diff --git a/Gemfile b/Gemfile index f9106181..369d2e56 100644 --- a/Gemfile +++ b/Gemfile @@ -21,7 +21,7 @@ end # Windows and JRuby does not include zoneinfo files, so bundle the tzinfo-data gem # and associated library. install_if -> { RUBY_PLATFORM =~ %r!mingw|mswin|java! } do - gem "tzinfo" + gem "tzinfo", "~> 1.2", ">= 1.2.10" gem "tzinfo-data" end diff --git a/Gemfile.lock b/Gemfile.lock index f51a2fa1..076f73c2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -64,8 +64,9 @@ GEM ffi (~> 1.9) terminal-table (2.0.0) unicode-display_width (~> 1.1, >= 1.1.1) - tzinfo (2.0.4) - concurrent-ruby (~> 1.0) + thread_safe (0.3.6) + tzinfo (1.2.10) + thread_safe (~> 0.1) tzinfo-data (1.2022.1) tzinfo (>= 1.0.0) unicode-display_width (1.8.0) @@ -80,9 +81,9 @@ DEPENDENCIES json minima (~> 2.5.1) rexml (>= 3.2.5) - tzinfo + tzinfo (~> 1.2, >= 1.2.10) tzinfo-data wdm (~> 0.1.1) BUNDLED WITH - 2.3.18 + 2.1.4 diff --git a/_includes/_footer.html b/_includes/_footer.html index e8aeeb27..a2590a07 100644 --- a/_includes/_footer.html +++ b/_includes/_footer.html @@ -29,19 +29,23 @@

CMS & HHS Websites

  • Medicaid.gov
  • Healthcare.gov
  • HHS.gov
    • +
  • developer.cms.gov

    • Additional resources

    - \ No newline at end of file + diff --git a/_includes/_nav.html b/_includes/_nav.html index fd32f700..eee2455e 100644 --- a/_includes/_nav.html +++ b/_includes/_nav.html @@ -37,4 +37,4 @@ - \ No newline at end of file + diff --git a/_includes/_usa-banner.html b/_includes/_usa-banner.html new file mode 100644 index 00000000..6d3dbec3 --- /dev/null +++ b/_includes/_usa-banner.html @@ -0,0 +1,163 @@ +
    +
    + + U.S. Flag + + + + + + + + +

    + An official website of the United States government + +

    +
    + +
    + + +
    + {% include _nav.html %} +
    diff --git a/_layouts/default.html b/_layouts/default.html index 85a60723..8c8a8601 100644 --- a/_layouts/default.html +++ b/_layouts/default.html @@ -2,10 +2,7 @@ {% include _head.html %} -
    - {% include _nav.html %} -
    - + {% include _usa-banner.html %} {{ content }} {% include _footer.html %} diff --git a/_sass/components/_0_components_dir.scss b/_sass/components/_0_components_dir.scss index 0ba63c27..e5ef7ac1 100644 --- a/_sass/components/_0_components_dir.scss +++ b/_sass/components/_0_components_dir.scss @@ -13,4 +13,5 @@ @import "./navbar"; @import "./process-list"; @import "./sidenav"; -@import "./site-blocks"; \ No newline at end of file +@import "./site-blocks"; +@import "./usa-banner"; \ No newline at end of file diff --git a/_sass/components/_usa-banner.scss b/_sass/components/_usa-banner.scss new file mode 100644 index 00000000..dd36b9a4 --- /dev/null +++ b/_sass/components/_usa-banner.scss @@ -0,0 +1,409 @@ +$animation-ease-in-out-expo: cubic-bezier(1, 0, 0, 1) !default; +$animation-speed-base: 1 !default; +$animation-speed-1: 0.25s !default; +$animation-speed-2: 0.3s !default; +$animation-speed-3: 0.5s !default; +$animation-speed-4: 0.8s !default; +$color-white: #ffffff !default; +$color-black: #000000 !default; +$color-transparent: #ffffff00 !default; +$color-transparent-black-alpha50: #00000080 !default; +$color-transparent-black-alpha25: #00000040 !default; +$color-transparent-white-alpha50: #ffffff80 !default; +$color-transparent-white-alpha25: #ffffff40 !default; +$color-background: #ffffff !default; +$color-background-dialog: #ffffff !default; +$color-background-dialog-mask: #00000080 !default; +$color-background-inverse: #00395e !default; +$color-base: #262626 !default; +$color-base-inverse: #ffffff !default; +$color-border: #d9d9d9 !default; +$color-border-dark: #0f1e38 !default; +$color-border-inverse: #ffffff !default; +$color-coolblue: #045d83 !default; +$color-coolblue-light: #046791 !default; +$color-coolblue-lighter: #82b3c8 !default; +$color-coolblue-lightest: #e6f0f4 !default; +$color-error: #e31c3d !default; +$color-error-dark: #cc1937 !default; +$color-error-darker: #9f142b !default; +$color-error-darkest: #720e1f !default; +$color-error-light: #f18e9e !default; +$color-error-lighter: #f7bbc5 !default; +$color-error-lightest: #fce8ec !default; +$color-focus: #3e94cf !default; +$color-focus-border-inverse: #7c6210 !default; +$color-focus-dark: #bd13b8 !default; +$color-focus-inverse: #02bfe7 !default; +$color-focus-light: #ffffff !default; +$color-focus-shadow: #262626 !default; +$color-focus-shadow-inverse: #262626 !default; +$color-focus-shadow-link: #262626 !default; +$color-focus-shadow-link-inverse: #7c6210 !default; +$color-gold: #f8c41f !default; +$color-gold-dark: #dfb01c !default; +$color-gold-darker: #ae8916 !default; +$color-gold-darkest: #7c6210 !default; +$color-gold-light: #f9ca35 !default; +$color-gold-lighter: #fce28f !default; +$color-gold-lightest: #fef9e9 !default; +$color-gray: #5a5a5a !default; +$color-gray-cool-light: #e6f1f8 !default; +$color-gray-dark: #404040 !default; +$color-gray-light: #a6a6a6 !default; +$color-gray-lighter: #d9d9d9 !default; +$color-gray-lightest: #f2f2f2 !default; +$color-gray-medium: #737373 !default; +$color-gray-warm-dark: #404040 !default; +$color-gray-warm-light: #f2f2f2 !default; +$color-green: #12890e !default; +$color-green-dark: #107b0d !default; +$color-green-darker: #0d600a !default; +$color-green-darkest: #094507 !default; +$color-green-light: #2a9526 !default; +$color-green-lighter: #89c487 !default; +$color-green-lightest: #e7f3e7 !default; +$color-muted: #5a5a5a !default; +$color-muted-inverse: #e9ecf1 !default; +$color-primary: #0071bc !default; +$color-primary-darker: #004f84 !default; +$color-primary-darkest: #00395e !default; +$color-primary-alt: #02bfe7 !default; +$color-primary-alt-dark: #02acd0 !default; +$color-primary-alt-darkest: #016074 !default; +$color-primary-alt-light: #4ed2ee !default; +$color-primary-alt-lightest: #e6f9fd !default; +$color-secondary: #02bfe7 !default; +$color-secondary-dark: #02acd0 !default; +$color-secondary-darker: #0186a2 !default; +$color-secondary-darkest: #016074 !default; +$color-secondary-light: #4ed2ee !default; +$color-secondary-lighter: #b3ecf8 !default; +$color-secondary-lightest: #e6f9fd !default; +$color-red: #e31c3d !default; +$color-red-dark: #cc1937 !default; +$color-red-darker: #9f142b !default; +$color-red-darkest: #720e1f !default; +$color-red-light: #f18e9e !default; +$color-red-lighter: #f7bbc5 !default; +$color-red-lightest: #fce8ec !default; +$color-success: #12890e !default; +$color-success-dark: #107b0d !default; +$color-success-darker: #0d600a !default; +$color-success-darkest: #094507 !default; +$color-success-light: #2a9526 !default; +$color-success-lighter: #89c487 !default; +$color-success-lightest: #e7f3e7 !default; +$color-warn: #f8c41f !default; +$color-warn-dark: #dfb01c !default; +$color-warn-darker: #ae8916 !default; +$color-warn-darkest: #7c6210 !default; +$color-warn-light: #f9ca35 !default; +$color-warn-lighter: #fce28f !default; +$color-warn-lightest: #fef9e9 !default; +$color-visited: #4c2c92 !default; +$font-sans: 'Open Sans', Helvetica, sans-serif !default; +$font-serif: Bitter, Georgia, serif !default; +$font-family-open-sans: 'Open Sans', Helvetica, sans-serif !default; +$font-family-rubik: 'Rubik', sans-serif !default; +$font-family-montserrat: 'Montserrat', sans-serif !default; +$font-family-bitter: Bitter, Georgia, serif !default; +$font-size-base: 16px !default; +$font-size-sm: 14px !default; +$font-size-md: 16px !default; +$font-size-lg: 18px !default; +$font-size-xl: 21px !default; +$font-size-2xl: 24px !default; +$font-size-3xl: 36px !default; +$font-size-4xl: 48px !default; +$font-size-5xl: 60px !default; +$font-line-height-reset: 1 !default; +$font-line-height-base: 1.5 !default; +$font-line-height-heading: 1.3 !default; +$font-line-height-lead: 1.7 !default; +$font-weight-normal: 400 !default; +$font-weight-bold: 700 !default; +$font-weight-semibold: 600 !default; +$article-max-width: 600px !default; +$grid-columns: 12 !default; +$grid-gutter-width: 32px !default; +$grid-form-gutter-width: 16px !default; +$lead-max-width: 77rem !default; +$nav-width: 951px !default; +$site-margins: 3rem !default; +$site-margins-mobile: 1.5rem !default; +$site-max-width: 1040px !default; +$text-max-width: 53rem !default; +$measure-narrow: 45ex !default; +$measure-base: 65ex !default; +$measure-wide: 80ex !default; +$media-width-xs: 0px !default; +$media-width-sm: 544px !default; +$media-width-md: 768px !default; +$media-width-lg: 1024px !default; +$media-width-xl: 1280px !default; +$radius-circle: 100% !default; +$radius-default: 3px !default; +$radius-large: 8px !default; +$radius-medium: 4px !default; +$radius-pill: 9999px !default; +$radius-small: 2px !default; +$shadow-focus: inset 0 0 0 1px #262626 !default; +$shadow-focus-inverse: inset 0 0 0 1px #262626 !default; +$shadow-focus-link: 0 3px #262626 !default; +$shadow-focus-link-inverse: 0 3px #7c6210 !default; +$shadow-base-offset-x: 2px !default; +$shadow-base-offset-y: 2px !default; +$shadow-base-blur-radius: 4px !default; +$shadow-base-color: #00000040 !default; +$shadow-base: 2px 2px 4px !default; +$spacer-1: 8px !default; +$spacer-2: 16px !default; +$spacer-3: 24px !default; +$spacer-4: 32px !default; +$spacer-5: 40px !default; +$spacer-6: 48px !default; +$spacer-7: 56px !default; +$spacer-none: 0px !default; +$spacer-half: 4px !default; +$usa-banner-mobile-close-size: 48px; +$usa-caret-icon-size: 10px; +$usa-banner-font-family: $font-sans; +$usa-banner__background-color: #f2f2f2 !default; +$usa-banner__color: #000000 !default; +$usa-banner-close__background-color: #a6a6a6 !default; +$usa-banner-action__color: #004f84 !default; +$usa-banner-lock-icon__color: #2a9526 !default; + +.ds-c-icon-color--primary { + color: #0071bc; +} + +@mixin focus-styles { + box-shadow: 0 0 0 3px $color-focus-light, 0 0 4px 6px $color-focus-dark; + // Add support for Windows High Contrast Mode (WHCM) + // The transparent color only shows when WHCM is triggered + outline: 3px solid transparent; + outline-offset: 3px; +} + +@mixin focus-styles-position { + position: relative; + z-index: 100; +} + +.ds-c-icon--arrow-up { + transform: rotate(-90deg); +} + +.ds-c-icon--arrow-down { + transform: rotate(90deg); +} + +@mixin focus-styles-link { + background-color: $color-focus-light; + box-shadow: none; + color: initial; + outline: 3px solid $color-focus-dark; + outline-offset: 1px; + text-decoration: underline; +} + +.ds-c-usa-banner { + background-color: $usa-banner__background-color; + color: $usa-banner__color; + font-family: $usa-banner-font-family; + font-size: $font-size-base; + padding: 0; +} + +.ds-c-usa-banner__header { + align-items: flex-start; + display: flex; + flex-direction: row; + font-size: 12px; + font-weight: $font-weight-normal; + line-height: 1.2; + min-height: $spacer-4; + padding: $spacer-1 $spacer-2 $spacer-1 $spacer-2; + position: relative; + + @media (min-width: $width-sm) { + min-height: 0; + padding-bottom: 4px; + padding-top: 4px; + } +} + +.ds-c-usa-banner__header--mobile { + padding: 0; + + .ds-c-usa-banner__button { + display: flex; + font-family: $usa-banner-font-family; + padding: $spacer-1 $spacer-2 $spacer-1 $spacer-2; + width: 100%; + } + + &.ds-c-usa-banner__header--expanded { + .ds-c-usa-banner__button { + padding-bottom: 0; + } + } + + .ds-c-usa-banner__cta-wrapper { + display: block; + } +} + +.ds-c-usa-banner__collapse-banner-container { + align-items: center; + background-color: $usa-banner-close__background-color; + display: flex; + height: $usa-banner-mobile-close-size; + justify-content: center; + margin-left: auto; + margin-right: -$spacer-2; + margin-top: -$spacer-1; + width: $usa-banner-mobile-close-size; + + .ds-c-icon { + height: $font-size-lg; + width: $font-size-lg; + } +} + +.ds-c-usa-banner__header-flag { + height: 11px; + margin-right: $spacer-1; + width: $spacer-2; +} + +.ds-c-usa-banner__header-text { + display: inline; + margin: 0; + span { + margin-right: $spacer-1; + } +} + +.ds-c-usa-banner__header-action { + color: $usa-banner-action__color; + display: block; + margin-bottom: 0; + margin-top: 2px; + text-decoration: underline; +} + +.ds-c-usa-banner__button { + background-color: transparent; + border: 0; + bottom: 0; + box-shadow: none; + font-size: inherit; + line-height: inherit; + margin: 0; + padding: 0; + text-align: left; + + &:focus { + @include focus-styles; + } +} + +.ds-c-usa-banner__button-text { + @extend .ds-c-link; +} + +.ds-c-usa-banner__content { + margin-left: auto; + margin-right: auto; + overflow: hidden; + padding: 4px $spacer-2 $spacer-2 $spacer-1; + + @media (min-width: $width-sm) { + padding-bottom: $spacer-3; + padding-top: $spacer-3; + } +} + +.ds-c-usa-banner__guidance-container { + display: flex; + flex-direction: column; + + @media (min-width: $width-sm) { + flex-flow: row nowrap; + } +} + +.ds-c-usa-banner__guidance { + align-items: flex-start; + display: flex; + max-width: 64ex; + padding: $spacer-2 12px 0 12px; + + @media (min-width: $width-sm) { + padding: 0 $spacer-1; + width: 50%; + } +} + +.ds-c-usa-banner__icon { + flex-shrink: 0; + height: $spacer-5; + margin-right: $spacer-1; + width: $spacer-5; + + &.ds-c-icon--lock-circle { + color: $usa-banner-lock-icon__color; + + @media (-ms-high-contrast: active), (forced-colors: active) { + color: WindowText; + } + } +} + +.ds-c-usa-banner__lock-image { + height: 1.5ex; + vertical-align: inherit; + width: calc(1.5ex * 52 / 64); + + path { + fill: currentColor; + } + + @media (-ms-high-contrast: active), (forced-colors: active) { + path { + fill: WindowText; + } + } +} + +.ds-c-usa-banner__media-img { + float: left; + margin-right: $spacer-1; +} + +.ds-c-usa-banner__media-body { + margin: 0; +} + +.ds-c-usa-banner__header--expanded { + @media (min-width: $width-sm) { + background-color: transparent; + padding-right: 0; + .ds-c-usa-banner__button-text::after { + transform: rotate(180deg); + } + } + + .ds-c-usa-banner__header-action { + display: none; + } +} + +.ds-c-usa-banner__action-icon { + color: $usa-banner__color; + height: $usa-caret-icon-size; + width: $usa-caret-icon-size; +} \ No newline at end of file diff --git a/assets/downloads/postman.zip b/assets/downloads/postman.zip index b8be2124..c0297040 100644 Binary files a/assets/downloads/postman.zip and b/assets/downloads/postman.zip differ diff --git a/common/data.md b/common/data.md index e194e7aa..fc31fa78 100644 --- a/common/data.md +++ b/common/data.md @@ -2,7 +2,7 @@ layout: page-sidenav title: DPC Data banner_title: Understanding DPC Data -permalink: /data +permalink: /data.html id: data button: Data Dictionary coming_soon: true diff --git a/common/docsV1.md b/common/docsV1.md index 2c8e555d..8bb7f1a5 100644 --- a/common/docsV1.md +++ b/common/docsV1.md @@ -2,50 +2,44 @@ layout: page-sidenav title: DPC Documentation banner_title: Documentation -permalink: /docsV1 +permalink: /docsV1.html id: docsV1 side_nav_items: guide1_nav --- -Welcome to the Data at the Point of Care pilot API program! This documentation covers using the sandbox API with synthetic data. Once you’ve tested your implementation in sandbox, you can [email DPC](mailto:DPCINFO@cms.hhs.gov) to be added to the queue for production access. +Welcome to the Data at the Point of Care (DPC) pilot API program! This documentation covers using the API in the sandbox environment with synthetic data. Once you’ve tested your implementation in sandbox, you can [email DPC](mailto:DPCINFO@cms.hhs.gov) to be added to the queue for production access. # Authorization ------------------ -Welcome to the Data at the Point of Care pilot API program! - ## Step One: Request Access -Any Fee-for-Service provider or Health IT vendor may [request access](https://sandbox.dpc.cms.gov/users/sign_up) to the sandbox environment and obtain synthetic data by signing-up for an account in the DPC Portal. You will receive a confirmation email from CMS upon account creation. +Any Fee-for-Service provider organization or Health IT implementer may request access to the sandbox environment and obtain synthetic data by signing-up for an account through the Sandbox Sign Up / Login page. You will receive a confirmation email from CMS upon account creation. -Once your account has been assigned to an organization, you will be notified with a second email, which will include next steps and an invite to join our [Google Group](https://groups.google.com/g/dpc-api) community. At this time, you may log in to the DPC Portal at [https://dpc.cms.gov](https://dpc.cms.gov) to create your first client token and start your journey with the Data at the Point of Care pilot API! +Once your account has been assigned to an organization, you will be notified with a second email, which will include next steps and an invite to join our Google Group community. At this time, you may log in to the DPC Portal at https://dpc.cms.gov to create your first client token and start your journey with the DPC pilot API! ## Step Two: Client Tokens -Create your first client token
    +Create client token
    Create multiple client tokens
    List all client tokens
    Delete client tokens -Client tokens help monitor who is accessing the API through your account. A client token is required to create an access token, which is needed with every request made to the API. This ensures every interaction with the API can be traced back to the person who created the client token. - -### Prerequisites: -- A registered account in the DPC Portal -- CMS email stating you have been assigned to an organization +Client tokens help monitor who is accessing the API through your account. A *client* token is required to create an *access* token, which is needed with every request made to the API. This ensures every interaction with the API can be traced back to the person who created the client token. -### Create your first client token +### Create client token

