v2534
Patient360
Vital sign observations parsed from C-CDA documents are now linked to their associated Encounter when appropriate.
Carequality IAS: Patient Access Requests
Carequality IAS workflows for patient access now require an ID token and a declared purpose of use. These fields are validated to ensure compliance with Carequality's Individual Access Services (IAS) policies.
Enterprise and Practice Portals: Admin MFA Reset
Tenant administrators can now reset Multi-Factor Authentication (MFA) for users from a new Multi-Factor Authentication (MFA) section in Settings, with two options:
- Account Recovery triggers an MFA reset so the user can re-enroll at their next login.
- Risk Assessment opens a modal with security details, including the number of failed password attempts since the last successful login.
These actions are role-restricted, fully audited, and respect MFA configuration rules. When tenant-wide MFA is off but an individual user has MFA enabled, actions are available only for that user.
Enterprise Portal: Locations API
The Company Account section now supports APIs for viewing and managing company locations.
QHIN: SMART-on-FHIR Endpoint Discovery (T-IAS)
A new API endpoint lets you pass a patientId and query the QHIN network directory for SMART-on-FHIR endpoints associated with that patient. The request uses the T-IAS (Treatment with Identity Assurance) purpose of use and a document query to confirm data availability. Returned endpoints include SMART launch URLs and compatibility flags.
Resolutions
- CDA Import: Stopped preview generation from firing for C-CDA imports without PDF attachments.
- Network Query Compliance: Ensured denylisted endpoints are excluded from Carequality and QHIN network queries.
- Cursor Pagination Limits: Enforced documented
_countparameter limits for cursor pagination. - Patient360 Queries: Limited location-based radius calculations to relevant tenant locations, reducing excess queries.
- C-CDA Export: Restored the "Diagnoses" segment in C-CDA exports and added Spanish translation for success messages.
- FHIR
$everything: Prevented invalid date ranges in$everythingrequests with descriptive error messages. - Family History: Corrected missing family history items in API responses.
- Immunization Records: Allowed creation of distinct immunization records with different
vaccineIdvalues. includeMedicalHistoryParameter: UpdatedincludeMedicalHistoryto correctly return diagnoses when set to true.

