Testscript Release on 01/20/2022. See Touchstone Updates section of the Touchstone Landing page for additional information.

Touchstone is an Infrastructure as a Service (IaaS) and Testing as a Service (TaaS) Open Access Solution for health information exchange. Touchstone strives to live up to its dictionary definition - a criterion for determining the quality or genuineness of a thing - by offering thousands of tests in an easy-to-use system for determining a test system's conformance and interoperability against published specifications, standards, and profiles, including templates and implementation guides.

Touchstone ...

AEGIS Logo

  • allows for automated, internet-based interoperability FHIR Testing against the HL7 FHIR specifications and standards.
  • tests interoperability with other FHIR Server and FHIR Client implementations.
  • has been engineered from the ground up to leverage the new FHIR TestScript resource.
  • is a blend between Test-Driven-Development (TDD) methodologies and Natural Language Processing (NLP) test scripts.
  • has been featured at HL7 FHIR Connectathons and is being leveraged in a continuous testing environment by numerous leading HL7 FHIR implementers.
  • plays an active role in the HL7 Conformance Testing community, the HL7 Argonaut Project, and the HSPC Implementation community.
Features include...
  • self-registration of user accounts and organizations.
  • ability for users to execute FHIR test scripts against test systems with Touchstone serving as the initiator of message exchanges.
  • ability for users to initiate message exchanges from their test systems against other peer test systems with Touchstone FHIR testing tool serving as the intermediary.
  • ability to drill down to individual operations and assertions in test execution results during FHIR Testing.
  • ability to save configured sets of test scripts as named "test setups" for re-execution.
  • controlled access to test scripts, test systems, and test results at the user, organization, and organization group levels.
Touchstone Updates
  • TestScript Release NEW Jan 20, 2022
    • Smart tests in FHIRSandbox/CARIN/CARIN-4-BlueButton/Carin-v1-0-0/00-SMART-on-FHIR, FHIRSandbox/CARIN/CARIN-4-BlueButton/Carin-v1-1-0/00-SMART-on-FHIR, FHIR4-0-1-ClaimsEnc/CARIN-for-BB-1-0-0/00-SMART-on-FHIR, and FHIR4-0-1-SMART-PAT-SA updated to allow for reset of the refresh token if a new one is received.
    • Updated tests in FHIRSandbox/DaVinci/FHIR4-0-1-PlanNetProvDir/ and FHIR4-0-1-ProviderDir/DaVinci-PDEX-PlanNet/ such that tests do not fail when capability statement states vRead is not supported.
    • Updated tests in FHIRSandbox/CARIN/CARIN-4-BlueButton/Carin-v1-0-0/00-SMART-on-FHIR/03-Confid-Client-Test, FHIRSandbox/CARIN/CARIN-4-BlueButton/Carin-v1-1-0/00-SMART-on-FHIR/03-Confid-Client-Test, FHIRSandbox/CARIN/CARIN-4-BlueButton/Carin-vSTU2/00-SMART-on-FHIR/03-Confid-Client-Test, FHIR4-0-1-SMART-PAT-SA/03-PAT-Confid-Client/01-Pat-App-SMART-Launch, FHIR4-0-1-ClaimsEnc/CARIN-for-BB-1-0-0/00-SMART-on-FHIR/03-Confid-Client-Test, and FHIR4-0-1-ClaimsEnc/CARIN-for-BB-1-1-0/00-SMART-on-FHIR/03-Confid-Client-Test to verify valid https protocol before performing a read.
    • Corrected folder placement for Da Vinci Quality Measures TestScripts added for Connectathon 29. Tests now located FHIRSandbox/DaVinci/FHIR4-0-1-QualMeas/FHIR4-0-1-Connectathon29.
  • TestScript Release Jan 7, 2022
    • Updated Patient Cost Transparency TestScripts in /FHIRSandbox/DaVinci/FHIR4-0-1-PCT to accommodate Institutional vs Professional GFE profiles.
    • Updated Formulary STU2 TestScripts, in /FHIRSandbox/DaVinci/FHIR4-0-1-Formulary/Formulary-STU2, to accommodate recent IG updates.
    • Removed 3 duplicated TestScripts from FHIR4-0-1-ClaimsEnc/CARIN-for-BB-1-0-0/02-EOBQuery.
  • TestScript Release Jan 2, 2022
    • PDEX MedicationDispense & PDEX Device resources for FHIRSandbox/DaVinci/FHIR4-0-1-PDEX/PDEX-STU1/04-PDEX-Interactions Testscripts added.
    • Connectathon 29 folders and TestScripts added.
    • CARIN for BlueButton® STU2 for FHIRSandbox/CARIN/CARIN-4-BlueButton Testscripts added.
    • CARIN Digital Insurance Card for FHIRSandbox/CARIN TestScripts added.
    • Standalone Patient App tests in FHIR4-0-1-PAA-SMART-PAT-SA/03-PAT-Confid-Client/01-Pat-App-SMART-Launch updated to allow systems to use "user-level" scopes for the non-Patient compartment, non-USCDI resources.
