
1163
  TLV: |
1114
1164
  The tester verifies the ability of the Health IT Module to validate an
1115
- application’s JWT, including its JSON Web Signatures, according to the
1116
- implementation specification adopted in § 170.215(a)(4).
1165
+ application’s JWT, including its JSON Web Signatures, according to an
1166
+ implementation specification adopted in § 170.215(d).
1117
1167
  inferno_supported: 'yes'
1118
1168
  inferno_tests:
1119
1169
  - 7.1.05
@@ -1122,13 +1172,13 @@ procedure:
1122
1172
  SUT: |
1123
1173
  The health IT developer demonstrates the ability of the Health IT
1124
1174
  Module to respond with an “invalid_client” error for errors
1125
- encountered during the authentication process according to the
1126
- implementation specification adopted in § 170.215(a)(4).
1175
+ encountered during the authentication process according to an
1176
+ implementation specification adopted in § 170.215(d).
1127
1177
  TLV: |
1128
1178
  The tester verifies the ability of the Health IT Module to respond
1129
1179
  with an “invalid_client” error for errors encountered during the
1130
- authentication process according to the implementation specification
1131
- adopted in § 170.215(a)(4).
1180
+ authentication process according to an implementation specification
1181
+ adopted in § 170.215(d).
1132
1182
  inferno_supported: 'yes'
1133
1183
  inferno_tests:
1134
1184
  - 7.1.02 - 7.1.04
@@ -1138,13 +1188,13 @@ procedure:
1138
1188
  The health IT developer demonstrates the ability of the Health IT
1139
1189
  Module to assure the scope granted based on the scope requested by an
1140
1190
  application is no greater than the pre-authorized scope for multiple
1141
- patients according to the implementation specification adopted in §
1142
- 170.215(a)(4).
1191
+ patients according to an implementation specification adopted in §
1192
+ 170.215(d).
1143
1193
  TLV: |
1144
1194
  The tester verifies the ability of the Health IT Module to assure the
1145
1195
  scope granted based on the scope requested by an application is no
1146
1196
  greater than the pre-authorized scope for multiple patients according
1147
- to the implementation specification adopted in § 170.215(a)(4).
1197
+ to an implementation specification adopted in § 170.215(d).
1148
1198
  inferno_supported: 'yes'
1149
1199
  inferno_notes: |
1150
1200
  There is no requirement for support of a subset of the resources
@@ -1152,21 +1202,21 @@ procedure:
1152
1202
  more than what was pre-authorized. The Health IT module must
1153
1203
  demonstrate this and register its attestation within Inferno.
1154
1204
  inferno_tests:
1155
- - 9.10.08
1205
+ - '11.08'
1156
1206
  - id: AUT-SYS-9
1157
1207
  SUT: |
1158
1208
  The health IT developer demonstrates the ability of the Health IT
1159
1209
  Module to issue an access token to an application as a JSON object in
1160
- accordance with the implementation specification adopted in §
1161
- 170.215(a)(4), including the following property names:
1210
+ accordance with an implementation specification adopted in §
1211
+ 170.215(d), including the following property names:
1162
1212
  * “access_token”;
1163
1213
  * “token_type”;
1164
1214
  * “expires_in”; and
1165
1215
  * “scope”.
1166
1216
  TLV: |
1167
1217
  The tester verifies the ability of the Health IT Module to issue an
1168
- access token to an application as a JSON object in accordance with the
1169
- implementation specification adopted in § 170.215(a)(4), including the
1218
+ access token to an application as a JSON object in accordance with an
1219
+ implementation specification adopted in § 170.215(d), including the
1170
1220
  following property names:
1171
1221
  * “access_token”;
1172
1222
  * “token_type”;
@@ -1180,12 +1230,11 @@ procedure:
1180
1230
  SUT: |
1181
1231
  The health IT developer demonstrates the ability of the Health IT
1182
1232
  Module to respond to errors using the appropriate error messages as
1183
- specified in the implementation specification adopted in §
1184
- 170.215(a)(4).
1233
+ specified in an implementation specification adopted in § 170.215(d).
1185
1234
  TLV: |
1186
1235
  The tester verifies the ability of the Health IT Module to respond to
1187
- errors using the appropriate error messages as specified in the
1188
- implementation specification adopted in § 170.215(a)(4).
1236
+ errors using the appropriate error messages as specified in an
1237
+ implementation specification adopted in § 170.215(d).
1189
1238
  inferno_supported: 'yes'
1190
1239
  inferno_tests:
1191
1240
  - 7.1.02 - 7.1.04
@@ -1198,17 +1247,16 @@ procedure:
1198
1247
  id: TOK-INTRO-1
1199
1248
  SUT: |
1200
1249
  The health IT developer demonstrates the ability of the Health IT
1201
- Module to receive and validate a token it has issued.
1250
+ Module to receive and validate a token it has issued in accordance
1251
+ with an implementation specification in § 170.215(c).
1202
1252
  TLV: |
1203
1253
  The tester verifies the ability of the Health IT Module to receive and
1204
- validate a token it has issued.
1254
+ validate a token it has issued in accordance with an implementation
1255
+ specification in § 170.215(c).
1205
1256
  inferno_supported: 'yes'
1206
- inferno_notes: |
1207
- No standard is required and therefore Inferno cannot do this in
1208
- an automated fashion and this is recorded as an attestation
1209
- within Inferno.
