A. New and Improved
a. Access Management
i. Admin Portal
a. No changes in this release
ii. Vendor Portal
a. No changes in this release
iii. Member Portal
a. No changes in this release
iv. Authorization/Authentication
1. Enhanced code to allow for targeting specific testing scenarios.
2. Refresh token should not be issued for a Client Credentials token (per RFC https://www.rfc-editor.org/rfc/rfc6749#section-4.4.3)
3. Framework update and Security related updates
b. Framework
i. FLEX Server
1. Enhanced “.well-known/smart-configuration” endpoint to add additional recommended values
2. Fixed cases where searchRevInclude were returned in the Capability Statement for FHIR resources that did not support RevInclude
3. Framework update and Security related updates
c. Patient Access APIs
i. Patient Claims
1. Implementation Guide: CARIN for Blue Button® HL7.FHIR.US.CARIN-BB\Home - FHIR v4.0.1
2. No Change
c. Public Directory APIs
i. Provider Directory
1. Implementation Guide: PDEX Payer Network
HL7.FHIR.US.DAVINCI-PDEX-PLAN-NET\Home - FHIR v4.0.1
2. No Change
B. Bug Fixes
a. Provider Directory Practitioner Role Resource when requested responds with a Response Code of HTTP 500 (Internal Error response). Updated code to handle source practitioner role data so that request would respond with a Response Code of HTTP 200 (OK: Successful request).
b. Reports of 500 errors have been occurring intermittently. FLEX made some configuration changes to allow for connection retries and increasing the timeout along with additional debug logging to improve troubleshooting the error logs.
c. Security updates and vulnerability fixes to portals
C. Known Issues
a. Vendors: Will not receive an email after the organization attestation is past due. Vendor will receive all other emails as is. The issue is expected to be fixed in the upcoming release.