    - You MUST create different client tokens for every vendor that works with the API. A single client token should not be shared with multiple vendors. + You MUST create different client tokens for every provider organization that works with the API.

    -Your first client token must be created through the DPC Portal. After successfully accessing the API, you may choose to add client tokens through the API or continue using the DPC Portal. +Your first client token must be created through the DPC Portal. -1. **Log in to your account in the [DPC Portal](https://sandbox.dpc.cms.gov/users/sign_in)** and select + New Token -2. **Add a Label:** Title your token with a recognizable name that includes the environment for which you are requesting access -3. Click "Create Token" to generate your client token +1. **Log in to your account in the DPC Portal** and select + New Token. +2. **Add a Label:** Title your token with a recognizable name that includes the environment for which you are requesting access. +3. Click "Create Token" to generate your client token. ![Client Token](/assets/images/guide_client_token.svg) @@ -57,11 +51,13 @@ Your first client token must be created through the DPC Portal. After successful +After successfully accessing the API, you may choose to add client tokens through the API or continue using the DPC Portal. + ### Create multiple client tokens You may create as many tokens as you like via your account in the DPC Portal using the instructions above. You can also create multiple client tokens at once by making a POST request to the /Token endpoint. -This endpoint accepts two (optional) query parameters: +The /Token endpoint accepts two (optional) query parameters: @@ -115,16 +111,8 @@ The response from the API will include the client_token in the token field. } ~~~ -
    -
    -

    - This is the only time that this client token will be visible to you. Ensure that the value is recorded in a safe and durable location. -

    -
    -
    - ### List all client tokens -If you have created multiple client tokens, you may want to list them to reference ID’s, expiration dates, or delete specific client tokens from your account in the DPC Portal. +If you have created multiple client tokens, you may want to list them to reference IDs, expiration dates, or delete specific client tokens from your account in the DPC Portal. All client tokens registered by your organization for a given environment can be listed by making a GET request to the /Token endpoint. This will return a list of token IDs with details on when they were created, when they expire, and the label associated with that token. @@ -173,7 +161,7 @@ GET /api/v1/Token ~~~ ### Delete client tokens -You may want to delete a client token from your organization if a vendor or group no longer exists or needs access to the API. This can be done by clicking the “x” on the right side of each client token listed in the DPC Portal or by sending a DELETE request to the /Token endpoint using the unique ID of the client_token. +You may want to delete a client token from the sandbox environment if a Health IT implementer no longer exists or needs access to the API. This can be done by clicking the “x” on the right side of each client token listed in the DPC Portal or by sending a DELETE request to the /Token endpoint using the unique ID of the client_token. Client_token IDs can be found either at creation or as the result of [listing client_tokens](#list-all-client-tokens). @@ -202,18 +190,11 @@ Client_token IDs can be found either at creation or as the result of [listing cl Public keys verify that client token requests are coming from an authorized application. This is by verifying that the private key used to sign your JSON Web Token (JWT) also matches a public key previously uploaded to DPC. Please complete the upload of your public key + signature through the DPC Portal. -**ALL files in this section must be stored in ONE folder.** - -(private.pem, public.pem, snippet.txt, snippet.txt.sig, signature.sig files) - -### Prerequisites: -- A registered account in the DPC Portal -- CMS email stating you have been assigned to an organization - +**ALL files** (e.g., private.pem, public.pem, snippet.txt, snippet.txt.sig, signature.sig files) **in this section must be stored in ONE folder.** ### Upload your first public key -**1. Generate a private key** +**1. Generate a private key.** - Use the command invocation: @@ -229,7 +210,7 @@ Public keys verify that client token requests are coming from an authorized appl -**2. Generate a public key** +**2. Generate a public key.** - Use the command invocation: @@ -241,7 +222,7 @@ Public keys verify that client token requests are coming from an authorized appl ![Public Key Example - Shows public key with the BEGIN PUBLIC KEY and END PUBLIC KEY tags.](/assets/images/guide_public_key_ex.svg) -**4a. 3a:** Title your public key with a descriptive name that can be easily recognized for future purposes. +**4. Title** your public key with a descriptive name that can be easily recognized for future purposes. **5. Proceed** to creating your public key signature. @@ -249,6 +230,23 @@ Public keys verify that client token requests are coming from an authorized appl **1. Download the snippet.txt file located in the DPC Portal to create a signature.** +- If you are unable to download the snippet.txt file with a GUI, you can download the file using the command invocation below: + + ~~~ + curl -JLO https://raw.githubusercontent.com/CMSgov/dpc-app/master/dpc-web/public/snippet.txt + ~~~ + +**1a. Verify the type of file.** + +- If you are using a Mac or Linux shell, you can check the file type with this command. This command will not work in a basic Windows environment. + + ~~~ + file snippet.txt + ~~~ + +

    Response must yield snippet.txt: ASCII text, with no line terminators.

    + + **2. Create your public key snippet.** - Use the command invocation: @@ -269,7 +267,7 @@ Public keys verify that client token requests are coming from an authorized appl **4. Generate a _verified_ public key signature.** -- Use the commmand invocation: +- Use the command invocation: ~~~ openssl base64 -in snippet.txt.sig -out signature.sig @@ -277,11 +275,13 @@ Public keys verify that client token requests are coming from an authorized appl **5. Paste the contents** of your verified public key signature (signature.txt file) into the ‘Public Key Signature’ field in your DPC Account. -**6. Click Add Key** to upload your public key. +**6. Click "Add Key"** to upload your public key. + +-

    If you see the error message stating, "Unable to verify your public key" after uploading your public key, re-download the snippet.txt file using the command stated in Step 1, and re-generate your public key and signature pair.