1210
1257
  inferno_tests:
1211
- - 9.10.06
1258
+ - 9.11.2.01 - 9.11.2.02
1259
+ - 9.11.3.01 - 9.11.3.02
1212
1260
  - section: Paragraph (g)(10)(ii) – Supported search operations
1213
1261
  steps:
1214
1262
  - group: Supported Search Operations for a Single Patient’s Data
@@ -1218,14 +1266,14 @@ procedure:
1218
1266
  Module to support the “capabilities” interaction as specified in the
1219
1267
  standard adopted in § 170.215(a)(1), including support for a
1220
1268
  “CapabilityStatement” as specified in the standard adopted in §
1221
- 170.215(a)(1) and implementation specification adopted in §
1222
- 170.215(a)(2).
1269
+ 170.215(a)(1) and an implementation specification adopted in §
1270
+ 170.215(b)(1).
1223
1271
  TLV: |
1224
1272
  The tester verifies the ability of the Health IT Module to support the
1225
1273
  “capabilities” interaction as specified in the standard adopted in §
1226
1274
  170.215(a)(1), including support for a “CapabilityStatement” as
1227
- specified in the standard adopted in § 170.215(a)(1) and
1228
- implementation specification adopted in § 170.215(a)(2).
1275
+ specified in the standard adopted in § 170.215(a)(1) and an
1276
+ implementation specification adopted in § 170.215(b)(1).
1229
1277
  inferno_supported: 'yes'
1230
1278
  inferno_tests:
1231
1279
  - 4.1.02 - 4.1.05
@@ -1236,125 +1284,127 @@ procedure:
1236
1284
  The health IT developer demonstrates the ability of the Health IT
1237
1285
  Module to respond to requests for a single patient’s data consistent
1238
1286
  with the search criteria detailed in the “US Core Server
1239
- CapabilityStatement” section of the implementation specification
1240
- adopted in § 170.215(a)(2), including demonstrating search support for
1287
+ CapabilityStatement” section of an implementation specification
1288
+ adopted in § 170.215(b)(1), including demonstrating search support for
1241
1289
  “SHALL” operations and parameters for all the data included in the
1242
- standard adopted in § 170.213.
1290
+ corresponding standard adopted in § 170.213.
1243
1291
  TLV: |
1244
1292
  The tester verifies the ability of the Health IT Module to respond to
1245
1293
  requests for a single patient’s data consistent with the search
1246
1294
  criteria detailed in the “US Core Server CapabilityStatement” section
1247
- of the implementation specification adopted in § 170.215(a)(2),
1295
+ of an implementation specification adopted in § 170.215(b)(1),
1248
1296
  including demonstrating search support for “SHALL” operations and
1249
- parameters for all the data included in the standard adopted in §
1250
- 170.213.
1297
+ parameters for all the data included in the corresponding standard
1298
+ adopted in § 170.213.
1251
1299
  inferno_supported: 'yes'
1252
1300
  inferno_tests:
1253
- - 4.2.01
1301
+ - 4.2.01 - 4.2.03
1254
1302
  - 4.3.01
1255
1303
  - 4.4.01
1256
1304
  - 4.5.01
1257
1305
  - 4.6.01
1258
1306
  - 4.7.01
1259
- - 4.8.01
1260
- - 4.9.01
1261
- - 4.10.01
1307
+ - 4.8.01 - 4.8.04
1308
+ - 4.9.01 - 4.9.04
1309
+ - 4.10.01 - 4.10.05
1262
1310
  - 4.11.01
1263
1311
  - 4.12.01
1264
- - 4.13.01
1312
+ - 4.13.01 - 4.13.02
1265
1313
  - 4.14.01
1266
- - 4.15.01
1267
- - 4.16.01
1268
- - 4.17.01
1269
- - 4.18.01
1270
- - 4.19.01
1271
- - 4.20.01
1272
- - 4.21.01
1273
- - 4.22.01
1274
- - 4.23.01
1275
- - 4.24.01
1276
- - 4.25.01
1277
- - 4.26.01
1278
- - 5.2.01
1314
+ - 4.15.01 - 4.15.03
1315
+ - 4.16.01 - 4.16.03
1316
+ - 4.17.01 - 4.17.03
1317
+ - 4.18.01 - 4.18.03
1318
+ - 4.19.01 - 4.19.03
1319
+ - 4.20.01 - 4.20.03
1320
+ - 4.21.01 - 4.21.03
1321
+ - 4.22.01 - 4.22.03
1322
+ - 4.23.01 - 4.23.03
1323
+ - 4.24.01 - 4.24.03
1324
+ - 4.25.01 - 4.25.03
1325
+ - 4.26.01 - 4.26.02
1326
+ - 5.2.01 - 5.2.05
1279
1327
  - 5.3.01
1280
1328
  - 5.4.01
1281
1329
  - 5.5.01
1282
1330
  - 5.6.01
1283
1331
  - 5.7.01
1284
- - 5.8.01
1285
- - 5.9.01
1286
- - 5.10.01
1332
