Marketplace & Portal Suite

Given I am a new buyer, When I complete the registration form, Then my application enters the 4-stakeholder approval queue and I receive a confirmation email with estimated review time.

Given I omit required fields (company name, use case), When I submit the form, Then validation errors highlight the missing fields and submission is blocked.

Given Legal approves a buyer, When the approval is recorded, Then the application advances to Compliance and the Compliance officer is notified.

Given any stakeholder rejects the application, When the rejection is recorded, Then the workflow stops, the buyer is notified with the rejection reason, and the application status shows "Rejected at [stage]."

Given Legal and Compliance have approved but Data Governance is pending, When I log in, Then I see a progress bar showing 2/4 complete with "Awaiting: Data Governance" displayed.

Given my query results are ready, When I choose "Deliver via SFTP," Then the data is encrypted with AES-256 and transferred to my registered SFTP endpoint, and a delivery receipt is logged.

Given I choose "Deliver via API," When I call the results endpoint with my API key, Then I receive the data over TLS 1.3 with a response header showing the dataset hash for integrity verification.

Given I have 5 categories consented, When I view the Data Value section, Then each category shows: estimated monthly value, number of active buyers, and a visual bar proportional to value.

Given I revoke a category, When the Data Value section refreshes, Then that category shows $0 and the total recalculates.

Given I have 3 matched trials, When I open the Clinical Trials tab, Then each trial shows: title, CRO, compensation, eligibility match score, and Accept/Decline buttons.

Given I click "Accept" on a trial, When the action is confirmed, Then my status changes to "Enrolled — Pending Screening" and the CRO is notified.

Given I click "Decline," When the action is confirmed, Then the trial is moved to a "Declined" section and I am not shown that trial again unless I reopen it.

Given I enter a valid email, When I click "Continue," Then a 6-digit MFA code is sent to my phone and I must enter it within 5 minutes.

Given I enter an incorrect MFA code 3 times, When the third attempt fails, Then my account is temporarily locked for 15 minutes and I receive an email alert about the failed attempts.

Given a patient has consented to share Labs and Diagnoses but not Medications, When I open their record, Then I see Labs and Diagnoses sections but the Medications section shows "Access restricted by patient consent."

Given a patient grants Medications consent, When I refresh the record, Then the Medications section becomes visible within 30 seconds.

Given a patient has 3 recent visits, When I click "AI Summary," Then a 3-5 sentence summary appears highlighting: key diagnoses, recent lab changes, medication adjustments, and any care gaps — using only consented data categories.

Given a patient has restricted Medications access, When the AI summary generates, Then it does not mention medications and includes a note "Partial view — some categories restricted by patient consent."

Given I enter my email, NPI, and MFA code, When I click "Sign In," Then the system validates my NPI against the NPPES registry and grants access only if the NPI is active and matches my email domain.

Given I enter an invalid or deactivated NPI, When I attempt login, Then access is denied with "NPI not found or inactive — please verify your credentials."

Given I have 8 appointments today, When I view the list, Then each patient shows a consent indicator: green (all categories shared), amber (partial), red (no consent / restricted).