    ### List all public keys -If you have created multiple public keys, you may want to list them to reference ID’s, check expiration dates, or delete specific public keys from your account in the DPC Portal. +If you have created multiple public keys, you may want to list them to reference IDs, check expiration dates, or delete specific public keys from your account in the DPC Portal. All public keys registered by your organization for an environment can be listed by making a GET request to the /Key endpoint. This will return a list of public key IDs with details on when they were created, when they expire, and the label associated with that key. @@ -318,7 +318,7 @@ The response from the API will include the client_token in the token field. ~~~ ### List a specific public key -If you have created multiple public keys, you may want to confirm the expiration date or content of a single public key from your account in the DPC portal. +If you have created multiple public keys, you may want to confirm the expiration date or content of a single public key from your account in the DPC Portal. Specific public keys can be listed by making a GET request to the /Key endpoint using the unique id of the public key. @@ -346,7 +346,7 @@ Specific public keys can be listed by making a GET request to the /Key endpoint ~~~ ### Delete public keys -You may need to delete a public key from your organization if a user no longer needs access or otherwise needs to be removed from the system. +You may need to delete a public key from the DPC Portal if you no longer need access. Public keys can be removed by sending a DELETE request to the /Key endpoint using the unique ID of the public key, which is returned either at creation, or as the result of listing the public keys. @@ -372,41 +372,61 @@ The response from the API will include the client_token in the token field. ## Step Four: JSON Web Tokens -Validate a JSON Web Token for DPC - -A JSON Web Token (JWT) authenticates your organization with DPC. If you have not generated your client token and public/private key pair through the DPC Portal, please obtain the following prerequisites before proceeding. +Validate a JSON web token for DPC -### Prerequisites: -- Internet access -- A registered client token -- Your private key -- Your public key ID +A JSON Web Token (JWT) authenticates your organization with DPC. -Once completed, please download the DPC JWT Tool (the button below) to generate your JWT for DPC. +Complete the following steps to generate your JWT via the JWT Tool. -
    - +
    + JWT Tool Download
    -The following instructions are to be completed via the JWT Tool downloaded onto your personal computer. You must have internet access in order for this tool to use its cryptography library. Your information is not sent over the network, in order to ensure your private key and JWT remain confidential. +
    +
    +

    + You need internet access to use this tool’s cryptography. However, your information is not sent over the network to ensure your private key and JWT remain confidential. +

    +
    +
    -1. Please input your Private Key. -2. Please input your Client Token. -3. Please input your Public Key ID +1. Input your Private Key. +2. Input your Client Token. +3. Input your Public Key ID. * This ID can be found under the "Public Keys” section in your DPC Portal. ![Public Key Id - The public key id is found underneath the key's label.](/assets/images/guide_public_key_id.svg) -4. Click "Generate JWT" -5. Copy "Your JWT" to begin validation for DPC +4. Click "Generate JWT". +5. Copy "Your JWT" to begin validation for DPC. + +Complete the following steps to generate your own JWT. +1. Generate your JWT payload. +~~~ +{ + “iss”: {client_token}, + “sub”: {client_token}, + “aud”: "https://sandbox.dpc.cms.gov/api/v1/Token/auth", + “exp”: {current datetime + 5 minutes}, + “jti”: {JWT_unique_id} +} +~~~ +2. Generate your JWT header. +~~~ +{ + "alg": "RS384", + “kid”: “{public_key_id}” +} +~~~ +3. Sign your JWT with your header and private key. -### Validate a JSON Web Token for DPC +### Validate a JSON web token for DPC The DPC API supports a /Token/validate endpoint, which allows you to submit your signed JWT for DPC validation. If the fields do not contain the required requests, the response will return an error message with details as to which claims or values on the JWT are missing or incorrect.

    - This method DOES NOT validate the JWT signature, public key or client tokens, it merely verifies the necessary elements are present in the JWT entity. + This method DOES NOT validate the JWT signature, public key, or client tokens. It merely verifies that the necessary elements are present in the JWT entity.

    @@ -426,7 +446,7 @@ POST /api/v1/Token/validate -d "{Signed JWT}" #### Response: -The response from the API will return with a HTTP 200 if the JWT is valid, otherwise an error message will be returned. +The response from the API will return with a HTTP 200 if the JWT is valid; otherwise, an error message will be returned. ## Step Five: Access/Bearer Token @@ -435,12 +455,9 @@ The response from the API will return with a HTTP 200 if the JWT is valid, other Obtaining an access token is the final step in connecting to the DPC API. **The access token must be set in the Authorization header in EVERY API request and has a maximum expiration time of 5 MINUTES.** -Example Header: +Example header: 
    Authorization: Bearer {access_token}
    -### Prerequisites: -- A valid JSON Web Token (JWT) - ### Obtain an access_token In order to receive an access token, the valid JWT must be submitted to the /Token/auth endpoint via a POST request. The POST request body is encoded as application/x-www-form-urlencoded. @@ -481,12 +498,6 @@ In order to receive an access token, the valid JWT must be submitted to the /Tok
    -The endpoint response will be a JSON object, which contains: - -1. Your access_token -2. The lifetime of your token (in seconds) -3. Authorized system scopes - #### Request: ~~~ @@ -516,19 +527,19 @@ The endpoint response is a JSON object which contains the access token, the life

    - Your access token and JWT will expire every five minutes. + Your JWT must contain an expiration of five minutes.

    -You can create multiple access tokens with the same valid JWT. However, once your access token expires, you will likely need to generate a new JWT using the JWT Tool to refresh your access token. +You can create multiple access tokens with the same valid JWT. However, once your access token expires, you will likely need to generate a new JWT using the JWT Tool or create your own JWT to refresh your access token. ### Obtain a bearer_token -To obtain your bearer_token, set your access_token returned in the previous step as your bearer_token. You will need to set the "{access_token value}" from the previous response as a header in most of your API calls preceded by the word Bearer and a space. +To obtain your bearer_token, set your access_token returned in the previous section as your bearer_token. You will need to set the "{access_token value}" from the previous response as a header in most of your API calls preceded by the word *Bearer* and a space. As access tokens expire, you will need to generate new tokens. You will not need to create new JWT’s to create a new access token, unless you are making a call with a different client token or public key. -### Sample Javascript Code to create a JWT and obtain an Access Token +### Sample JavaScript code to create a JWT and obtain an access token 
    const jsrsasign = require('jsrsasign')
 const fetch = require('node-fetch')
@@ -587,31 +598,31 @@ fetch('https://sandbox.dpc.cms.gov/api/v1/Token/auth', {
 
 # Attestation & Attribution
 ------------------
-Before accessing Patient data, DPC must establish that you have a valid Patient-Practitioner relationship with CMS Medicare and Medicaid Beneficiaries.  This process is referred to as Attestation/Attribution in the DPC API.
+Before accessing patient data, DPC must establish that you have a valid patient-practitioner relationship with CMS Medicare and Medicaid Beneficiaries. This process is referred to as Attestation/Attribution in the DPC API.
 
-You will need to register Practitioners in your Organization, register Patients in your care, and attribute Patients to the Practitioners treating them. You must also keep these attributions up-to-date by submitting an attestation that  testifies these relationships are valid with each submission.
+You will need to register practitioners in your organization, register patients in your care, and attribute patients to the practitioners treating them. You must also keep these attributions up-to-date by submitting an attestation that testifies these relationships are valid with each submission.
 
 
    
   
    
     
    
-      The DPC sandbox environment does not contain any preloaded test data.
+      The DPC Sandbox Environment does not contain any preloaded test data.
     
    
   
    
 
    
 
-## Load Sample Data
-The DPC team has created a collection of sample Practitioner, Patient, and Group resources which can be used to get started in the sandbox environment. These Resources can be found in our public [GitHub repository](https://github.com/CMSgov/dpc-app/tree/master/src/main/resources) as JSON files. More details included in this [README](https://github.com/CMSgov/dpc-app/blob/master/src/main/resources/README.md) file.
+## Load sample data
+The DPC Team has created a collection of sample Practitioner, Patient, and Group Resources which can be used to get started in the sandbox environment. These resources can be found in our public GitHub repository as JSON files. More details included in this README file.
 
-**Uploading Practitioners:** We have included 4 Practitioner Resources that represent fictitious Practitioners that you can add to your Organization.
+**Uploading Practitioners:** We have included four Practitioner Resources that represent fictitious practitioners that you can add to your organization.
 
-**Uploading Patients:** The Beneficiary FHIR Data Server (BFD) maintains a list of 101 Patients, along with their MBIs, that can be used for matching existing synthetic data in the sandbox environment. More details and the corresponding data files can be found on the Blue Button 2.0 API’s documentation under [Sample Beneficiaries](https://bluebutton.cms.gov/developers/#sample-beneficiaries).
+**Uploading Patients:** The Beneficiary FHIR Data Server (BFD) maintains a list of 101 patients, along with their MBIs, that can be used for matching existing synthetic data in the sandbox environment. More details and the corresponding data files can be found on the Blue Button 2.0 API’s documentation under Sample Beneficiaries.
 
-_Users can provide their own sample FHIR resources that fulfill the required FHIR profiles to DPC, but will need to ensure that all Patient resources have a Medicare Beneficiary Identifier (MBI) that matches a record in the Beneficiary FHIR Data Server (BFD)._
+_Users can provide their own sample FHIR resources that fulfill the required FHIR profiles to DPC, but will need to ensure that all Patient Resources have a Medicare Beneficiary Identifier (MBI) that matches a record in BFD._
 
 ### Find Organization ID
-You will need your organization ID to create an Attribution Group for Attestation. The Organization endpoint supports a GET /Organization operation, which allows the user to retrieve their Organization ID.
+You will need your Organization ID to create an Attribution Group for Attestation. The Organization endpoint supports a GET /Organization operation, which allows the user to retrieve their Organization ID.
 
-To find your Organization ID, sign-in to your account in the DPC Portal and locate your Organization ID underneath the organization name. You can also make a request to `/Organization` via the API and retrieve your Organization ID from the response.
+To find your Organization ID, sign-in to your account in the DPC Portal and locate your Organization ID underneath the Organization name. You can also make a request to `/Organization` via the sandbox API and retrieve your Organization ID from the response.
 
 ![Dashboard Org Id](/assets/images/guide_org_id.png)
 
@@ -626,7 +637,7 @@ Accept: application/fhir+json
 Prefer: respond-async
    -#### cURL Command +#### cURL command 
    curl -v https://sandbox.dpc.cms.gov/api/v1/Organization
      -H 'Authorization: Bearer {access_token}'
      -H 'Accept: application/fhir+json' \
@@ -675,7 +686,7 @@ Prefer: respond-async
 }
    -It is still possible to retrieve your organization using `/Organization/{id}`, in which case you will receive a single Resource instead of a Bundle. +It is still possible to retrieve your organization using `/Organization/{id}`, in which case you will receive a single resource instead of a bundle. #### Request: @@ -688,7 +699,7 @@ Accept: application/fhir+json Prefer: respond-async -#### cURL Command +#### cURL command 
    curl -v https://sandbox.dpc.cms.gov/api/v1/Organization/{id}
      -H 'Authorization: Bearer {access_token}' \
      -H 'Accept: application/fhir+json' \
@@ -735,28 +746,21 @@ Prefer: respond-async
 ## Practitioners
 
 
-Add a Practitioner
    
-Add Multiple Practitioners
    
-List all Practitioners
    
-List a specific Practitioner
+Add a practitioner
    
+Add multiple practitioners
    
+List all practitioners
    
+List a specific practitioner
 
-Every organization is required to keep a list of [Practitioner](https://dpc.cms.gov/ig/StructureDefinition-dpc-profile-practitioner.html) Resources who are authorized to have access to DPC data. The DPC Team has included four Practitioner Resources that represent fictitious Practitioners that can be added to your Organization.
+Every organization is required to keep a list of Practitioner Resources who are authorized to have access to DPC data. The DPC Team has included four Practitioner Resources that represent fictitious practitioners that can be added to your organization.
 
-### Prerequisites:
-- A registered account in the DPC Portal
-- Access to the API: active Bearer {access_token}
-- Practitioner information:
-    - First and Last Name
-    - Type 1 National Provider Identifier (NPI)
+### Add a practitioner
+To register a practitioner at your organization, you must send a FHIR-formatted Practitioner Resource as the BODY of your request. Do not use encoding (raw) when uploading via a POST request to the /Practitioner endpoint.
 