+ - 5.8.01 - 5.8.04
1333
+ - 5.9.01 - 5.9.04
1334
+ - 5.10.01 - 5.10.05
1287
1335
  - 5.11.01
1288
1336
  - 5.12.01
1289
- - 5.13.01
1290
- - 5.14.01
1291
- - 5.15.01
1292
- - 5.16.01
1293
- - 5.17.01
1294
- - 5.18.01
1295
- - 5.19.01
1296
- - 5.20.01
1297
- - 5.21.01
1298
- - 5.22.01
1299
- - 5.23.01
1300
- - 5.24.01
1301
- - 5.25.01
1302
- - 5.26.01
1303
- - 5.27.01
1304
- - 5.28.01
1305
- - 10.2.01
1337
+ - 5.13.01 - 5.13.02
1338
+ - 5.14.01 - 5.14.03
1339
+ - 5.15.01 - 5.15.03
1340
+ - 5.16.01 - 5.16.03
1341
+ - 5.17.01 - 5.17.03
1342
+ - 5.18.01 - 5.18.03
1343
+ - 5.19.01 - 5.19.03
1344
+ - 5.20.01 - 5.20.03
1345
+ - 5.21.01 - 5.21.03
1346
+ - 5.22.01 - 5.22.03
1347
+ - 5.23.01 - 5.23.03
1348
+ - 5.24.01 - 5.24.03
1349
+ - 5.25.01 - 5.25.03
1350
+ - 5.26.01 - 5.26.03
1351
+ - 5.27.01 - 5.27.03
1352
+ - 5.28.01 - 5.28.02
1353
+ - 10.2.01 - 10.2.05
1306
1354
  - 10.3.01
1307
1355
  - 10.4.01
1308
1356
  - 10.5.01
1309
- - 10.6.01
1310
- - 10.7.01
1357
+ - 10.6.01 - 10.6.02
1358
+ - 10.7.01 - 10.7.02
1311
1359
  - 10.8.01
1312
1360
  - 10.9.01
1313
- - 10.10.01
1314
- - 10.11.01
1315
- - 10.12.01
1316
- - 10.13.01
1361
+ - 10.10.01 - 10.10.04
1362
+ - 10.11.01 - 10.11.04
1363
+ - 10.12.01 - 10.12.05
1364
+ - 10.13.01 - 10.13.03
1317
1365
  - 10.14.01
1318
1366
  - 10.15.01
1319
1367
  - 10.16.01
1320
- - 10.17.01
1321
- - 10.18.01
1322
- - 10.19.01
1323
- - 10.20.01
1324
- - 10.21.01
1325
- - 10.22.01
1326
- - 10.23.01
1327
- - 10.24.01
1328
- - 10.25.01
1329
- - 10.26.01
1330
- - 10.27.01
1368
+ - 10.17.01 - 10.17.02
1369
+ - 10.18.01 - 10.18.03
1370
+ - 10.19.01 - 10.19.03
1371
+ - 10.20.01 - 10.20.03
1372
+ - 10.21.01 - 10.21.03
1373
+ - 10.22.01 - 10.22.03
1374
+ - 10.23.01 - 10.23.03
1375
+ - 10.24.01 - 10.24.03
1376
+ - 10.25.01 - 10.25.03
1377
+ - 10.26.01 - 10.26.03
1378
+ - 10.27.01 - 10.27.03
1331
1379
  - 10.28.01
1332
- - 10.29.01
1333
- - 10.30.01
1334
- - 10.31.01
1335
- - 10.32.01
1336
- - 10.33.01
1337
- - 10.34.01
1338
- - 10.35.01
1339
- - 10.36.01
1340
- - 10.37.01
1380
+ - 10.29.01 - 10.29.03
1381
+ - 10.30.01 - 10.30.03
1382
+ - 10.31.01 - 10.31.03
1383
+ - 10.32.01 - 10.32.03
1384
+ - 10.33.01 - 10.33.03
1385
+ - 10.34.01 - 10.34.03
1386
+ - 10.35.01 - 10.35.03
1387
+ - 10.36.01 - 10.36.03
1388
+ - 10.37.01 - 10.37.03
1389
+ - 10.38.01 - 10.38.02
1390
+ - 10.39.01 - 10.39.05
1341
1391
  - id: SH-PAT-3
1342
1392
  SUT: |
1343
1393
  The health IT developer demonstrates the ability of the Health IT
1344
1394
  Module to support a resource search for the provenance target
1345
1395
  “(_revIncludes: Provenance:target)” for all the FHIR® resources
1346
- included in the standard adopted in § 170.213 and implementation
1347
- specification adopted in § 170.215(a)(2) according to the “Basic
1348
- Provenance Guidance” section of the implementation specification
1349
- adopted in § 170.215(a)(2).
1396
+ included in a standard adopted in § 170.213 and the corresponding
1397
+ implementation specification adopted in § 170.215(b)(1) according to
1398
+ the “Basic Provenance Guidance” section of an implementation
1399
+ specification adopted in § 170.215(b)(1).
1350
1400
  TLV: |
1351
1401
  The tester verifies the ability of the Health IT Module to support a
1352
1402
  resource search for the provenance target “(_revIncludes:
1353
- Provenance:target)” for all the FHIR® resources included in the
1354
- standard adopted in § 170.213 and implementation specification adopted
1355
- in § 170.215(a)(2) according to the “Basic Provenance Guidance”
1356
- section of the implementation specification adopted in §
1357
- 170.215(a)(2).
1403
+ Provenance:target)” for all the FHIR® resources included in a standard
1404
+ adopted in § 170.213 and the corresponding implementation
1405
+ specification adopted in § 170.215(b)(1) according to the “Basic
1406
+ Provenance Guidance” section of an implementation specification
1407
+ adopted in § 170.215(b)(1).
