Interoperability Agent
SMART App Launch Authorization Test Kit
SCRIMED conformance evaluations execute deterministic checks against synthetic fixtures and declared connector contracts. A synthetic pass is not certification, partner acceptance, production authorization, or permission to exchange live healthcare data.
Deterministic checks
SMART App Launch 2.2.0 with FHIR R4 launch context
SMART registry target
synthetic · contract
- The FHIR intake contract explicitly binds SMART App Launch.
Least-privilege control declared
synthetic · authorization
- The contract requires approved SMART scopes before applications receive FHIR access.
Synthetic data boundary
synthetic · privacy
- Authorization evaluation remains separated from live patient context.
Approved scope matrix
live-readiness · authorization
- Define user, patient, system, launch, and offline-access scopes per application and role.
Token audience validation
live-readiness · security
- Validate aud, issuer, discovery metadata, signing keys, and token lifetime against the partner.
Launch-context and revocation tests
live-readiness · security
- Test EHR launch, standalone launch, patient context, revocation, and session termination.
Authorization audit linkage
live-readiness · governance
- Link token, tenant, role, patient context, purpose-of-use, and reviewer events without capturing secrets.
SMART-bound integration contract
FHIR intake contract declares SMART scope approval as a conformance target.
Inspect evidenceApplication scope matrix
Approved least-privilege scopes by application, tenant, role, and launch context.
Authorization server test report
Discovery, audience, issuer, signing, token, launch, revocation, and session tests.
Required before live exchange
Production use remains denied until every deployment-specific blocker is resolved.
Linked controls
Contract, fixture, and standards evidence remain inspectable.
Primary sources