-### Add a Practitioner
-To register a Practitioner at your Organization, you must send a FHIR-formatted [Practitioner](https://dpc.cms.gov/ig/StructureDefinition-dpc-profile-practitioner.html) Resource as the BODY of your request. Please use no encoding (raw) when uploading via a POST request to the /Practitioner endpoint.
+The Practitioner Resource may include additional attributes detailed in the FHIR Implementation Guide within DPC Practitioner Profile, but at a minimum must include the practitioner’s:
 
-The Practitioner Resource may include additional attributes detailed in the FHIR Implementation Guide within [DPC Practitioner Profile](https://dpc.cms.gov/ig/StructureDefinition-dpc-profile-practitioner.html), but at a minimum must include the Practitioner’s:
-
-  - First and Last Name
+  - First and last name
   - Type 1 National Provider Identifier (NPI)
-
+    - Note: If an existing practitioner is found with the same NPI, the `/practitioner` endpoint will return that same practitioner and not return a new one.
 #### Request:
 
 ~~~
@@ -773,12 +777,12 @@ POST /api/v1/Practitioner
      -d @practitioner.json
    ### Add Multiple Practitioners -The Practitioner endpoint supports a $submit operation, which allows you to upload a Bundle of resources for registration in a single batch operation. +The Practitioner endpoint supports a $submit operation, which allows you to upload a bundle of resources for registration in a single batch operation. -Each individual Practitioner Resource in your Bundle must satisfy the requirements on how to add a [Practitioner Resource](#add-a-practitioner), otherwise a 422-Unprocessable Entity error will be returned. +Each individual Practitioner Resource in your bundle must satisfy the requirements on how to add a [Practitioner Resource](#add-a-practitioner); otherwise, a 422-Unprocessable Entity error will be returned.
    - Sample practitoner_bundle.json + Sample practitoner_bundle.json
    #### Request: @@ -797,8 +801,8 @@ POST /api/v1/Practitioner/$submit -d @practitioner_bundle.json -### List all Practitioners -The Practitioner endpoint supports a GET /Practitioner operation, which allows you to retrieve a [Bundle](https://www.hl7.org/fhir/STU3/bundle.html) of Practitioner resources. You will need to retrieve a Practitioner’s NPI when you get to the Attribution section. +### List all practitioners +The Practitioner endpoint supports a GET /Practitioner operation, which allows you to retrieve a bundle of Practitioner Resources. You will need to retrieve a Practitioner’s NPI when you get to the Attribution section. #### Request: @@ -814,8 +818,8 @@ GET /api/v1/Practitioner -H 'Content-Type: application/fhir+json' \ -X GET -### List a specific Practitioner -The Practitioner endpoint also supports a GET /Practitioner operation where you can supply an NPI number and receive the Practitioner resource. You will use this to identify a Practitioners’ system ID based off of an NPI when adding a Patient and/or creating a Group. +### List a specific practitioner +The Practitioner endpoint also supports a GET /Practitioner operation where you can supply an NPI number and receive the Practitioner Resource. You will use this to identify a Practitioners’ DPC ID based off of an NPI when adding a practitioner and/or creating a group. #### Request: @@ -869,34 +873,26 @@ The Practitioner endpoint also supports a GET /Practitioner operation where you ## Patients -Add a Patient
    -Add Multiple Patients
    -List all Patients
    -List a specific Patient +Add a patient
    +Add multiple patients
    +List all patients
    +List a specific patient Every organization is required to maintain a list of patients which represent the patient population currently being treated at your facilities. -Since there is not any preloaded data in DPC’s sandbox, The Beneficiary FHIR Data Server (BFD) maintains a list of 101 Patients, along with their MBIs, that can be used for matching existing synthetic data in the sandbox environment. More details and the corresponding data files can be found on the Blue Button 2.0 API’s documentation under [Sample Beneficiaries](https://bluebutton.cms.gov/developers/#sample-beneficiaries). - -### Prerequisites: -- A registered account in the DPC Portal -- Access to the API: active Bearer {access_token} -- Patient information: - - First and last name - - Birth date in YY-MM-DD format - - Medicare Beneficiary Identifier (MBI) - - Managing Organization ID - - System ID +Since there is not any preloaded data in DPC’s sandbox, the Beneficiary FHIR Data Server (BFD) maintains a list of 101 Patients, along with their MBIs, that can be used for matching existing synthetic data in the sandbox environment. More details and the corresponding data files can be found on the Blue Button 2.0 API’s documentation under Sample Beneficiaries. -### Add a Patient -To register a Patient at your Organization, you must create a [Patient](https://dpc.cms.gov/ig/StructureDefinition-dpc-profile-patient.html) Resource as a JSON file in FHIR format. The JSON file must be in the BODY of your request with no encoding (raw) when uploading via a POST request to the /Patient endpoint. +### Add a patient +To register a patient at your organization, you must create a Patient Resource as a JSON file in FHIR format. The JSON file must be in the BODY of your request with no encoding (raw) when uploading via a POST request to the /Patient endpoint. -To create the Patient Resource, the JSON file may include additional attributes detailed in the FHIR Implementation Guide within the [DPC Practitioner Profile](https://dpc.cms.gov/ig/StructureDefinition-dpc-profile-patient.html), but at a minimum must include the Patient’s: +To create the Patient Resource, the JSON file may include additional attributes detailed in the FHIR Implementation Guide within the DPC Practitioner Profile, but at a minimum must include the patient’s: - First and last name - Birth date in YYYY-MM-DD +- Gender - Medicare Beneficiary Identifier (MBI) - - identifier: + - Note: If an existing patient is found with the same MBI, the /patient endpoint will return that same patient and not return a new one. + - For example: ~~~ { @@ -904,22 +900,19 @@ To create the Patient Resource, the JSON file may include additional attributes value: 'Value of the MBI number' } ~~~ - -- Managing Organization ID: - + OR ~~~ - "managingOrganization": { - "reference": "Organization/{ID}" + { + "system": "http://hl7.org/fhir/sid/us-mbi", +    "value": "Value of the MBI number" } ~~~ -- System ID: - - This can be found by listing all patients or finding a specific patient by their MBI. +- Managing Organization ID: ~~~ - "resource": { - "resourceType": "Patient", - "id": "728b270d-d7de-4143-82fe-d3ccd92cebe4" + "managingOrganization": { + "reference": "Organization/{ID}" } ~~~ @@ -992,13 +985,13 @@ POST /api/v1/Patient } ~~~ -### Add Multiple Patients -The Patient endpoint supports a $submit operation, which allows you to upload a Bundle of resources for registration in a single batch operation. - -Each Patient Resource in your Bundle may include additional attributes detailed in the FHIR Implementation Guide within the [DPC Patient Profile](https://dpc.cms.gov/ig/StructureDefinition-dpc-profile-patient.html), but at a minimum must satisfy the requirements on how to add a [Patient Resource](#add-a-patient), otherwise a 422 - Unprocessable Entity error will be returned. +### Add multiple patients +The Patient endpoint supports a $submit operation, which allows you to upload a bundle of resources for registration in a single batch operation. + +Each Patient Resource in your bundle may include additional attributes detailed in the FHIR Implementation Guide within the DPC Patient Profile, but at a minimum must satisfy the requirements on how to add a [Patient Resource](#add-a-patient); otherwise, a 422 - Unprocessable Entity error will be returned.
    - Sample patient_bundle.json + Sample patient_bundle.json
    #### Request: @@ -1016,8 +1009,8 @@ POST /api/v1/Patient/$submit -X POST \ -d @patient_bundle.json -### List all Patients -The Patient endpoint supports a GET /Patient operation, which allows you to retrieve a Bundle of Patient Resources. You will need to retrieve the system ID of patients when you get to the Attribution section. +### List all patients +The Patient endpoint supports a GET /Patient operation, which allows you to retrieve a bundle of Patient Resources. You will need to retrieve the DPC ID of patients when you get to the Attribution section. #### Request: @@ -1033,8 +1026,8 @@ GET /api/v1/Patient -H 'Content-Type: application/fhir+json' \ -X GET -### List a specific Patient -The Patient endpoint also supports a GET /Patient operation where you can supply the Patient MBI and receive the Patient Resource. You may use this to identify a Patient’s system ID based off of an MBI. +### List a specific patient +The Patient endpoint also supports a GET /Patient operation where you can supply the Patient MBI and receive the Patient Resource. You may use this to identify a Patient’s DPC ID based off of an MBI. #### Request: 
    GET /api/v1/Patient?identifier={{Patient MBI}}
    @@ -1091,28 +1084,23 @@ The Patient endpoint also supports a GET /Patient operation where you can supply ## Attestation -Create an Attestation +Create an attestation -CMS requires Practitioners to attest that they have a treatment related purpose for adding a patient to their Group each time they make a Group addition. This is accomplished by submitting an attestation with every request. Attestations are posted as a [Provenance](https://www.hl7.org/fhir/provenance.html) Resource via the X-Provenance header, as outlined in the [FHIR specification](https://www.hl7.org/fhir/implementationguide.html). +CMS requires practitioners to attest that they have a treatment related purpose for adding a patient to their group each time they make a group addition. This is accomplished by submitting an attestation with every request. Attestations are posted as a Provenance Resource via the X-Provenance header, as outlined in the FHIR specification. -**Prerequisites:** -- Access to the API: active Bearer {access_token} -- At least one registered Practitioner -- At least one registered Patient - -### Create an Attestation -Details on Provenance resources are given in the [FHIR implementation guide](https://www.hl7.org/fhir/implementationguide.html), but at a minimum, each attestation must include: +### Create an attestation +Details on Provenance Resources are given in the FHIR implementation guide, but at a minimum, each attestation must include: - **Timestamp:** Time when attestation was made. - **Reason:** Reason for the attestation (currently only: http://hl7.org/fhir/v3/ActReason#TREAT is supported). - **Organization ID:** The agent making the attestation referenced by their Organization Resource ID. - - _Your Organization ID can be found by referencing the {id} variable in the resource object of your Practitioner._ + - _Your Organization ID can be found by referencing the {id} variable in the resource object of your practitioner._ - **Practitioner ID:** The practitioner attached to the attestation referenced by their Practitioner ID. - - _Your Practitioner ID can be found by referencing the {id} variable in the resource object of your Practitioner._ + - _Your Practitioner ID can be found by referencing the {id} variable in the resource object of your practitioner._ -The attestation is then included in the X-Provenance header as part of any operations which add patients to the Group resource. +The attestation is then included in the X-Provenance header as part of any operations which add patients to the Group Resource. -### Example Attestation for X-Provenance header +### Example attestation for X-Provenance header ~~~ { @@ -1154,48 +1142,45 @@ The attestation is then included in the X-Provenance header as part of any opera ## Groups (Attribution) -Create a Group
    -Update a Group
    -Add Patients to Group
    -Overwrite a Group Membership
    -Locate your Group.id - -Once the Practitioner, Patient, and Provenance (Attestation) resources have been created, the final step is to link a list of registered Patients to a registered Practitioner in what is called an Attribution Roster. This is done by creating a Group resource. +Create a group
    +Update a group
    +Add patients to group
    +delete a group
    +Removing patients from a group
    +Overwrite a group membership
    +Locate your group.id -**Prerequisites:** -- A registered account in the DPC Portal -- At least one Patient in your Organization -- At least one Practitioner in your Organization +Once the Practitioner, Patient, and Provenance (Attestation) Resources have been created, the final step is to link a list of registered patients to a registered practitioner in what is called an Attribution Roster. This is done by creating a Group Resource. -### Create a Group -To link a list of registered Patients to a registered Practitioner, you must create a Group Resource by creating a JSON file with a list of patients and a single Practitioner to be attributed to. Upload this JSON file via a POST request to the /Group endpoint. +### Create a group +To link a list of registered patients to a registered practitioner, you must create a Group Resource by creating a JSON file with a list of patients and a single practitioner to be attributed to. Upload this JSON file via a POST request to the /Group endpoint. -Additional details on Provenance Resource can be found in DPC’s implementation guide but, at a minimum, each Attribution Group resource must include: +Additional details on Provenance Resource can be found in DPC’s Implementation Guide but, at a minimum, each Attribution Group Resource must include: - **The Practitioner’s NPI** which patients are being attributed to. -- **The system ID of the Patient(s)** that are members of the Group. This value is the alphanumeric system ID of the Patient Resource in DPC. It is a UUID. +- **The DPC ID of the patient(s)** that are members of the group. This value is the alphanumeric DPC ID of the Patient Resource in DPC. It is a UUID.