1358
1408
  inferno_supported: 'yes'
1359
1409
  inferno_tests:
1360
1410
  - 4.2.07
@@ -1409,42 +1459,44 @@ procedure:
1409
1459
  - 5.26.05
1410
1460
  - 5.27.05
1411
1461
  - 5.28.04
1412
- - 10.2.01
1413
- - 10.3.01
1414
- - 10.4.01
1415
- - 10.5.01
1416
- - 10.6.01
1417
- - 10.7.01
1418
- - 10.8.01
1419
- - 10.9.01
1420
- - 10.10.01
1421
- - 10.11.01
1422
- - 10.12.01
1423
- - 10.13.01
1424
- - 10.14.01
1425
- - 10.15.01
1426
- - 10.16.01
1427
- - 10.17.01
1428
- - 10.18.01
1429
- - 10.19.01
1430
- - 10.20.01
1431
- - 10.21.01
1432
- - 10.22.01
1433
- - 10.23.01
1434
- - 10.24.01
1435
- - 10.25.01
1436
- - 10.26.01
1437
- - 10.27.01
1438
- - 10.28.01
1439
- - 10.29.01
1440
- - 10.30.01
1441
- - 10.31.01
1442
- - 10.32.01
1443
- - 10.33.01
1444
- - 10.34.01
1445
- - 10.35.01
1446
- - 10.36.01
1447
- - 10.37.01
1462
+ - 10.2.07
1463
+ - 10.3.03
1464
+ - 10.4.03
1465
+ - 10.5.03
1466
+ - 10.6.04
1467
+ - 10.7.04
1468
+ - 10.8.03
1469
+ - 10.9.03
1470
+ - 10.10.06
1471
+ - 10.11.06
1472
+ - 10.12.07
1473
+ - 10.13.05
1474
+ - 10.14.03
1475
+ - 10.15.03
1476
+ - 10.16.03
1477
+ - 10.17.04
1478
+ - 10.18.05
1479
+ - 10.19.05
1480
+ - 10.20.05
1481
+ - 10.21.05
1482
+ - 10.22.05
1483
+ - 10.23.05
1484
+ - 10.24.05
1485
+ - 10.25.05
1486
+ - 10.26.05
1487
+ - 10.27.05
1488
+ - 10.28.03
1489
+ - 10.29.05
1490
+ - 10.30.05
1491
+ - 10.31.05
1492
+ - 10.32.05
1493
+ - 10.33.05
1494
+ - 10.34.05
1495
+ - 10.35.05
1496
+ - 10.36.05
1497
+ - 10.37.05
1498
+ - 10.38.04
1499
+ - 10.39.07
1448
1500
  - group: Supported Search Operations for Multiple Patients’ Data
1449
1501
  id: SH-PAT-4
1450
1502
  SUT: |
@@ -1452,14 +1504,14 @@ procedure:
1452
1504
  Module to support the “capabilities” interaction as specified in the
1453
1505
  standard adopted in § 170.215(a)(1), including support for a
1454
1506
  “CapabilityStatement” as specified in the standard adopted in §
1455
- 170.215(a)(1) and implementation specification adopted in §
1456
- 170.215(a)(4).
1507
+ 170.215(a)(1) and an implementation specification adopted in §
1508
+ 170.215(d).
1457
1509
  TLV: |
1458
1510
  The tester verifies the ability of the Health IT Module to support the
1459
1511
  “capabilities” interaction as specified in the standard adopted in §
1460
1512
  170.215(a)(1), including support for a “CapabilityStatement” as
1461
- specified in the standard adopted in § 170.215(a)(1) and
1462
- implementation specification adopted in § 170.215(a)(4).
1513
+ specified in the standard adopted in § 170.215(a)(1) and an
1514
+ implementation specification adopted in § 170.215(d).
1463
1515
  inferno_supported: 'yes'
1464
1516
  inferno_tests:
1465
1517
  - 7.2.02
@@ -1468,13 +1520,13 @@ procedure:
1468
1520
  SUT: |
1469
1521
  The health IT developer demonstrates the ability of the Health IT
1470
1522
  Module to support requests for multiple patients’ data as a group
1471
- using the “group-export” operation as detailed in the implementation
1472
- specification adopted in § 170.215(a)(4).
1523
+ using the “group-export” operation as detailed in an implementation
1524
+ specification adopted in § 170.215(d).
1473
1525
  TLV: |
1474
1526
  The tester verifies the ability of the Health IT Module to support
1475
1527
  requests for multiple patients’ data as a group using the
1476
- “group-export” operation as detailed in the implementation
1477
- specification adopted in § 170.215(a)(4).
1528
+ “group-export” operation as detailed in an implementation
1529
+ specification adopted in § 170.215(d).
1478
1530
  inferno_supported: 'yes'
1479
1531
  inferno_tests:
1480
1532
  - 7.2.04
@@ -1488,14 +1540,14 @@ procedure:
1488
1540
  steps DAT-PAT-7, and DAT-PAT-8, of this section respectively, the
1489
1541
  health IT developer demonstrates the ability of the Health IT Module
1490
1542
  to respond to requests for data according to the implementation
1491
- specification adopted in § 170.215(a)(2), including the following
1543
+ specification adopted in § 170.215(b)(1)(i), including the following
1492
1544
  steps.