    • Standalone SMART Patient App Confidential Client SMART App Launch TestScripts to ensure authorization servers reject invalid content during the token exchange setup updated. Scripts in the following Test Definitions folders were updated: FHIR4-0-1-SMART-PAT-SA/03-PAT-Confid-Client, and the Confid-Client tests in each 00-SMART-on-FHIR folder within each of the following: FHIRSandbox/CARIN/CARIN-4-BlueButton/Carin-v1-0-0, FHIRSandbox/CARIN/CARIN-4-BlueButton/Carin-v1-1-0, FHIRSandbox/CARIN/CARIN-4-BlueButton/Carin-vSTU2, FHIR4-0-1-ClaimsEnc/CARIN-for-BB-1-0-0, FHIR4-0-1-ClaimsEnc/CARIN-for-BB-1-1-0.
  • Touchstone Platform updates to address the Apache Log4j library security vulnerabilities (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105) Dec 21, 2021
    • With respect to the Apache Logj4 Log4Shell security vulnerability (CVE-2021-44228, CVE-2021-45046) and uncontrolled recursion from self-referential lookups (CVE-2021-45105) issues impacting applications using the Apache Log4j library the Touchstone team wanted to share the impacts to the Touchstone Platform and address any community concerns.
      • The Touchstone Platform and Validator services are not impacted by the Apache Logj4 issues
      • New Touchstone IDE version 1.4.1 Release - The Touchstone IDE currently uses the 1.2.x version of Logj4. As such the IDE is not affected by the recently reported security vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105). After additional analysis and research, the Eclipse based IDE does not support the Apache Logj4 2.x plugin and as such is not vulnerable to the current security issues. This release addresses the known vulnerabilities in the Eclipse Apache Logj4 1.2.x plugin by removing the impacted classes from the Java library. With this release the Touchstone IDE will not be vulnerable to any known security issues. Users are strongly encouraged to download and install the 1.4.1 release at their earliest convenience.
      • New WildFHIR Application Releases - The previous versions of the WildFHIR (FHIR RI) applications all used the 1.2.x version of the Apache Logj4 library. As such WildFHIR was not affected by the recently reported security vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105). However, this old version of Logj4 is still vulnerable to other RCE attacks and has been upgraded to the latest Logj4 2.17.0 version to mitigate against these vulerabilities.
      • Please reach out to Touchstone Support with any specific issues you are experiencing. Our Support and Security teams are available to address any concerns.
  • Touchstone Platform updates to address the RCE 0day logj4 Log4Shell security vulnerability (CVE-2021-44228) Dec 17, 2021
    • With respect to the RCE 0day logj4 Log4Shell security vulnerability (CVE-2021-44228) issue impacting applications using Apache the Touchstone team wanted to share the impacts to the Touchstone Platform and address any community concerns.
      • The Touchstone Platform and Validator services are not impacted by the logj4 issue
      • New Touchstone IDE version 1.4.1 Release - The Touchstone IDE currently uses the 1.2.x version of log4j. As such the IDE is not affected by the recently reported Log4Shell security vulnerability (CVE-2021-44228). After additional analysis and research, the Eclipse based IDE does not support the Apache log4j 2.x plugin and as such is not vulnerable to the current Log4Shell security issue. This release addresses the known vulnerabilities in the Eclipse Apache log4j 1.2.x plugin by removing the impacted classes from the Java library. With this release the Touchstone IDE will not be vulnerable to any known security issues. User are strongly encouraged to download and install the 1.4.1 release at their earliest convenience.
      • New WildFHIR Application Releases - The previous versions of the WildFHIR (FHIR RI) applications all used the 1.2.x version of log4j. As such WildFHIR was not affected by the recently reported Log4Shell security vulnerability (CVE-2021-44228). However, this old version of log4j is still vulnerable to other RCE attacks and has been upgraded to the latest log4j 2.16.0 version.
      • Please reach out to Touchstone Support with any specific issues you are experiencing. Our Support and Security teams are available to address any concerns.
