Verifiable Health Link
0.0.2-current - ci-build International flag

Verifiable Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions

2:3.YY3 Issue Verifiable Health Link

2:3.YY3.1 Scope

The Issue Verifiable Health Link transaction returns a Verifiable Health Link authorization mechanism which can be used to provide access to one or more documents. A VHL Holder initiates the Issue VHL transaction against a VHL Sharer.

2:3.YY3.2 Actor Roles

Actor Role
VHL Holder Request that a VHL authorization mechanism be issued
  Receive VHL authorization mechanism
VHL Sharer Generate a VHL Authorization Mechanism Based on Query Parameters

2:3.YY3.3 Referenced Standards

2:3.YY3.4 Messages

2:3.YY3.4.1 Issue VHL Request Message

2:3.YY3.4.1.1 Trigger Events

A VHL Holder initiates a request to a VHL Sharer to generate a Verified Health Link (VHL) that references one or more health documents. The resulting VHL allows the Holder to subsequently share access to those documents with a VHL Receiver. The Holder MAY include optional parameters to constrain or protect the issued VHL-such as defining an expiration period, scoping which documents are included, or requiring a passcode for retrieval. These parameters guide the Sharer's issuance of the VHL and influence the conditions under which the associated documents may be accessed.

Preconditions:

  • The VHL Holder SHALL trust that the VHL Sharer has been authorized by its jurisdiction to generate VHLs and to provide access to the corresponding health documents.
  • Optionally, the VHL Holder has selected consent directives or selective disclosure preferences, as permitted by the applicable content profile.
2:3.YY3.4.1.2 Message Semantics

None defined. Up to a content profile to define.

2:3.YY3.4.1.3 Expected Actions

The VHL Sharer SHALL generate a Verified Health Link (VHL) to be issued to a VHL Holder.

The Sharer SHALL conduct all necessary tasks to prepare the content referenced by the VHL. These tasks MAY be further defined by applicable content profiles or implementation guides, and MAY include:

  • Generation of new documents;
  • Querying for existing documents associated with the VHL Holder; or
  • Creation of digital signatures on one or more documents.

Once content preparation is complete, the Sharer SHALL construct the VHL payload and sign it to produce a cryptographically verifiable authorization mechanism.

Optional behaviors:

2:3.YY3.4.2 Issue VHL Response Message

2:3.YY3.4.2.1 Trigger Events

A VHL Sharer initiates an Issue Verifiable Health Link Response Message once it has completed, to the extent possible, the expected actions upon receipt of a Issue Verifiable Health Link Request message, as specified by an appropriate content profile.

2:3.YY3.4.2.2 Message Semantics

None defined. Up to a content profile to define.

2:3.YY3.4.2.3 Expected Actions

The VHL Receiver SHALL be capable of receiving a Verified Health Link (VHL) from a VHL Holder through a supported transport mechanism (e.g., QR code scan, direct URL, or digital message).

Upon receipt, the Receiver SHALL:

  • Parse the VHL
  • Validate its digital signature against a trusted key published by a recognized Trust Anchor
  • Prepare to retrieve the associated health documents

Receipt of the VHL may occur through direct user interaction (e.g., scanning a QR code) or automated channels, depending on the implementation context.

2:3.YY3.5 Security Considerations

Depends on the content profile.