    - Parameter and Bundle Resources are NOT to be used when adding, updating, or overwriting Groups. + Parameter and Bundle Resources are NOT to be used when adding, updating, or overwriting groups.

    -The Group response returned by DPC includes additional “period” and “inactive” elements for each Patient. These indicate the time period for which the Patient has an active relationship with the Practitioner, or, if the relationship has expired, the time period for which the Patient was active. +The group response returned by DPC includes additional “period” and “inactive” elements for each patient. These indicate the time period for which the patient has an active relationship with the practitioner, or, if the relationship has expired, the time period for which the patient was active.

    - Attribution Groups must be updated every 90 days! + Attribution groups must be updated every 90 days!

    -Practitioners at your organization must update their Provenance (Attestation) and Group Resources by re-attributing the Patient to the Practitioner’s Group every 90 days. +Practitioners at your organization must update their Provenance (Attestation) and Group Resources by re-attributing the patient to the practitioner’s group every 90 days. -When an attribution relationship between a Patient and Practitioner has expired, either due to exceeding the 90 day threshold or being manually removed, the patient’s “inactive” flag will be set to “true.” Patients who are attributed to a Practitioner, but have their inactive flag set to true, will NOT be included in Bulk Data exports. +When an attribution relationship between a patient and practitioner has expired, either due to exceeding the 90-day threshold or being manually removed, the patient’s “inactive” flag will be set to “true”. Patients who are attributed to a practitioner, but have their inactive flag set to true, will NOT be included in bulk data exports. #### Request: @@ -1254,13 +1239,13 @@ POST /api/v1/Group } ~~~ -### Update a Group +### Update a group -Patient/Practitioner relationships automatically expire after 90 days and must be re-attested by the Practitioner. This is accomplished by re-attributing the Patient to the Practitioner’s Group. +Patient/practitioner relationships automatically expire after 90 days and must be re-attested by the practitioner. This is accomplished by re-attributing the patient to the practitioner’s group. -### Identifying Expired Patients +### Identifying expired patients -After 90 days, patient attributions expire and must be renewed. You can identify these patients through a GET request to the /Group endpoint. This will return a JSON file with all the patients attributed to the Group. Evaluate this JSON for patients with attribution dates greater than 90 days. +After 90 days, patient attributions expire and must be renewed. You can identify these patients through a GET request to the /Group endpoint. This will return a JSON file with all the patients attributed to the group. Evaluate this JSON for patients with attribution dates greater than 90 days. #### Request @@ -1308,9 +1293,9 @@ After 90 days, patient attributions expire and must be renewed. You can identify } ~~~ -### Add Patients to Group +### Add patients to group -Additions are handled through a custom $add operation on the /Group endpoint. This takes the members listed into a given resource and adds them to the existing Group. +Additions are handled through a custom $add operation on the /Group endpoint. This takes the members listed into a given resource and adds them to the existing group. #### Request: 
    POST /api/v1/Group/{Group.id}/$add
    @@ -1350,8 +1335,26 @@ Additions are handled through a custom $add operation on the /Group endpoint. Th ] ~~~ -### Removing Patients from a Group -Removals are handled through a custom remove operation on the /Group endpoint. This takes the members listed into a given resource and removes them from the existing Group. +### Delete a group +You may want to delete a group if you no longer require data for the patients within the group. This can be done by sending a DELETE request to the /Group endpoint using the unique ID of the group. + +Group IDs can be found either at creation or as the result of [locating your Group ID](#locate-your-groupid). + +#### Request: +
    api/v1/Group?characteristic-value=attributed-to${Group.id}
    + +#### cURL command: +
    curl -v https://sandbox.dpc.cms.gov/api/v1/Group?characteristic-value=attributed-to${Group ID} \
+     -H 'Authorization: Bearer {access_token}' \
+     -H 'Accept: application/json' \
+     -H 'Content-Type: application/json' \
+     -X DELETE
    + +### Reponse: +
    200 - Group was removed
    + +### Removing patients from a group +Removals are handled through a custom remove operation on the /Group endpoint. This takes the members listed into a given resource and removes them from the existing group.
    @@ -1407,8 +1410,8 @@ Removals are handled through a custom remove operation on the /Group endpoint. T } ~~~ -### Overwrite a Group Membership -Users can also submit a Group resource which completely overwrites the existing Group. This results in the current group membership being completely overwritten with the members listed in the given resource. +### Overwrite a group membership +Users can also submit a Group Resource which completely overwrites the existing group. This results in the current group membership being completely overwritten with the members listed in the given resource.
    @@ -1472,15 +1475,15 @@ Users can also submit a Group resource which completely overwrites the existing ### Locate your Group.id You may only pull data for one practitioner’s roster at a time. -You can do this by sending a GET request to the Group endpoint to retrieve the [Attribution Group](https://hl7.org/fhir/STU3/group.html) of the Practitioner. Use the Practitioners’ [National Provider Identity (NPI)](https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/NationalProvIdentStand/) number as a parameter in this request. +You can do this by sending a GET request to the Group endpoint to retrieve the Attribution Group of the practitioner. Use the practitioners’ National Provider Identity (NPI) number as a parameter in this request.
    -

    DPC supports the standard FHIR search protocol. Searching for Patients associated with a given Practitioner makes use of composite search parameters.

    +

    DPC supports the standard FHIR search protocol. Searching for patients associated with a given practitioner makes use of composite search parameters.

    -The response will return a [Bundle](https://www.hl7.org/fhir/STU3/bundle.html) resource which contains the attribution groups for the given Practitioner. **You can use the Group.id value of the returned resources to initiate an export job.** Your Group ID can be found by referencing the {id} variable in the resource object of your Group. +The response will return a Bundle Resource which contains the Attribution Groups for the given practitioner. **You can use the Group.id value of the returned resources to initiate an export job.** Your Group ID can be found by referencing the {id} variable in the resource object of your group. **Example:** @@ -1553,15 +1556,10 @@ The response will return a [Bundle](https://www.hl7.org/fhir/STU3/bundle.html) r # Export Data ------------ -The primary interaction with the DPC pilot API is via the FHIR /Group/$export operation.This allows an organization to export Patient. Coverage, and Explanation of Benefit data in an asynchronous and bulk manner. Details on the FHIR bulk data operations can be found in the [FHIR Bulk Data Specification](https://build.fhir.org/ig/HL7/bulk-data/OperationDefinition-group-export.html). - -**Prerequisites:** -- Completion of the Authorization section -- Access to the API: active Bearer {access_token} -- Completion of the Attestation & Attribution section +The primary interaction with the DPC pilot API is via the FHIR /Group/$export operation. This allows an organization to export Patient, Coverage, and Explanation of Benefit data in an asynchronous and bulk manner. Details on the FHIR bulk data operations can be found in the FHIR Bulk Data Specification. ## Initiate an export job -In order to start a Patient data export job, you will need to locate your Group.id. Locate your Group.id by referencing the {id} variable in the resource object of your Group. +In order to start a patient data export job, you will need to locate your Group.id. Locate your Group.id by referencing the {id} variable in the resource object of your group. **Example:** @@ -1574,7 +1572,7 @@ In order to start a Patient data export job, you will need to locate your Group. Next, make a GET request to the /Group/$export endpoint with three required headers: an access token, an Accept header, and a Prefer header. -The dollar sign (‘$’) before the word “export” in the URL indicates that the endpoint is an action rather than a resource. The format is defined by the [FHIR Bulk Data Specification](https://build.fhir.org/ig/HL7/bulk-data/OperationDefinition-group-export.html). +The dollar sign (‘$’) before the word “export” in the URL indicates that the endpoint is an action rather than a resource. The format is defined by the FHIR Bulk Data Specification. ### Request: @@ -1588,20 +1586,20 @@ The dollar sign (‘$’) before the word “export” in the URL indicates that -H 'Prefer: respond-async' ### Response: -If the request was successful, a 202 Accepted response code will be returned with a Content-Location header. The value of this header indicates the location to monitor your job status and outcomes. The value of the header also contains the Export Job ID of the Job. There is no BODY to the Response, only headers. +If the request was successful, a 202 Accepted response code will be returned with a Content-Location header. The value of this header indicates the location to monitor your job status and outcomes. The value of the header also contains the Export Job ID of the Job. There is no BODY to the response, only headers. **Example:** 
    Content-Location: https://sandbox.dpc.cms.gov/api/v1/Jobs/{unique ID of export job}
    -## Specify which Resources to Download -The _type query parameter allows you to specify which FHIR resources you wish to export. If you do not specify a _type parameter in your request, all three resources will be exported. Currently, DPC makes Explanation of Benefit, Patient, and Coverage resources available, which can be specified individually or as a group using a comma delimited list and the syntax `?_type=ExplanationOfBenefit,Patient,Coverage`. +## Specify which resources to download +The _type query parameter allows you to specify which FHIR resources you wish to export. If you do not specify a _type parameter in your request, all three resources will be exported. Currently, DPC makes Explanation of Benefit, Patient, and Coverage Resources available, which can be specified individually or as a group using a comma delimited list and the syntax `?_type=ExplanationOfBenefit,Patient,Coverage`. -The following request will export the Patient and Coverage esources, but NOT the Explanation of Benefit Resource. +The following request will export the Patient and Coverage Resources, but NOT the Explanation of Benefit Resource. ### Request: 
    GET /api/v1/Group/{attribution group ID}/$export?_type=Patient,Coverage
    -The following request, by contrast, will export the Explanation of Benefit resource, but NOT the Patient or Coverage resources. +The following request, by contrast, will export the Explanation of Benefit Resource, but NOT the Patient or Coverage Resources. ### Request: 
    GET /api/v1/Group/{attribution group ID}/$export?_type=ExplanationOfBenefit
    @@ -1624,21 +1622,21 @@ You can filter data using the _since parameter with either the /Patient or /Grou **You can make two types of filtered requests for data:** -1. Request the most recent data for all beneficiaries: [Use _since within the /Group endpoint](#requesting-data-using-_since-with-the-group-endpoint) -2. Request data synchronously for an individual patient: [Use _since within the /Patient endpoint](#requesting-data-using-_since-with-the-patient-endpoint) +1. Request the most recent data for all beneficiaries: [Use _since within the /Group endpoint](#requesting-data-using-_since-with-the-group-endpoint). +2. Request data synchronously for an individual patient: [Use _since within the /Patient endpoint](#requesting-data-using-_since-with-the-patient-endpoint). ### Steps Each request will follow the same four-step process as an unfiltered request: -1. Obtain an access token -2. Start a job to acquire data (you will input the _since parameter here) -3. Check the job status -4. Download the data +1. Obtain an access token. +2. Start a job to acquire data (you will input the _since parameter here). +3. Check the job status. +4. Download the data. -The only difference appears in the request of Step 2: Start a job to acquire data. We show examples of this step below. +The only difference appears in the request of step 2: "start a job to acquire data". We show examples of this step below. -**Dates and times submitted in _since must be listed in the FHIR [Instant](https://www.hl7.org/fhir/datatypes.html#instant) format** (YYYY-MM-DDThh:mm:sss[-/+]zz:zz). +**Dates and times submitted in _since must be listed in the FHIR Instant format** (YYYY-MM-DDThh:mm:sss[-/+]zz:zz). * Sample Date: February 20, 2020 12:00 PM EST * Instant Format: YYYY-MM-DDThh:mm:sss[-/+]zz:zz @@ -1655,45 +1653,45 @@ The only difference appears in the request of Step 2: Start a job to acquire dat
    -![alt](/assets/images/since-example.png) +alt An access token as well as Accept and Prefer headers are required for the Group/{id}all/$export. -The Prefer header is NOT required for /Patient/{id}/$everything, but it DOES require an X-Provenance header whereas the /Group/{id}/$export endpoint does not. The format is defined by the FHIR Bulk Data Export spec. Consult the [FHIR Datatypes](https://www.hl7.org/fhir/datatypes.html#instant) page for more information. +The Prefer header is NOT required for /Patient/{id}/$everything, but it DOES require an X-Provenance header whereas the /Group/{id}/$export endpoint does not. The format is defined by the FHIR Bulk Data Export spec. Consult the FHIR Datatypes page for more information.

