What's New in TrackER

Time Range Filters, Kiosk QR Fix & Security Hardening

Nurses can now filter My Alerts and My Requests by time range (24h to 6 months). Kiosk check-in QR codes now show the correct custom domain. Several security and infrastructure improvements.

• Time range filter on My Alerts -- filter sent alerts by last 24 hours, 5 days, 7 days, 15 days, 30 days, 3 months, or 6 months. Defaults to last 24 hours for fast loading.
• Time range filter on My Requests -- same time periods for staff job requests, integrated with existing status and role filters. Badge counts update to reflect the selected time window.

• Kiosk QR code domain -- check-in QR codes and tracking URLs now use the correct custom domain (e.g. patient.int.east.ccbtec.com) instead of the raw Azure App Service hostname
• Kiosk list bullets -- replaced unicode checkmark characters with CSS-drawn checkmarks to fix rendering as question marks on Android WebView

• Forwarded Headers middleware -- added UseForwardedHeaders so client IPs resolve correctly behind Azure App Service load balancers (fixes 0.0.0.0 in telemetry, audit logs, and rate limiting)
• JWT RoleClaimType fix -- .NET 10 no longer maps short "role" claims to ClaimTypes.Role by default; middleware now sets MapInboundClaims = false and rebuilds identity with correct role type
• Cross-hospital message injection -- CreateMessage now verifies visit ownership before inserting (prevents nurse from Hospital A sending alerts to Hospital B patients)

Notification Alerts, Audio Caching & Staff Dashboard Redesign

Nurses can now send alert messages directly to the waiting room display and patient phones, with full alert history and visibility controls. The staff dashboard gets a complete UI overhaul.

• Send Message modal redesign -- two-column layout with alert history panel, last-message suggestion, and hide/show controls per alert
• My Alerts page -- new page for nurses to view and manage all alerts they've sent, with toggle visibility and dismiss actions
• Per-display notification icon -- admins can pick from bell, megaphone, alert, chat, envelope, or info icons per waiting room display (Migration 044)
• Alert-aware kiosk paging -- patients with active call messages get dedicated pages (max 2 per page), never mixed with non-alert patients
• Patient phone notifications -- new messages trigger a sound alert and browser notification on the patient's tracking page, with audio unlock on first tap
• Audio preload & caching -- sound files are preloaded on first user gesture and reused from browser cache, with <link rel="preload"> and 30-day IIS cache headers
• Alert count badges -- message tool button shows a red badge with the count of active alerts per patient
• Two-row tool layout -- queue card tool icons are now organized into two rows for better touch targets on tablets

• Staff dashboard redesign -- stats cards, mobile-friendly nav, modernized UI across the staff portal
• Azure AD group overage handling -- when the token exceeds the group limit, TrackER now falls back to Microsoft Graph API to resolve roles

• XSS fix in patient notifications -- browser notification messages are now fully sanitized for JS string context (backslash, quotes, angle brackets)
• Null-ref guard on re-auth -- patient portal no longer crashes if the tracking re-auth call fails due to network issues

Epic FHIR JKU Support & Security Hardening

Added JKU (JWKS URL) support in JWT assertion headers for Epic's updated backend auth requirements, plus critical security fixes.

• Epic FHIR JKU header -- JWT assertions now include the jku header pointing to the JWKS endpoint, per Epic's Feb 2026 requirement for new backend system licenses

• Timing attack fix (CWE-208) -- password verification in all 4 auth services now uses constant-time comparison to prevent timing side-channel attacks
• Lockout bypass fix (CWE-187) -- fixed username truncation in IsLockedOutAsync that allowed bypassing account lockout

Upgrade to .NET 10

The entire platform has been upgraded from .NET 9 to .NET 10, with all 16 projects, packages, and deploy scripts updated.

• .NET 10 upgrade -- all projects, CI, and deploy scripts now target .NET 10
• Azure Monitor OpenTelemetry -- replaced the deprecated App Insights SDK with native OpenTelemetry
• 64-bit App Services -- all Azure App Services now run 64-bit
• Package upgrades -- Swashbuckle 7.2 to 10.1, MAUI Controls 9.0 to 10.0, fixed SYSLIB0060 warnings for Rfc2898DeriveBytes
• xUnit v3 migration -- test framework upgraded to xUnit v3 with Microsoft.Testing.Platform

Account Lockout Management

Per-hospital configurable account lockout with Super Admin oversight.