  • Touchstone 5.6.0 Released Dec 10, 2021
    • Enhancements
      • Enhanced test execution warning status display in UI to represent Passed with Warnings as orange in the status bar, include the count of the warnings in the test count summary, and the execution status will represent Passed with Warnings rather than just Passed when there are warnings
      • Enhanced navigation in Test Executions with more intuitive hyperlinks and expansions
      • Enhanced extractScopesNotGranted() to accept and process a context wildcard
      • Implemented FHIRPath $index token support
      • Updated Touchstone Testing Implementation Guide for the TestScript profile to include ‘history-instance’, ‘history-type’, and ‘history-system’ operations in FHIRPath expression
      • Implemented support for history-instance, history-type and history-system
      • Enhanced Validator to data drive the terminology server used during validation
      • Enhanced Validator to handle slicing definitions with single and multiple discriminators
      • Enhanced Validator timezone processing when comparing date and timestamp precision values
      • Added functionality to secured version of WildFHIR to allow page caching
      • Added Touchstone IPs for Whitelist to documentation
    • Bug Fixes
      • Added check and warning message to prevent user from uploading a TestScript with the same name but a different extension
      • Public Test System no longer requires client secret to be specified
      • Fixed “Execute Again” populating incorrect Destination Server
      • Resolved issue with auto-pagination incorrectly applying encoding a second time
      • Resolved duplicate Authorization Header caused by auto-pagination
      • Added logic to prevent test setup execution when no destination specified
      • Corrected Touchstone to recognize json extension at test execution
      • Implemented validation to prevent a user from executing a test mid-load
      • Resolved caching errors caused by unavailable HL7 terminology server
    • TestScript
      • Added tests to EHR launch tests in Patient Access API certification TestScript to cover SMART on FHIR EHR launch with Practitioner Scope and OpenID Connect
      • Removed asserts for supportedProfile element from Capability Statement tests
      • Created DaVinci PDEX STU2 tests
      • Updated all Patient Access API SMART Discovery tests to check required SMART on FHIR Core Capability and Capability Sets
      • Added TestScript for Search using _includes for ExplanationOfBenefit.* (wildcard) to CARIN for Blue Button® tests
      • Update asserts from fail to warning-only for History and VRead interactions that are “SHOULD” in specification
      • Create Patient Access API Certification test suite for CARIN for Blue Button® 1.1.0 tests and update the test folder structure to accommodate both CARIN for Blue Button® v1.0.0 and v1.1.0 TestScripts
      • Created CARIN for Blue Button® 1.1.0 TestScripts
  • TestScript Release Nov 19, 2021
    • resolveReferences.groovy rule defect addressed correcting use of the configured authentication mechanism.
    • CARIN for BB 1.1.0 corrected profiles uploaded.
    • Provenance Resource ML-3 added to Basic Test Suite.
    • POST search tests added to the US Core scripts in the Advanced folder.
  • TestScript Release Oct 25, 2021
    • Da Vinci Member Attribution tests updated to include origin and destination operations in support of peer-to-peer testing.
    • Da Vinci PAS fixtures corrected to address validation errors due to typo in the "serviceItemRequestType" portion of the URL.
    • Added TestScripts for the Da Vinci PCT IG.
    • Added EOB basic test for the Da Vinci PDEX IG.
    • CARIN and PAA Claims tests updated to include origin and destination operations in support of peer-to-peer testing.
    • Removed "charset=utf-8" Asserts from capability statement tests in Formulary, Provider Directory, and Bulk Data TestScripts.
    • FHIRCommon RuleSets updated to exclusively use a FHIRPath expression that checks for versioning element in the Test System's CapabilityStatement.
  • Touchstone 5.5.0 Released Oct 8, 2021
    • Enhancements
      • Added 'nonce' and 'response_mode' parameters
      • Added ability to manually upload Capability Statement
      • Validator now returns as much of the response as it has validated within the timeout period instead of just returning an error
      • Developed extension to support TestSetup Dynamic Fixture such that a user can enter their own fixture at test setup time
      • Enhanced Touchstone to allow testing of peer to peer secure systems (OAuth Clients and Servers)
      • Added support for history operation, described in Touchstone Testing Implementation Guide
      • Allow organizations to create Test Systems with the same IP address and/or base URL within Touchstone
    • Bug Fixes
      • Unsupported Validators are no longer displayed on User Admin 'Validator' selection box
      • Updated the Error message thrown when failing a test setup
      • Adjusted heirarchy of importance so that "Skipped" is not displayed over "Passed" or "Passed+W"
      • Resolved Unexpected error in Conformance Suite when Toggle to XML is selected
      • Fixed Incorrect Handling of Placeholders in requestHeader
      • Corrected exception thrown when duplicate tests are run in a Conformance Suite
      • Conformance Suites - Passed with "W" now showing at 'Current' view
      • Conformance Suite Published result for a previous suite version is now viewable
      • Correction to the resolution of references with Bundle entry nesting so that those references are correctly attributed to their respective Bundles
      • Validator now recognizes when Code System Content Mode is "Example" the validation can be performed internally and a call to the terminology server for validation is no longer made.
      • Validator no longer restricts refererence types in standalone validation
      • Validator with FHIR Path Engine funcResolve method now accounts for local references within a Bundle
      • Updated validator to provide more precise error text when a non-existent code system validation error is encountered
      • The validation engine honors the warningOnly = 'true' setting even when there is a Touchstone-related error present
  • CARIN 4 BB 1.1 Validator and TestScript Release Sep 24, 2021
    • Validator
      • CARIN 4 Blue Button 1.1 Validator (FHIR 4.0.1 CARIN BB) released.
    • TestScript
      • CARIN folder under FHIRSandbox updated to include CARIN 1.0.0 and CARIN 1.1.0 TestScripts.
      • CARIN 1.0.0 TestScripts point to the FHIR 4.0.1 Validator
      • CARIN 1.1.0 TestScripts point to the FHIR 4.0.1 CARIN BB Validator