    Be wary of requesting data from before 02-12-2020

    - Due to limitations in the Beneficiary FHIR Data (BFD) Server, data from before 02-12-2020 is marked with the arbitrary lastUpdated date of 01-01-2020. If you input dates between 01-01-2020 and 02-11-2020 in the _since parameter, you will receive all historical data for your beneficiaries. Data loads from 02-12-2020 onwards have been marked with accurate dates. + Due to limitations in the Beneficiary FHIR Data (BFD) Server, data from before 02-12-2020 is marked with the arbitrary lastUpdated date of 01-01-2020. If you input dates between 01-01-2020 and 02-11-2020 in the _since parameter, you will receive all historical data for your beneficiaries. Data loads from 02-12-2020 onwards have been marked with accurate dates.

    ## Requesting data using _since with the /Group endpoint -### Request to Start a job using the _since parameter within the /Group endpoint +### Request to start a job using the _since parameter within the /Group endpoint 
    GET /api/v1/Group/{id}/$export?_type=Patient&_since=2020-02-13T08:00:00.000-05:00
    -#### Request Headers: +#### Request headers: 
    Authorization: Bearer {access_token}
 Accept: application/fhir+json
 Prefer: respond-async
    -#### cURL Command using the _since parameter within the /Group endpoint: +#### cURL command using the _since parameter within the /Group endpoint: 
    curl -X GET 'https://sandbox.dpc.cms.gov/api/v1/Group/{id}/$export?_since=2021-05-13T08:00:00.000-05:00' \
 	-H "Accept: application/fhir+json" \
 	-H "Prefer: respond-async" \
 	-H "Authorization: Bearer {access token}
    -#### Response Example: Successful Request +#### Response example: successful request 
    202 Accepted
    -This operation will start a job for filtered data for existing beneficiaries since 8PM EST on May 13th, 2021 and will include all 7 years of historical data for all patients in the Group who have a `lastUpdated` date that falls after the `_since` date. In the example, we request the Patient resource type. The steps and format would work similarly for other resource types. +This operation will start a job for filtered data for existing beneficiaries since 8PM EST on May 13th, 2021 and will include all seven years of historical data for all patients in the Group who have a `lastUpdated` date that falls after the `_since` date. In the example, we request the Patient Resource Type. The steps and format would work similarly for other resource types.
    If the request was successful, a 202 Accepted response code will be returned and the response will include a Content-Location header. @@ -1701,28 +1699,28 @@ If the request was successful, a 202 Accepted response code will be returned and ## Requesting data using _since with the /Patient endpoint -### Request data synchronously for an individual Patient using the _since parameter within the /Patient/{id}/$everything endpoint +### Request data synchronously for an individual patient using the _since parameter within the /Patient/{id}/$everything endpoint 
    GET /api/v1/Patient/{id}/$everything?_since=2020-02-13T08:00:00.000-05:00
    -#### Request Headers: +#### Request headers: 
    Authorization: Bearer {access_token}
 Accept: application/fhir+json
 X-Provenance: {provenance header}
    -#### cURL Command using the _since parameter within the /Patient endpoint: +#### cURL command using the _since parameter within the /Patient endpoint: 
    curl -X GET 'https://sandbox.dpc.cms.gov/api/v1/Patient/{id}/$everything?_since=2021-05-13T08:00:00.000-05:00' \
 	-H "Accept: application/fhir+json" \
 	-H "X-Provenance: {provenance header}" \
 	-H "Authorization: Bearer {access token}"
    -#### Response Example: Successful Request +#### Response example: successful request 
    200 Success
    -This operation will return all data for the specified Patient since the selected date: May 13, 2021. Notice that we are seeking data from the /Patient/{id}/$everything endpoint. This is a synchronous request for an individual Patient referenced by the internal ID (UUID) and would behave differently if it was made from the /Group endpoint as data is returned immediately. +This operation will return all data for the specified patient since the selected date: May 13, 2021. Notice that we are seeking data from the /Patient/{id}/$everything endpoint. This is a synchronous request for an individual patient referenced by the internal ID (UUID) and would behave differently if it was made from the /Group endpoint as data is returned immediately.
    If the request was successful, a 200 Success response code will be returned and the response will not include a Content-Location header. Instead, it contains the data in the body of the response. @@ -1778,12 +1776,12 @@ Claims data can be found at the URLs within the output field. The output includes file integrity information in an extension array. It contains https://dpc.cms.gov/checksum (a checksum in the format algorithm:checksum) and https://dpc.cms.gov/file_length (the file length in bytes). -The number 42 in the example data file URLs is the same job ID from the Content-Location header URL when you initiate an export job. If some of the data cannot be exported due to errors, details of the errors can be found at the URLs in the error field. The errors are provided in [NDJSON](http://ndjson.org/) files as FHIR [OperationOutcome](http://hl7.org/fhir/STU3/operationoutcome.html) resources. +The number 42 in the example data file URLs is the same job ID from the Content-Location header URL when you initiate an export job. If some of the data cannot be exported due to errors, details of the errors can be found at the URLs in the error field. The errors are provided in NDJSON files as FHIR OperationOutcome resources. ## Retrieve the NDJSON output file(s) -To obtain the exported explanation of benefit data, a GET request is made to the output URLs in the job status response when the job reaches the Completed state. The data will be presented as an [NDJSON](http://ndjson.org/) file of ExplanationOfBenefit resources. +To obtain the exported explanation of benefit data, a GET request is made to the output URLs in the job status response when the job reaches the Completed state. The data will be presented as an NDJSON file of ExplanationOfBenefit Resources.
    @@ -2064,32 +2062,23 @@ To obtain the exported explanation of benefit data, a GET request is made to the # Postman Collection -This collection contains example requests to public endpoints for the DPC API. To use this collection, you must have the Postman App downloaded onto your computer. Next, please obtain the prerequisites listed below and refer to the DPC User Guide for additional instructions. You will need these to successfully update the required values in your local Postman sandbox environment to make requests. - -**Prerequisites:** -- Download the [Postman App](https://www.postman.com/downloads/) -- A registered client token -- Your private key -- Your public key ID - -1. Please download the DPC Postman collection. This will include the collection of requests, the sandbox environment, and global variables to be imported into your Postman App. +This collection contains example requests to public endpoints for the DPC API. To use this collection, you must have the Postman App downloaded onto your computer. This will include the collection of requests, the sandbox environment, and global variables to be imported into your Postman App.
    - Postman Collection Download + Postman Collection Download
    -2. Select the environment (top right): Data at the Point of Care Sandbox -3. Please fill in the following values: - - client_token: Your [client token](#step-two-client-tokens) is generated through the DPC portal. Be sure to save a copy of your token in a safe place. - - PRIVATE_KEY: Paste the contents of your private key in the `PRIVATE_KEY` field of your local Postman sandbox environment. Do not share your private key otherwise. If you do not already have your public and private keys, please generate your [public/private](#step-three-public-keys) key pair through the DPC portal. - - key-id: This is the system id of your public key, which is returned to you when the public key is uploaded to the DPC portal. You need this to generate a JWT, which will be exchanged for an access token. - -With these 3 values in place, the JWT and a fresh access token are automatically generated for you before each request in this Postman collection to prevent you from having to manually refresh the access token every 5 minutes while using the collection. You may occasionally receive a 401 error message regarding invalid credentials. If this happens, please try your request a second time. +1. Select the environment (top right): Data at the Point of Care Sandbox +2. Please fill in the following values: + - client_token: Your [client token](#step-two-client-tokens) is generated through the DPC Portal. Be sure to save a copy of your token in a safe place. + - PRIVATE_KEY: Paste the contents of your private key in the `PRIVATE_KEY` field of your local Postman sandbox environment. Do not share your private key otherwise. If you do not already have your public and private keys, please generate your [public/private](#step-three-public-keys) key pair through the DPC Portal. + - key-id: This is the DPC ID of your public key, which is returned to you when the public key is uploaded to the DPC Portal. You need this to generate a JWT, which will be exchanged for an access token. +3. With these three values in place, the JWT and a fresh access token are automatically generated for you before each request in this Postman collection to prevent you from having to manually refresh the access token every five minutes while using the collection. You may occasionally receive a 401 error message regarding invalid credentials. If this happens, please try your request a second time. Additional instructions and details can be found within the description of each request in the Postman collection. These can be viewed by clicking the drop-down arrow next to each request title. ## Patient/$everything -Patient/{id}/$everything is an endpoint that allows users to retrieve all resources about a Patient using their DPC internal ID (UUID), represented as {id} in the request. Included in the resources will be the Patient, Coverage, and ExplanationOfBenefit resources for one patient’s historical data from the last seven years, combined into a Bundle. It is a synchronous download, so it differs from the Group $export operation in that it does not create a job that needs to be monitored or data files to download. The response body will contain the Bundle. +Patient/{id}/$everything is an endpoint that allows users to retrieve all resources about a patient using their DPC internal ID (UUID), represented as {id} in the request. Included in the resources will be the Patient, Coverage, and ExplanationOfBenefit Resources for one patient’s historical data from the last seven years, combined into a bundle. It is a synchronous download, so it differs from the Group $export operation in that it does not create a job that needs to be monitored or data files to download. The response body will contain the bundle. If you only have the Medicare Beneficiary Identifier (MBI) of the patient, you can retrieve the DPC internal ID by first making a GET request for that specific patient as the UUID is returned in that response. See [List a Specific Patient](#list-a-specific-patient) for details. @@ -2099,15 +2088,15 @@ This request requires an X-Provenance header for attestation ([see example](#exa Learn more about the HL7 FHIR Specification for: -[Operation Patient Everything (Release v4)](http://hl7.org/fhir/R4/operation-patient-everything.html) +Operation Patient Everything (Release v4) -[Operation Patient Everything (Release v3)](http://hl7.org/fhir/STU3/operation-patient-everything.html) +Operation Operation Patient Everything (Release v3) **Request** 
    GET /api/v1/Patient/{id}/$everything
    -**cURL Command** +**cURL command** 
    curl -v https://sandbox.dpc.cms.gov/api/v1/Patient/{id}/$everything
      -H 'Authorization: Bearer {access_token}' \
diff --git a/common/docsV2.md b/common/docsV2.md
index ccd95fd0..e0aa3431 100644
--- a/common/docsV2.md
+++ b/common/docsV2.md
@@ -2,7 +2,7 @@
 layout: page-sidenav
 title: DPC Documentation
 banner_title: Documentation
-permalink: /docsV2
+permalink: /docsV2.html
 id: docsV2
 button: Sign Up for Sandbox
 button_url: https://sandbox.dpc.cms.gov/users/sign_in
diff --git a/common/faq.html b/common/faq.html
index 7c860815..571d185b 100644
--- a/common/faq.html
+++ b/common/faq.html
@@ -3,7 +3,7 @@
 title: Frequently asked questions
 banner_title: Frequently asked questions
 description: Frequently asked questions about the Data at the Point of Care pilot
-permalink: /faq
+permalink: /faq.html
 id: faq
 button: DPC Google Group
 button_url: "https://groups.google.com/d/forum/dpc-api"
@@ -257,4 +257,18 @@ 
    
     
    
       Good news: our sandbox environment matches the production environment, and we'll roll out new functionality in sandbox before sending it into production. Even if you are not able to participate in the production pilot at this juncture, please continue to test in the sandbox environment with synthetic data. Your feedback through the Google Group is invaluable to our researchers and engineers as we all work together to shape the future of DPC.
     
    
+
+    
    
+      
+    
    
+    
    
+      Yes, you can inherit AWS’ HITRUST certification if your DPC solution meets the following requirements:
+      
      
+        
    1. The DPC solution is contained entirely within AWS Services that have received a HITRUST certification. See AWS' list of HITRUST-certified services under HITRUST CSF.
      2. 
+        