• Account lockout -- configurable failed attempt thresholds and lockout durations per hospital (Migration 043)
• Super Admin lockout management -- view and unlock locked accounts across all hospitals

NIST CSF 2.0, Room Management & Call Sounds

NIST CSF 2.0 compliance infrastructure, full room/bed management, and a customizable call sound library.

• NIST CSF 2.0 compliance -- SIEM integration, SBOM generation, backup verification, incident response procedures
• Room management -- full room/bed tracking with search, assignment, availability, and display room filter (Migration 040)
• Call sounds library -- admins can upload custom MP3/WAV alert sounds per display, with magic-byte validation and file size limits (Migrations 041-042)
• Transport prompt -- after assigning a room, nurses are prompted to request transport with pre-filled from/to locations

• Timing attack mitigations -- constant-time comparisons in credential validation
• Secret overwrite protections -- Key Vault secret write operations now verify before overwriting
• Forbid() bug fix -- fixed Forbid("message") calls that were interpreted as auth scheme names instead of error messages

• Razor entity bug -- HTML entities like · inside C# interpolation now use Unicode characters instead
• SqlDataReader closure -- added regression tests to ensure readers are properly closed before opening new commands on the same connection

EHR Integration, Azure AD SSO & Departments

Full EHR integration API with Epic FHIR + Meditech HL7, Azure AD single sign-on, and department-based patient routing.

• Epic FHIR R4 integration -- native search, pagination, patient lookup, and backend system auth
• Meditech HL7 integration -- ADT message processing with configurable field mappings
• Integration inbound API -- ESI_UPDATE, STATUS_UPDATE, DEPARTMENT_TRANSFER endpoints for EHR-driven updates
• Azure AD / Entra ID SSO -- PKCE + state flow for nurse and admin portals, with automatic role mapping from Azure AD groups

• Departments -- create departments, transfer patients between them, filter the queue by department (Migration 033)
• Completion workflows -- admin-configurable workflows that auto-advance patient status on job completion (Migration 034)
• Display department filter -- waiting room displays can be scoped to specific departments (Migration 035)
• Nurse dashboard status filter -- admins can restrict which statuses nurses see in their status picker (Migration 037)
• Announcement expiry -- per-hospital max announcement duration with nurse-selectable expiry times (Migration 037)

Crew Messaging, Patient Notes & Waiting Room Overhaul

Staff can now chat on job requests, nurses can add notes and scan barcodes, and the waiting room display gets a complete multi-display overhaul.

• Crew messaging -- real-time chat on staff job requests with read receipts and urgent flags (Migration 031)
• Patient visit notes -- add timestamped notes per patient with visibility controls (Nurses Only, All Staff, Only Me) (Migration 030)
• Barcode / wristband scanning -- assign and scan barcodes for patient identification (Migration 030)
• Unread message indicators -- queue cards and nav badges show unread crew message counts
• Job cancel & detail modal -- view job details, chat inline, and cancel pending requests from the queue

• Multi-display configuration -- each hospital can have multiple waiting room displays with independent settings
• Announcement display modes -- side panel, inline, or paged announcements with configurable column width (Migration 039)
• Call messages -- full-screen alert overlay with configurable sound on the waiting room display
• Patient identifier modes -- choose from initials, first name, partial first name, or visit ID (Migration 038)
• Announcement font size -- independently configurable font size for announcements (Migration 038)
• SMS consent redesign -- improved opt-in flow during kiosk check-in

Mobile App & Browser Test Automation

Native mobile app improvements and parallelized Playwright browser tests.

• Mobile app UI overhaul -- updated icons, splash screen, and sidebar navigation
• Security alerts upgrade -- mobile push alerts for STAMP red zone events

• Parallelized Playwright tests -- browser tests now run in parallel for faster CI feedback
• Staff API contract tests -- comprehensive API contract validation for the staff portal

.NET MAUI Mobile App & Self-Hosted Notifications

The initial release of the native .NET MAUI mobile app and the self-hosted push notification system that replaces Firebase.

• .NET MAUI mobile app -- native iOS and Android app with Bootstrap-styled Blazor UI
• Self-hosted notifications -- push notification system using APNs and FCM directly, no Firebase dependency (Migration 028)

• Configurable KPI targets -- admins can set their own wait time, throughput, and satisfaction targets (Migration 027)
• Expanded audit logging -- all patient-facing operations now logged to PatientInteractions for HIPAA compliance
• Time zone improvements -- per-hospital timezone with correct display across all portals
• E2E browser tests -- Playwright tests covering critical paths across all portals

• Landing page redesign -- new marketing site with clearer value proposition and demo request flow
• Migration validation tests -- 1800+ cold-start tests catching forward-references, same-batch issues, and column mismatches