1493
1545
  TLV: |
1494
1546
  For responses to data for single and multiple patients as described in
1495
1547
  steps DAT-PAT-7, and DAT-PAT-8, of this section respectively, the
1496
1548
  tester verifies the ability of the Health IT Module to respond to
1497
1549
  requests for data according to the implementation specification
1498
- adopted in § 170.215(a)(2), including the following steps.
1550
+ adopted in § 170.215(b)(1)(i), including the following steps.
1499
1551
  inferno_supported: 'yes'
1500
1552
  inferno_tests:
1501
1553
  - 4.2.06
@@ -1605,6 +1657,7 @@ procedure:
1605
1657
  - 10.42.01
1606
1658
  - 10.43.01
1607
1659
  - 10.44.01
1660
+ - 10.47.01
1608
1661
  - id: DAT-PAT-2
1609
1662
  SUT: |
1610
1663
  The health IT developer demonstrates the ability of the Health IT
@@ -1634,8 +1687,8 @@ procedure:
1634
1687
  DAT-PAT-5, and DAT-PAT-6, of this section.
1635
1688
  inferno_supported: 'yes'
1636
1689
  inferno_tests:
1637
- - 9.10.07
1638
- - 9.10.11
1690
+ - '11.07'
1691
+ - '11.11'
1639
1692
  - 4.2.08 - 4.2.09
1640
1693
  - 4.3.04 - 4.3.05
1641
1694
  - 4.4.04 - 4.4.05
@@ -1758,17 +1811,17 @@ procedure:
1758
1811
  SUT: |
1759
1812
  The health IT developer demonstrates the ability of the Health IT
1760
1813
  Module to support a “Provenance” FHIR® resource for all the FHIR®
1761
- resources included in the standard adopted in § 170.213 and
1762
- implementation specification adopted in § 170.215(a)(2) according to
1763
- the “Basic Provenance Guidance” section of the implementation
1764
- specification adopted in § 170.215(a)(2).
1814
+ resources included in the standard adopted in § 170.213(a) and
1815
+ implementation specification adopted in § 170.215(b)(1)(i) according
1816
+ to the “Basic Provenance Guidance” section of the implementation
1817
+ specification adopted in § 170.215(b)(1)(i).
1765
1818
  TLV: |
1766
1819
  The tester verifies the ability of the Health IT Module to support a
1767
1820
  “Provenance” FHIR® resource for all the FHIR® resources included in
1768
- the standard adopted in § 170.213 and implementation specification
1769
- adopted in § 170.215(a)(2) according to the “Basic Provenance
1821
+ the standard adopted in § 170.213(a) and implementation specification
1822
+ adopted in § 170.215(b)(1)(i) according to the “Basic Provenance
1770
1823
  Guidance” section of the implementation specification adopted in §
1771
- 170.215(a)(2).
1824
+ 170.215(b)(1)(i).
1772
1825
  inferno_supported: 'yes'
1773
1826
  inferno_tests:
1774
1827
  - 4.2.07
@@ -1873,13 +1926,13 @@ procedure:
1873
1926
  FHIR® resource for each of the “Clinical Notes” and “Diagnostic
1874
1927
  Reports” included in and according to the “Clinical Notes Guidance”
1875
1928
  section of the implementation specification adopted in §
1876
- 170.215(a)(2).
1929
+ 170.215(b)(1)(i).
1877
1930
  TLV: |
1878
1931
  The tester verifies the ability of the Health IT Module to support a
1879
1932
  “DocumentReference” and/or “DiagnosticReport” FHIR® resource for each
1880
1933
  of the “Clinical Notes” and “Diagnostic Reports” included in and
1881
1934
  according to the “Clinical Notes Guidance” section of the
1882
- implementation specification adopted in § 170.215(a)(2).
1935
+ implementation specification adopted in § 170.215(b)(1)(i).
1883
1936
  inferno_supported: 'yes'
1884
1937
  inferno_tests:
1885
1938
  - 4.31.01 - 4.31.02
@@ -1891,13 +1944,13 @@ procedure:
1891
1944
  health IT developer demonstrates the ability of the Health IT Module
1892
1945
  to support a “Medication” FHIR® resource according to the “Medication
1893
1946
  List Guidance” section of the implementation specification adopted in
1894
- § 170.215(a)(2).
1947
+ § 170.215(b)(1)(i).
1895
1948
  TLV: |
1896
1949
  If supported, and for responses to data for a single patient only, the
1897
1950
  tester verifies the ability of the Health IT Module to support a
1898
1951
  “Medication” FHIR® resource according to the “Medication List
1899
1952
  Guidance” section of the implementation specification adopted in §
1900
- 170.215(a)(2).
1953
+ 170.215(b)(1)(i).
1901
1954
  inferno_supported: 'yes'
1902
1955
  inferno_tests:
1903
1956
  - 4.13.06
@@ -1907,14 +1960,14 @@ procedure:
1907
1960
  SUT: |
1908
1961
  The health IT developer demonstrates the ability of the Health IT
1909
1962
  Module to support “Missing Data” according to the implementation
1910
- specification adopted in § 170. 215(a)(2), including:
1963
+ specification adopted in § 170. 215(b)(1)(i), including:
1911
1964
  * For non-coded data elements; and
1912
1965
  * For coded data elements, including support for the
1913
1966
  “DataAbsentReason” Code System.