    2. The DPC solution applies the controls listed on the HITRUST website. You should download the AWS Custom HITRUST Shared Responsibility Matrix to determine which HITRUST controls AWS customers can inherit as part of the Shared Responsibility Model.
      3. 
+        
    3. You submit a valid and accepted External Inheritance request through the HITRUST website. Follow the instructions in the User Guide to do so.
      4. 
+      
    
+
    diff --git a/common/pilot.html b/common/pilot.html index 57bafbdd..ab5d3363 100644 --- a/common/pilot.html +++ b/common/pilot.html @@ -2,7 +2,7 @@ layout: page-sidenav title: About the Pilot banner_title: About the Pilot -permalink: /pilot +permalink: /pilot.html id: pilot button: Email DPC to Request Production Access button_url: mailto:DPCINFO@cms.hhs.gov @@ -12,11 +12,11 @@

    About the DPC Pilot

    - The Centers for Medicare and Medicaid Services (CMS) Data at the Point of Care (DPC) API is currently in a pilot phase in which a limited number of users can access Medicare Fee-For-Service claims data through the API once their solution has been approved for production. This pilot program promotes the industry-standard HL7 Fast Healthcare Interoperability Resources (FHIR), specifically the Bulk FHIR specification. + The Centers for Medicare & Medicaid Services (CMS) Data at the Point of Care (DPC) API is currently in a pilot phase in which a limited number of customers can access Medicare Fee-For-Service claims data through the API once their solution has been approved for production. This pilot program promotes the industry-standard HL7 Fast Healthcare Interoperability Resources (FHIR), specifically the Bulk FHIR specification.
    - Since the pilot is a learning experience for both CMS and users, participants in the pilot program may encounter breaking changes to code, iterations to regulations, and will be asked to participate in research sessions with CMS as the program continues to grow and evolve. + Since the pilot is a learning experience for both CMS and customers, participants in the pilot program may encounter breaking changes to code, iterations to regulations, and will be asked to participate in research sessions with CMS as the program continues to grow and evolve.
    @@ -29,60 +29,56 @@

    About the DPC Pilot

    If interested in implementing DPC on behalf of healthcare organizations, please begin by following the steps below.
    -

    1. Test the API

    - -
    - Health IT implementers are asked to test and develop a solution in the sandbox environment using synthetic data before applying for production credentials. -
    - - +

    Test the API

    1. - Review and agree to the Terms of Service. + Request access to the DPC Sandbox Environment through Sandbox Sign Up / Login.
    2. - Upload synthetic data from DPC’s public GitHub repository. More details included in this README file. + Upload synthetic data from DPC’s public GitHub repository. More details included in this README file.
    3. - Reference the following guides to get started: -
        -
      1. - DPC Documentation -
        2. -
      2. - HL7 FHIR Standards -
        3. -
      3. - BB2.0 Implementation Guide -
        4. -
      + Develop and test a solution in the sandbox environment using synthetic data. +
      4. +
    +Reference the following guides to get started: +
      +
    1. + DPC Documentation +
      2. +
    2. + HL7 FHIR Standards +
      3. +
    3. + BB2.0 Implementation Guide
    -

    2. Apply for Production Credentials

    +

    Apply for Production Credentials

    -After testing and developing a DPC solution in the sandbox environment: +After developing and testing a DPC solution in the sandbox environment, complete the steps below. -

    a. Join the Production Pilot Queue

    +

    1. Request to Join the Production Pilot Queue

    -When you're ready to request production access, please email the DPC team. You will receive a follow-up email from the DPC team when it is your turn to onboard. Depending on the backlog of organizations, this may mean that your organization will sit in the queue for a few weeks before it is your turn to onboard. +When you're ready to request production access, please email the DPC Team. You will receive a follow-up email from the DPC Team when it is your turn to onboard. -
    +
    + + Warning: +

    - Please do not plan to fill out the application unless your organization has tested your solution in sandbox and is able to share security documentation with CMS. + Please do not fill out the application unless your organization has tested your solution in sandbox and is able to share security documentation with CMS.

    -

    b. Schedule a Demonstration with the DPC team

    +

    2. Schedule a Demonstration with the DPC Team

    -In the email following up on your application to the pilot program, you will receive a link to schedule a demonstration of your DPC solution with the DPC team. +After you request production access, you will receive an email about scheduling a demonstration of your DPC solution with the DPC Team.

    @@ -94,7 +90,15 @@

    Please be prepared to answer the following questions:
    • - Walk us through the end-to-end workflow. How will practitioners see the data in your system? + Walk us through the end-to-end workflow. +
        +
      • + How do you attribute patients to practitioners? +
        • +
      • + How will practitioners see the data in your system? +
        • +
    • How frequently will your organization make requests to the API? How quickly will you need the data returned? @@ -103,19 +107,19 @@

      What is your retry logic for requests that fail?

    • - What will you do if you do not receive data back for some of the requested patients? + What will you do if you do not receive data back for some of the requested patients? For example, data for patients outside of the 18-month lookback period for a given provider will not be returned during early phases of the pilot.
    • - How will the data be used? For example, are you using the data for aggregate population reporting, or for insights into the needs of an individual patient? or both? + How will the data be used? For example, are you using the data for aggregate population reporting, or for insights into the needs of an individual patient? Or both?
    • Where does the application live?
    • - Would there be a separate instance if you bring on another practice during pilot or MVP? + Would there be a separate instance if you bring on another practice during the pilot?
    • - During onboarding in the early phases of the pilot program, we'll be providing keys directly to the practitioner organization to grant access to production via secure email - we will not be using the same web portal as our sandbox environment. Please consider how to best communicate with the practitioner to securely transfer secrets if necessary. + During onboarding, we'll be providing keys directly to the practitioner organization to grant access to production via secure email - we will not be using the same web portal as our sandbox environment. Please consider how to best communicate with the practitioner to securely transfer secrets if necessary.
    • Are you ready for breaking changes during the pilot program? @@ -133,10 +137,10 @@

    -

    c. Provide Security Certification

    +

    3. Provide Security Certification

    - Health IT implementers preparing to onboard the production environment must provide one of the accepted security certifications below: + Prior to onboarding to the production environment, you must provide one of the accepted security certifications below:
    @@ -226,7 +230,7 @@

    -

    3. Onboard with DPC

    +

    Onboard with DPC

    The onboarding session will test your DPC solution with production Medicare Fee-For-Service claims data. @@ -235,34 +239,34 @@

    3. Onboard with DPC

    1. - Approximately 2-3 weeks after your successful DPC solution demonstration in the sandbox environment, you will receive an email with information and a link to schedule an onboarding session. In the same email, you will also receive further instructions on production requirements prior to the onboarding date. + After your successful DPC solution demonstration in the sandbox environment with the DPC Team, you will receive an email with information about the onboarding session. In the same email, you will also receive further instructions on production requirements prior to the onboarding date.
    2. After completing production requirements, you will receive production credentials for the healthcare organization for which you are implementing the DPC solution.
    3. - During the live onboarding session, you will receive real-time support from DPC engineers as you demonstrate the following: -
        + During the live onboarding session with the DPC Team, you will receive real-time support from DPC engineers as you demonstrate the following: +
        1. - Submit a request for data + Submit a request for data.
        2. - Receive requested data from DPC + Receive requested data from DPC.
    -

    Share Your Feedback

    +

    Share Your Feedback

    1. - The DPC team is always seeking feedback! Pilot partners will be requested to participate in research sessions where Health IT implementers and healthcare organizations will be asked, together or separately, to share their experiences, challenges, and recommendations regarding the design of the DPC API and its features. + The DPC Team is always seeking feedback! Pilot partners will be requested to participate in research sessions where Health IT implementers and healthcare organizations will be asked, together or separately, to share their experiences, challenges, and recommendations regarding the design of the DPC API and its features.
    2. - Join the DPC Google Group community to ask questions, share your thoughts, and hear about updates and upcoming events related to DPC. + Join the DPC Google Group community to ask questions, share your thoughts, and hear about updates and upcoming events related to DPC.
    diff --git a/common/tos.md b/common/tos.md index 737c2451..28af9dcf 100644 --- a/common/tos.md +++ b/common/tos.md @@ -1,7 +1,7 @@ --- layout: page-tos title: Terms of service -permalink: /terms-of-service +permalink: /terms-of-service.html id: tos --- *Last updated: 8/19/21* diff --git a/common/update-page.md b/common/update-page.md index 0e9df4c2..57d92686 100644 --- a/common/update-page.md +++ b/common/update-page.md @@ -2,7 +2,7 @@ layout: page-info title: Updates banner_title: Updates -permalink: /updates +permalink: /updates.html id: updates button: DPC Google Group button_url: "https://groups.google.com/d/forum/dpc-api" diff --git a/ops/release.sh b/ops/release.sh index 67054516..5aa58de1 100644 --- a/ops/release.sh +++ b/ops/release.sh @@ -105,8 +105,6 @@ echo "" >> $TMPFILE echo "$commits" >> $TMPFILE echo "" >> $TMPFILE -git tag -a -m"$PROJECT_NAME release $NEWTAG" -s "$NEWTAG" - RELEASE_PATH="/repos$GITHUB_REPO_PATH/releases" python github_release.py --release $NEWTAG --release-file $TMPFILE --repo $RELEASE_PATH diff --git a/package-lock.json b/package-lock.json index 1ce936a7..7b6c5b3e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,8 +1,254 @@ { "name": "dpc-static-site", "version": "1.0.0", - "lockfileVersion": 1, + "lockfileVersion": 2, "requires": true, + "packages": { + "": { + "name": "dpc-static-site", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "@cmsgov/design-system-core": "^3.7.0", + "@cmsgov/design-system-layout": "^3.7.0", + "normalize.css": "^8.0.1", + "svg4everybody": "^2.1.9" + }, + "devDependencies": {} + }, + "node_modules/@babel/runtime": { + "version": "7.9.2", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.9.2.tgz", + "integrity": "sha512-NE2DtOdufG7R5vnfQUTehdTfNycfUANEtCa9PssN9O/xmTzP4E08UI797ixaei6hBEVL9BI/PsdJS5x7mWoB9Q==", + "dependencies": { + "regenerator-runtime": "^0.13.4" + } + }, + "node_modules/@cmsgov/design-system-core": { + "version": "3.7.0", + "resolved": "https://registry.npmjs.org/@cmsgov/design-system-core/-/design-system-core-3.7.0.tgz", + "integrity": "sha512-0zenYytLfS0SKndAAiBY1h/nyx8XIShXqnhC1JEJCAIyDRfTF/M5FFOFdY5tY1jO09LukqWic/c0G7Tmib7LfQ==", + "deprecated": "This package has been deprecated in favor of @cmsgov/design-system. See the CMSDS docs (https://design.cms.gov/startup/migrating-v2) for more information.", + "dependencies": { + "@cmsgov/design-system-support": "^3.7.0", + "classnames": "^2.2.5", + "core-js": "^2.5.3", + "downshift": "^3.2.10", + "ev-emitter": "^1.1.1", + "lodash.uniqueid": "^4.0.1", + "react-aria-modal": "^2.11.1" + }, + "peerDependencies": { + "prop-types": "^15.0.0 || ^16.0.0", + "react": "^15.0.0 || ^16.0.0", + "react-dom": "^15.0.0 || ^16.0.0" + } + }, + "node_modules/@cmsgov/design-system-layout": { + "version": "3.7.0", + "resolved": "https://registry.npmjs.org/@cmsgov/design-system-layout/-/design-system-layout-3.7.0.tgz", + "integrity": "sha512-VYC7arPRvagEEUrNOJ/0nySpspglW/xEj6D9cyUCU+CPcxp2hSznRXfKG1qrhY6g0zOU8Y+fdLED560sb3mjLA==", + "deprecated": "This package has been deprecated in favor of @cmsgov/design-system. See the CMSDS docs (https://design.cms.gov/startup/migrating-v2) for more information.", + "dependencies": { + "@cmsgov/design-system-support": "^3.7.0" + } + }, + "node_modules/@cmsgov/design-system-support": { + "version": "3.7.0", + "resolved": "https://registry.npmjs.org/@cmsgov/design-system-support/-/design-system-support-3.7.0.tgz", + "integrity": "sha512-Xymyo7EtHl8PsyQLVxPysh45RgnCLFIzACmU6am0laR8R+SPBHZtlDNqGJ4FziBOwoMW9m5J1jtAlN8RGkZS8Q==", + "deprecated": "This package has been deprecated in favor of @cmsgov/design-system. See the CMSDS docs (https://design.cms.gov/startup/migrating-v2) for more