Service Base URLs Test Kit For (g)(10) Attestation

[dhit-mdavis]

Hi all.

1. Can you confirm whether Production Service Base URL endpoints are allowed to be used with the Service Base URLs Test Kit?
2. Are only Dev and Stg environment Service Base URL endpoints allowed with the Test Kit to confirm HTI-1 compliance?
3. I'm specifically asking about the Service Base URLs Test Kit and no Patient data is involved.

We have clients that are trying to prepare for (g)(10) Attestation for HTI-1 and are trying to be conscious of any test tool expectations.

Banner Message Below For Consideration "Inferno on HealthIT.gov is for demonstration only. Not for use with sensitive data or Protected Health Information (PHI). Data periodically removed. "

[arscan]

Hi @dhit-mdavis --

We do encourage users to download the test kit and run it locally, or run it against test data instead of 'live' data to ensure that no protected data inadvertently is shared. But you can use inferno.healthit.gov as long as no protected or sensitive data is involved. Given the public nature of the service base url publication, risk of inadvertently sharing non-public data seems low, but that is up to you.

One consideration is that Inferno is designed and validated to run on manageable sizes of test data. So if you use it on live data, which could be extremely large, inferno.healthit.gov's resource limitations might prevent tests from passing (with a clear system error). That doesn't necessarily mean the bundle is invalid though. Some vendors that have run into that limitation simply test against a representative subset of the data served from an alternate location temporarily, which is a reasonable solution as long as they don't knowingly misrepresent the data set.