Fire.ly public FHIR R4 test server —
https://server.fire.ly/r4. No API key. TAP probes
/metadata and performs HTI-1 style checks when the CapabilityStatement resolves to
clinical_ehr. Latency spikes on this host can intermittently trip information-blocking timing
requirements; rerun if results look flaky.
| Req ID | Severity | Description | Regulatory Ref |
|---|---|---|---|
| HTI1-CAP-01 | CRITICAL | Capability statement accessible | 45 CFR 170.315(g)(10) |
| HTI1-IB-01 | HIGH | Metadata reachable without auth within 10s | 45 CFR 171.301 (Information Blocking) |
| HTI1-CAP-02 | HIGH | FHIR version is R4 | 45 CFR 170.215(a)(1) |
| HTI1-RES-01 | CRITICAL | Patient resource supported | 45 CFR 170.315(g)(10) |
| HTI1-RES-02 | HIGH | Observation resource supported | 45 CFR 170.315(g)(10) |
| HTI1-RES-03 | HIGH | Condition resource supported | 45 CFR 170.315(g)(10) |
| HTI1-RES-04 | HIGH | MedicationRequest resource supported | 45 CFR 170.315(g)(10) |
| HTI1-RES-05 | MEDIUM | AllergyIntolerance resource supported | 45 CFR 170.315(g)(10) |
| HTI1-RES-06 | MEDIUM | Immunization resource supported | 45 CFR 170.315(g)(10) |
| HTI1-RES-07 | MEDIUM | DiagnosticReport resource supported | 45 CFR 170.315(g)(10) |
| HTI1-RES-08 | MEDIUM | DocumentReference resource supported | 45 CFR 170.315(g)(10) |
| HTI1-RES-09 | MEDIUM | Encounter resource supported | 45 CFR 170.315(g)(10) |
| HTI1-RES-10 | MEDIUM | Procedure resource supported | 45 CFR 170.315(g)(10) |
| HTI1-USCDI-01 | HIGH | USCDI v3 / US Core 6.x profile claim | 45 CFR 170.213 (USCDI v3) |
| HTI1-USCDI-02 | LOW | USCDI v4 / US Core 7.x readiness (forward-looking) | 45 CFR 170.213 (USCDI v4 — forward-looking) |
| HTI1-IB-03 | HIGH | 8 required clinical note types accessible via DocumentReference | 45 CFR 171.301 (21st Century Cures Act) |
| HTI1-IB-02 | MEDIUM | Bulk export ($export) capability | 45 CFR 170.315(g)(10) |
| Req ID | Severity | Description | Regulatory Ref |
|---|---|---|---|
| HTI1-CAP-03 | CRITICAL | SMART on FHIR configuration endpoint Deploy a SMART on FHIR authorization server and expose /.well-known/smart-configuration with authorization_endpoint and token_endpoint populated. Options: Keycloak, Azure AD B2C, Auth0 with FHIR scopes. |
45 CFR 170.315(g)(10)(i) |
| HTI1-CAP-04 | HIGH | SMART scopes advertised Configure the authorization server scopes_supported to include: launch/patient, openid, fhirUser, and at least one patient/*.read scope. |
45 CFR 170.315(g)(10)(ii) |