1914
1967
  TLV: |
1915
1968
  The tester verifies the ability of the Health IT Module to support
1916
1969
  “Missing Data” according to the implementation specification adopted
1917
- in § 170. 215(a)(2), including:
1970
+ in § 170. 215(b)(1)(i), including:
1918
1971
  * For non-coded data elements; and
1919
1972
  * For coded data elements, including support for the
1920
1973
  “DataAbsentReason” Code System.
@@ -1929,14 +1982,15 @@ procedure:
1929
1982
  The health IT developer demonstrates the ability of the Health IT
1930
1983
  Module to return all of the data associated with requests for a single
1931
1984
  patient’s data according to the “US Core Server CapabilityStatement”
1932
- section of the implementation specification adopted in § 170.215(a)(2)
1933
- for all the data included in the standard adopted in § 170.213.
1985
+ section of the implementation specification adopted in §
1986
+ 170.215(b)(1)(i) for all the data included in the standard adopted in
1987
+ § 170.213(a).
1934
1988
  TLV: |
1935
1989
  The tester verifies the ability of the Health IT Module to return all
1936
1990
  of the data associated with requests for a single patient’s data
1937
1991
  according to the “US Core Server CapabilityStatement” section of the
1938
- implementation specification adopted in § 170.215(a)(2) for all the
1939
- data included in the standard adopted in § 170.213.
1992
+ implementation specification adopted in § 170.215(b)(1)(i) for all the
1993
+ data included in the standard adopted in § 170.213(a).
1940
1994
  inferno_supported: 'yes'
1941
1995
  inferno_tests:
1942
1996
  - 4.2.01
@@ -2029,20 +2083,15 @@ procedure:
2029
2083
  - 10.37.01
2030
2084
  - 10.38.01
2031
2085
  - 10.39.01
2032
- - 10.40.01
2033
- - 10.41.01
2034
- - 10.42.01
2035
- - 10.43.01
2036
- - 10.44.01
2037
2086
  - group: Response to Requests for Multiple Patients’ Data
2038
2087
  id: DAT-PAT-8
2039
2088
  SUT: |
2040
2089
  The health IT developer demonstrates the ability of the Health IT
2041
2090
  Module to respond to requests for multiple patients’ data according to
2042
- the implementation specification adopted in § 170.215(a)(4) for all of
2043
- the FHIR® resources associated with the profiles and Data Elements
2044
- specified in and according to the standard adopted in § 170.213 and
2045
- implementation specification adopted in § 170.215(a)(2).:
2091
+ an implementation specification adopted in § 170.215(d) for all of the
2092
+ FHIR® resources associated with the profiles and Data Elements
2093
+ specified in and according to the standard adopted in § 170.213(a) and
2094
+ implementation specification adopted in § 170.215(b)(1)(i):
2046
2095
  * “AllergyIntolerance”;
2047
2096
  * “CarePlan”;
2048
2097
  * “CareTeam”;
@@ -2064,11 +2113,11 @@ procedure:
2064
2113
  * “Provenance”.
2065
2114
  TLV: |
2066
2115
  The tester verifies the ability of the Health IT Module to respond to
2067
- requests for multiple patients’ data according to the implementation
2068
- specification adopted in § 170.215(a)(4) for all of the FHIR®
2069
- resources associated with the profiles and Data Elements specified in
2070
- and according to the standard adopted in § 170.213 and implementation
2071
- specification adopted in § 170.215(a)(2).
2116
+ requests for multiple patients’ data according to an implementation
2117
+ specification adopted in § 170.215(d) for all of the FHIR® resources
2118
+ associated with the profiles and Data Elements specified in and
2119
+ according to the standard adopted in § 170.213(a) and implementation
2120
+ specification adopted in § 170.215(b)(1)(i):
2072
2121
  * “AllergyIntolerance”;
2073
2122
  * “CarePlan”;
2074
2123
  * “CareTeam”;
@@ -2094,82 +2143,14 @@ procedure:
2094
2143
  - 7.3.06 - 7.3.23
2095
2144
  - 8.3.03
2096
2145
  - 8.3.06 - 8.3.23
2097
- - id: DAT-PAT-16
2098
- SUT: |
2099
- The health IT developer demonstrates the ability of the Health IT
2100
- Module to respond to requests for multiple patients’ data according to
2101
- the implementation specification adopted in § 170.215(a)(4) for all of
2102
- the FHIR® resources associated with the profiles and Data Elements
2103
- specified in and according to the standard adopted in § 170.213 and
2104
- implementation specification adopted in § 170.215(a)(2).
2105
- * “AllergyIntolerance”;
2106
- * “CarePlan”;
2107
- * “CareTeam”;
2108
- * “Condition”;
2109
- * “Device”;
2110
- * “DiagnosticReport”;
2111
- * “DocumentReference”;
2112
- * “Encounter”;
2113
- * “Goal”;
2114
- * “Immunization”;
2115
- * “Location” (if supported);
2116
- * “Medication” (if supported);
2117
- * “MedicationRequest”;
2118
- * “Observation”;
2119
- * “Organization”;
2120
- * “Patient”;
2121
- * “Practitioner”
2122
- * “Procedure”; and
2123
- * “Provenance”.