information." + }, + "node_modules/classnames": { + "version": "2.2.6", + "resolved": "https://registry.npmjs.org/classnames/-/classnames-2.2.6.tgz", + "integrity": "sha512-JR/iSQOSt+LQIWwrwEzJ9uk0xfN3mTVYMwt1Ir5mUcSN6pU+V4zQFFaJsclJbPuAUQH+yfWef6tm7l1quW3C8Q==" + }, + "node_modules/compute-scroll-into-view": { + "version": "1.0.13", + "resolved": "https://registry.npmjs.org/compute-scroll-into-view/-/compute-scroll-into-view-1.0.13.tgz", + "integrity": "sha512-o+w9w7A98aAFi/GjK8cxSV+CdASuPa2rR5UWs3+yHkJzWqaKoBEufFNWYaXInCSmUfDCVhesG+v9MTWqOjsxFg==" + }, + "node_modules/core-js": { + "version": "2.6.11", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.11.tgz", + "integrity": "sha512-5wjnpaT/3dV+XB4borEsnAYQchn00XSgTAWKDkEqv+K8KevjbzmofK6hfJ9TZIlpj2N0xQpazy7PiRQiWHqzWg==", + "deprecated": "core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.", + "hasInstallScript": true + }, + "node_modules/downshift": { + "version": "3.4.8", + "resolved": "https://registry.npmjs.org/downshift/-/downshift-3.4.8.tgz", + "integrity": "sha512-dZL3iNL/LbpHNzUQAaVq/eTD1ocnGKKjbAl/848Q0KEp6t81LJbS37w3f93oD6gqqAnjdgM7Use36qZSipHXBw==", + "dependencies": { + "@babel/runtime": "^7.4.5", + "compute-scroll-into-view": "^1.0.9", + "prop-types": "^15.7.2", + "react-is": "^16.9.0" + }, + "peerDependencies": { + "react": ">=0.14.9" + } + }, + "node_modules/ev-emitter": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ev-emitter/-/ev-emitter-1.1.1.tgz", + "integrity": "sha512-ipiDYhdQSCZ4hSbX4rMW+XzNKMD1prg/sTvoVmSLkuQ1MVlwjJQQA+sW8tMYR3BLUr9KjodFV4pvzunvRhd33Q==" + }, + "node_modules/focus-trap": { + "version": "2.4.6", + "resolved": "https://registry.npmjs.org/focus-trap/-/focus-trap-2.4.6.tgz", + "integrity": "sha512-vWZTPtBU6pBoyWZDRZJHkXsyP2ZCZBHE3DRVXnSVdQKH/mcDtu9S5Kz8CUDyIqpfZfLEyI9rjKJLnc4Y40BRBg==", + "dependencies": { + "tabbable": "^1.0.3" + } + }, + "node_modules/focus-trap-react": { + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/focus-trap-react/-/focus-trap-react-3.1.4.tgz", + "integrity": "sha512-uqMKMg9Xlny0LKHW0HqA7ncLafW57SxgeedjE7/Xt+NB7sdOBUG4eD/9sMsq1O0+7zD3palpniTs2n0PDLc3uA==", + "dependencies": { + "focus-trap": "^2.0.1" + }, + "peerDependencies": { + "react": "0.14.x || ^15.0.0 || ^16.0.0", + "react-dom": "0.14.x || ^15.0.0 || ^16.0.0" + } + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==" + }, + "node_modules/lodash.uniqueid": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.uniqueid/-/lodash.uniqueid-4.0.1.tgz", + "integrity": "sha1-MmjyanyI5PSxdY1nknGBTjH6WyY=" + }, + "node_modules/loose-envify": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", + "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "dependencies": { + "js-tokens": "^3.0.0 || ^4.0.0" + }, + "bin": { + "loose-envify": "cli.js" + } + }, + "node_modules/no-scroll": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/no-scroll/-/no-scroll-2.1.1.tgz", + "integrity": "sha512-YTzGAJOo/B6hkodeT5SKKHpOhAzjMfkUCCXjLJwjWk2F4/InIg+HbdH9kmT7bKpleDuqLZDTRy2OdNtAj0IVyQ==" + }, + "node_modules/normalize.css": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/normalize.css/-/normalize.css-8.0.1.tgz", + "integrity": "sha512-qizSNPO93t1YUuUhP22btGOo3chcvDFqFaj2TRybP0DMxkHOCTYwp3n34fel4a31ORXy4m1Xq0Gyqpb5m33qIg==" + }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/prop-types": { + "version": "15.7.2", + "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz", + "integrity": "sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==", + "dependencies": { + "loose-envify": "^1.4.0", + "object-assign": "^4.1.1", + "react-is": "^16.8.1" + } + }, + "node_modules/react": { + "version": "16.14.0", + "resolved": "https://registry.npmjs.org/react/-/react-16.14.0.tgz", + "integrity": "sha512-0X2CImDkJGApiAlcf0ODKIneSwBPhqJawOa5wCtKbu7ZECrmS26NvtSILynQ66cgkT/RJ4LidJOc3bUESwmU8g==", + "peer": true, + "dependencies": { + "loose-envify": "^1.1.0", + "object-assign": "^4.1.1", + "prop-types": "^15.6.2" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-aria-modal": { + "version": "2.12.3", + "resolved": "https://registry.npmjs.org/react-aria-modal/-/react-aria-modal-2.12.3.tgz", + "integrity": "sha512-XIsB9mFRJe5c4MJ/CIZPRci6ZTEEWzUSRslM63rxwCFAV0HbC8KkaSlA2CtvwYmMwVd+lAsGDN7yUtOQXOGkQQ==", + "dependencies": { + "focus-trap-react": "^3.0.4", + "no-scroll": "^2.0.0", + "react-displace": "^2.3.0" + }, + "peerDependencies": { + "react": "0.14.x || ^15.0.0 || ^16.0.0" + } + }, + "node_modules/react-displace": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/react-displace/-/react-displace-2.3.0.tgz", + "integrity": "sha512-T8g/lyn3IX8kxLO4k4vJ/oIO9G72pRTc9GYslqKsfPcN4gY5+FYR5OHxeTH1skPjVylJrveGE3OC2qCt3BuHeA==", + "peerDependencies": { + "react": "0.14.x || ^15.0.0 || ^16.0.0", + "react-dom": "0.14.x || ^15.0.0 || ^16.0.0" + } + }, + "node_modules/react-dom": { + "version": "16.14.0", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-16.14.0.tgz", + "integrity": "sha512-1gCeQXDLoIqMgqD3IO2Ah9bnf0w9kzhwN5q4FGnHZ67hBm9yePzB5JJAIQCc8x3pFnNlwFq4RidZggNAAkzWWw==", + "peer": true, + "dependencies": { + "loose-envify": "^1.1.0", + "object-assign": "^4.1.1", + "prop-types": "^15.6.2", + "scheduler": "^0.19.1" + }, + "peerDependencies": { + "react": "^16.14.0" + } + }, + "node_modules/react-is": { + "version": "16.13.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" + }, + "node_modules/regenerator-runtime": { + "version": "0.13.5", + "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.5.tgz", + "integrity": "sha512-ZS5w8CpKFinUzOwW3c83oPeVXoNsrLsaCoLtJvAClH135j/R77RuymhiSErhm2lKcwSCIpmvIWSbDkIfAqKQlA==" + }, + "node_modules/scheduler": { + "version": "0.19.1", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.19.1.tgz", + "integrity": "sha512-n/zwRWRYSUj0/3g/otKDRPMh6qv2SYMWNq85IEa8iZyAv8od9zDYpGSnpBEjNgcMNq6Scbu5KfIPxNF72R/2EA==", + "peer": true, + "dependencies": { + "loose-envify": "^1.1.0", + "object-assign": "^4.1.1" + } + }, + "node_modules/svg4everybody": { + "version": "2.1.9", + "resolved": "https://registry.npmjs.org/svg4everybody/-/svg4everybody-2.1.9.tgz", + "integrity": "sha1-W9n23vwTOFmgRGRtR0P6vCjbfi0=", + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/tabbable": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/tabbable/-/tabbable-1.1.3.tgz", + "integrity": "sha512-nOWwx35/JuDI4ONuF0ZTo6lYvI0fY0tZCH1ErzY2EXfu4az50ZyiUX8X073FLiZtmWUVlkRnuXsehjJgCw9tYg==" + } + }, "dependencies": { "@babel/runtime": { "version": "7.9.2", @@ -129,6 +375,17 @@ "react-is": "^16.8.1" } }, + "react": { + "version": "16.14.0", + "resolved": "https://registry.npmjs.org/react/-/react-16.14.0.tgz", + "integrity": "sha512-0X2CImDkJGApiAlcf0ODKIneSwBPhqJawOa5wCtKbu7ZECrmS26NvtSILynQ66cgkT/RJ4LidJOc3bUESwmU8g==", + "peer": true, + "requires": { + "loose-envify": "^1.1.0", + "object-assign": "^4.1.1", + "prop-types": "^15.6.2" + } + }, "react-aria-modal": { "version": "2.12.3", "resolved": "https://registry.npmjs.org/react-aria-modal/-/react-aria-modal-2.12.3.tgz", @@ -142,7 +399,20 @@ "react-displace": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/react-displace/-/react-displace-2.3.0.tgz", - "integrity": "sha512-T8g/lyn3IX8kxLO4k4vJ/oIO9G72pRTc9GYslqKsfPcN4gY5+FYR5OHxeTH1skPjVylJrveGE3OC2qCt3BuHeA==" + "integrity": "sha512-T8g/lyn3IX8kxLO4k4vJ/oIO9G72pRTc9GYslqKsfPcN4gY5+FYR5OHxeTH1skPjVylJrveGE3OC2qCt3BuHeA==", + "requires": {} + }, + "react-dom": { + "version": "16.14.0", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-16.14.0.tgz", + "integrity": "sha512-1gCeQXDLoIqMgqD3IO2Ah9bnf0w9kzhwN5q4FGnHZ67hBm9yePzB5JJAIQCc8x3pFnNlwFq4RidZggNAAkzWWw==", + "peer": true, + "requires": { + "loose-envify": "^1.1.0", + "object-assign": "^4.1.1", + "prop-types": "^15.6.2", + "scheduler": "^0.19.1" + } }, "react-is": { "version": "16.13.1", @@ -154,6 +424,16 @@ "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.5.tgz", "integrity": "sha512-ZS5w8CpKFinUzOwW3c83oPeVXoNsrLsaCoLtJvAClH135j/R77RuymhiSErhm2lKcwSCIpmvIWSbDkIfAqKQlA==" }, + "scheduler": { + "version": "0.19.1", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.19.1.tgz", + "integrity": "sha512-n/zwRWRYSUj0/3g/otKDRPMh6qv2SYMWNq85IEa8iZyAv8od9zDYpGSnpBEjNgcMNq6Scbu5KfIPxNF72R/2EA==", + "peer": true, + "requires": { + "loose-envify": "^1.1.0", + "object-assign": "^4.1.1" + } + }, "svg4everybody": { "version": "2.1.9", "resolved": "https://registry.npmjs.org/svg4everybody/-/svg4everybody-2.1.9.tgz", diff --git a/postman/CMS_DPC_API_Developer.postman_collection.json b/postman/CMS_DPC_API_Developer.postman_collection.json index 14e5aa29..79b20d5c 100644 --- a/postman/CMS_DPC_API_Developer.postman_collection.json +++ b/postman/CMS_DPC_API_Developer.postman_collection.json @@ -2,7 +2,7 @@ "info": { "_postman_id": "3aefd688-7b7d-405e-9c87-586b897bd58b", "name": "Centers for Medicare & Medicaid Services (CMS) - Data at the Point of Care (DPC) API - App Developer", - "description": "This collection contains example requests for the public endpoints for the Data at the Point of Care (DPC) API. In order to use it, you must first create public and private keys and update the following values in your local Postman sandbox environment:\n\n1) `client_token`: This is sometimes also referred to as a `macaroon` and can be created on the DPC portal. Be sure to save a copy of your token in a safe place.\n\n2) `PRIVATE_KEY`: Follow the steps found here to create public and private keys: https://dpc.cms.gov/docs#upload-your-first-public-key and paste the contents of your private key in the `PRIVATE_KEY` field of your local Postman sandbox environment. Do not share your private key otherwise.\n\n3) `key-id`: This is the system id of your public key, which is returned to you when the public key is uploaded to the DPC portal. You need this to generate a JWT, which you will exchange for an access token.\n\nWith these 3 values in place, the JWT and a fresh access token are automatically generated for you before each request in this Postman collection to prevent you from having to manually refresh the access token every 5 minutes while using the collection. Note that, due to the way Postman works, you may occasionally experience a race condition that results in your access token not being refreshed before the main Postman request. In this case, you would receive a 401 with a message about invalid credentials. If this happens, just try the request again, and you should have a fresh token the second time.\n\nUnder `Security/Authentication`, in the `Public Keys`, you will find a request to add a public key to DPC without using the portal. This request requires auth and is not required in order to use the other requests in this collection. If you would like to create a new public key, first generate the keys locally, then follow the directions in the `Add/Register Public Key on DPC Sandbox` description. You do not need to update the `PUBLIC_KEY`, `public-key-label`, and `public-key-signature` values in the environment otherwise.\n", + "description": "This collection contains example requests for the public endpoints for the Data at the Point of Care (DPC) API. In order to use it, you must first create public and private keys and update the following values in your local Postman sandbox environment:\n\n1) `client_token`: This is sometimes also referred to as a `macaroon` and can be created on the DPC portal. Be sure to save a copy of your token in a safe place.\n\n2) `PRIVATE_KEY`: Follow the steps found here to create public and private keys: https://dpc.cms.gov/docsV1#upload-your-first-public-key and paste the contents of your private key in the `PRIVATE_KEY` field of your local Postman sandbox environment. Do not share your private key otherwise.\n\n3) `key-id`: This is the system id of your public key, which is returned to you when the public key is uploaded to the DPC portal. You need this to generate a JWT, which you will exchange for an access token.\n\nWith these 3 values in place, the JWT and a fresh access token are automatically generated for you before each request in this Postman collection to prevent you from having to manually refresh the access token every 5 minutes while using the collection. Note that, due to the way Postman works, you may occasionally experience a race condition that results in your access token not being refreshed before the main Postman request. In this case, you would receive a 401 with a message about invalid credentials. If this happens, just try the request again, and you should have a fresh token the second time.\n\nUnder `Security/Authentication`, in the `Public Keys`, you will find a request to add a public key to DPC without using the portal. This request requires auth and is not required in order to use the other requests in this collection. If you would like to create a new public key, first generate the keys locally, then follow the directions in the `Add/Register Public Key on DPC Sandbox` description. You do not need to update the `PUBLIC_KEY`, `public-key-label`, and `public-key-signature` values in the environment otherwise.\n", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "item": [ @@ -138,7 +138,7 @@ } ] }, - "description": "This endpoint registers the provided public key with the organization.\n\nThe provided key MUST be PEM encoded. (See https://dpc.cms.gov/docs#upload-your-first-public-key) RSA keys of 4096-bits or greater are supported, as well as ECC keys using one of the following curves:- secp256r1- secp384r1\n\nPREREQUISITES:\n- `PUBLIC_KEY`: Before using this endpoint, you must paste your PEM encoded public key as the value for this environment variable.\n- `public_key_signature`: Before using this endpoint, you must paste your public key signature as the value for this environment variable.\n- `public-key-label`: Feel free to modify this label, which is `Test Public Key` by default." + "description": "This endpoint registers the provided public key with the organization.\n\nThe provided key MUST be PEM encoded. (See https://dpc.cms.gov/docsV1#upload-your-first-public-key) RSA keys of 4096-bits or greater are supported, as well as ECC keys using one of the following curves:- secp256r1- secp384r1\n\nPREREQUISITES:\n- `PUBLIC_KEY`: Before using this endpoint, you must paste your PEM encoded public key as the value for this environment variable.\n- `public_key_signature`: Before using this endpoint, you must paste your public key signature as the value for this environment variable.\n- `public-key-label`: Feel free to modify this label, which is `Test Public Key` by default." }, "response": [] },