SMART Health Cards and Links FHIR IG, published by HL7 International / FHIR Infrastructure. This guide is not an authorized publication; it is the continuous build for version 1.0.0-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/smart-health-cards-and-links/ and changes regularly. See the Directory of published versions
This document describes how clinical information, modeled in FHIR, can be presented in a form based on W3C Verifiable Credentials (VC).
Any time we want to present verifiable clinical information, we must first make some use-case-specific decisions:
Immunization
or Observation
) that must be packaged and presented togetherPatient
)Once we make these decisions, we can construct a VC with a credential subject as follows:
credentialSubject
with these top level elements:
fhirVersion
: a string representation of the semantic FHIR version the content is represented in (e.g. 1.0.*
for DSTU2, 4.0.*
for R4, where *
is a number, not a literal asterisk)fhirBundle
: a FHIR Bundle
resource that includes all required FHIR resources (content + identity resources). For the Bundle.type
, implementers should choose collection
unless a more specific type applies (e.g. document
).Resulting payload for the "credentialSubject"
:
{
"...",
"fhirVersion": "4.0.1",
"fhirBundle": {
"resourceType": "Bundle",
"type": "collection",
"entry": [
"..."
]
}
Below we focus on the Health Card use case, but the same approach to forming VCs out of FHIR can be applied to other use cases, too.
A “Health Card” is a VC that conveys results about one discrete topic – in this example, a COVID-19 immunization card, encompassing details about doses given. Other cards could convey details of a RT-PCR test for COVID-19, a clinical diagnosis of COVID-19, TDAP vaccination, and so on.
According to the procedure above, we start with decisions about FHIR content resources and identity resources:
Immunization
with details about a first dose (product, date of administration, and administering provider)Immunization
with details about a second dose (product, date of administration, and administering provider)What FHIR identity resources do we need to bind the FHIR content resources to an external identity system? We might eventually define use-case-specific requirements, but we want to start with a recommended set of data elements for inclusion using the FHIR Patient
resource. Resources MAY include an overall “level of assurance” indicating whether these demographic elements have been verified.
To create a structure matching the W3C Verifiable Credential JSON-LD Syntax from a SMART Health Card JWS:
De-compress the JWS payload
Add to the .vc
object:
"@context": [
"https://www.w3.org/2018/credentials/v1",
{
"@vocab": "https://smarthealth.cards#",
"fhirBundle": {
"@id": "https://smarthealth.cards#fhirBundle",
"@type": "@json"
}
}
]
Prepend to the .vc.type
array: "VerifiableCredential"
Process the payload according to JWT Decoding Rules