2124
- * “PractitionerRole” (if supported);
2125
- * “QuestionnaireReponse” (if supported);
2126
- * “RelatedPerson”; and
2127
- * “ServiceRequest”
2128
- TLV: |
2129
- The health IT developer verifies the ability of the Health IT Module
2130
- to respond to requests for multiple patients’ data according to the
2131
- implementation specification adopted in § 170.215(a)(4) for all of the
2132
- FHIR® resources associated with the profiles and Data Elements
2133
- specified in and according to the standard adopted in § 170.213 and
2134
- implementation specification adopted in § 170.215(a)(2).
2135
- * “AllergyIntolerance”;
2136
- * “CarePlan”;
2137
- * “CareTeam”;
2138
- * “Condition”;
2139
- * “Device”;
2140
- * “DiagnosticReport”;
2141
- * “DocumentReference”;
2142
- * “Encounter”;
2143
- * “Goal”;
2144
- * “Immunization”;
2145
- * “Location” (if supported);
2146
- * “Medication” (if supported);
2147
- * “MedicationRequest”;
2148
- * “Observation”;
2149
- * “Organization”;
2150
- * “Patient”;
2151
- * “Practitioner”
2152
- * “Procedure”; and
2153
- * “Provenance”.
2154
- * “PractitionerRole” (if supported);
2155
- * “QuestionnaireReponse” (if supported);
2156
- * “RelatedPerson”; and
2157
- * “ServiceRequest”
2158
- inferno_supported: 'yes'
2159
- inferno_tests:
2160
- - 7.3.03
2161
- - 7.3.06 - 7.3.27
2162
- - 8.3.03
2163
- - 8.3.06 - 8.3.27
2164
2146
  - id: DAT-PAT-17
2165
2147
  SUT: |
2166
2148
  The health IT developer demonstrates the ability of the Health IT
2167
2149
  Module to respond to requests for multiple patients’ data according to
2168
- the implementation specification adopted in § 170.215(a)(4) for all of
2169
- the FHIR® resources associated with the profiles and Data Elements
2170
- specified in and according to the standard adopted in § 170.213 and
2171
- implementation specification adopted in § 170.215(a)(2).
2172
-
2150
+ an implementation specification adopted in § 170.215(d) for all of the
2151
+ FHIR® resources associated with the profiles and Data Elements
2152
+ specified in and according to the standard adopted in § 170.213(b) and
2153
+ implementation specification adopted in § 170.215(b)(1)(ii).
2173
2154
  * “AllergyIntolerance”;
2174
2155
  * “CarePlan”;
2175
2156
  * “CareTeam”;
@@ -2198,11 +2179,11 @@ procedure:
2198
2179
  * “ServiceRequest”
2199
2180
  TLV: |
2200
2181
  The health IT developer verifies the ability of the Health IT Module
2201
- to respond to requests for multiple patients’ data according to the
2202
- implementation specification adopted in § 170.215(a)(4) for all of the
2182
+ to respond to requests for multiple patients’ data according to an
2183
+ implementation specification adopted in § 170.215(d) for all of the
2203
2184
  FHIR® resources associated with the profiles and Data Elements
2204
- specified in and according to the standard adopted in § 170.213 and
2205
- implementation specification adopted in § 170.215(a)(2).
2185
+ specified in and according to the standard adopted in § 170.213(b) and
2186
+ implementation specification adopted in § 170.215(b)(1)(ii).
2206
2187
  * “AllergyIntolerance”;
2207
2188
  * “CarePlan”;
2208
2189
  * “CareTeam”;
@@ -2239,28 +2220,25 @@ procedure:
2239
2220
  SUT: |
2240
2221
  The health IT developer demonstrates the ability of the Health IT
2241
2222
  Module to limit the data returned to only those FHIR® resources for
2242
- which the client is authorized according to the implementation
2243
- specification adopted in § 170.215(a)(4).
2223
+ which the client is authorized according to an implementation
2224
+ specification adopted in § 170.215(d).
2244
2225
  TLV: |
2245
2226
  The tester verifies the ability of the Health IT Module to limit the
2246
2227
  data returned to only those FHIR® resources for which the client is
2247
- authorized according to the implementation specification adopted in §
2248
- 170.215(a)(4).
2228
+ authorized according to an implementation specification adopted in §
2229
+ 170.215(d).
2249
2230
  inferno_supported: 'yes'
2250
2231
  inferno_tests:
2251
- - 2.3.01 - 2.3.15
2252
- inferno_notes: |
2253
- Inferno does not do this because there is no requirement to only
2254
- supported a subset of the scopes.
2232
+ - 2.3.01 - 2.3.19
2255
2233
  - id: DAT-PAT-10
2256
2234
  SUT: |
2257
2235
  The health IT developer demonstrates the ability of the Health IT
2258
- Module to support a successful data response according to the
2259
- implementation adopted in § 170.215(a)(4).
2236
+ Module to support a successful data response according to an
2237
+ implementation adopted in § 170.215(d).
2260
2238
  TLV: |
2261
2239
  The tester verifies the ability of the Health IT Module to support a
2262
- successful data response according to the implementation adopted in §
2263
- 170.215(a)(4).
2240
+ successful data response according to an implementation adopted in §
2241
+ 170.215(d).
2264
2242
  inferno_supported: 'yes'
2265
2243
  inferno_tests:
2266
2244
  - 7.2.04 - 7.2.05
@@ -2270,12 +2248,12 @@ procedure:
2270
2248
  - id: DAT-PAT-11
2271
2249
  SUT: |
2272
2250
  The health IT developer demonstrates the ability of the Health IT
2273
- Module to support a data response error according to the
2274
- implementation adopted in § 170.215(a)(4).
2251
+ Module to support a data response error according to an implementation
2252
+ adopted in § 170.215(d).
2275
2253
  TLV: |
2276
2254
  The tester verifies the ability of the Health IT Module to support a
2277
- data response error according to the implementation adopted in §
2278
- 170.215(a)(4).
2255
+ data response error according to an implementation adopted in §
2256
+ 170.215(d).
2279
2257
  inferno_supported: 'yes'
2280
2258
  inferno_tests:
2281
2259
  - 7.2.03
@@ -2283,12 +2261,12 @@ procedure:
2283
2261
  - id: DAT-PAT-12
2284
2262
  SUT: |
2285
2263
  The health IT developer demonstrates the ability of the Health IT
2286
- Module to support a bulk data delete request according to the
2287
- implementation specification adopted in § 170.215(a)(4).
2264
+ Module to support a bulk data delete request according to an
2265
+ implementation specification adopted in § 170.215(d).
2288
2266
  TLV: |
2289
2267
  The tester verifies the ability of the Health IT Module to support a
2290
- bulk data delete request according to the implementation specification
2291
- adopted in § 170.215(a)(4).
2268
+ bulk data delete request according to an implementation specification
2269
+ adopted in § 170.215(d).
2292
2270
  inferno_supported: 'yes'
2293
2271
  inferno_tests:
2294
2272
  - 7.4.01
@@ -2297,12 +2275,12 @@ procedure:
2297
2275
  - id: DAT-PAT-13
2298
2276
  SUT: |
2299
2277
  The health IT developer demonstrates the ability of the Health IT
2300
- Module to support a bulk data status request according to the
2301
- implementation specification adopted in § 170.215(a)(4).
2278
+ Module to support a bulk data status request according to an
2279
+ implementation specification adopted in § 170.215(d).
2302
2280
  TLV: |
2303
2281
  The tester verifies the ability of the Health IT Module to support a
2304
- bulk data status request according to the implementation specification
2305
- adopted in § 170.215(a)(4).
2282
+ bulk data status request according to an implementation specification
2283
+ adopted in § 170.215(d).
2306
2284
  inferno_supported: 'yes'
2307
2285
  inferno_tests:
2308
2286
  - 7.2.05 - 7.2.06
@@ -2310,13 +2288,13 @@ procedure:
2310
2288
  - id: DAT-PAT-14
2311
2289
  SUT: |
2312
2290
  The health IT developer demonstrates the ability of the Health IT
2313
- Module to support a file request according to the implementation
2314
- specification adopted in § 170.215(a)(4), including support for the
2291
+ Module to support a file request according to an implementation
2292
+ specification adopted in § 170.215(d), including support for the
2315
2293
  “ndjson” format for files provided.
2316
2294
  TLV: |
2317
2295
  The tester verifies the ability of the Health IT Module to support a
2318
- file request according to the implementation specification adopted in
2319
- § 170.215(a)(4), including support for the “ndjson” format for files
2296
+ file request according to an implementation specification adopted in §
2297
+ 170.215(d), including support for the “ndjson” format for files
2320
2298
  provided.
2321
2299
  inferno_supported: 'yes'
2322
2300
  inferno_tests:
@@ -2366,29 +2344,31 @@ procedure:
2366
2344
  registration.
2367
2345
  inferno_supported: 'yes'
2368
2346
  inferno_tests:
2369
- - 9.10.09
2347
+ - '11.09'
2370
2348
  - id: API-DOC-2
2371
2349
  SUT: |
2372
2350
  The health IT developer demonstrates that the documentation described
2373
- in step 1, of this section is available via a publicly accessible
2374
- hyperlink that does not require preconditions or additional steps to
2375
- access.
2351
+ in step API-DOC-1, of this section is available via a publicly
2352
+ accessible hyperlink that does not require preconditions or additional
2353
+ steps to access.
2376
2354
  TLV: |
2377
- The tester verifies the documentation described in step 1, of this
2378
- section is available via a publicly accessible hyperlink that does not
2379
- require preconditions or additional steps to access.
2355
+ The tester verifies the documentation described in step API-DOC-1, of
2356
+ this section is available via a publicly accessible hyperlink that
2357
+ does not require preconditions or additional steps to access.
2380
2358
  inferno_supported: 'yes'
2381
2359
  inferno_tests:
2382
- - 9.10.09
2360
+ - '11.09'
2383
2361
  - id: API-DOC-3
2384
2362
  SUT: |
2385
2363
  To fulfill the API Maintenance of Certification requirement at §
2386
2364
  170.404(b)(2), the health IT developer demonstrates the public
2387
- location of its certified API technology service base URLs.
2365
+ location of its certified API technology service base URLs and related
2366
+ organization details.
2388
2367
  TLV: |
2389
2368
  To fulfill the API Maintenance of Certification requirement at §
2390
2369
  170.404(b)(2), the tester verifies the public location of the health
2391
- IT developer's certified API technology service base URLs.
2370
+ IT developers certified API technology service base URLs and related
2371
+ organization details.
2392
2372
  inferno_supported: 'yes'
2393
2373
  inferno_tests:
2394
- - 9.10.14
2374
+ - '11.14'