Verifiable Health Link
0.0.2-current - ci-build
Verifiable Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions
Active as of 2025-06-16 |
<Requirements xmlns="http://hl7.org/fhir">
<id value="CreateTrustedChannel"/>
<text>
<status value="generated"/>
<div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: Requirements CreateTrustedChannel</b></p><a name="CreateTrustedChannel"> </a><a name="hcCreateTrustedChannel"> </a><p>These requirements apply to the following actors: </p><ul><li><a href="ActorDefinition-VHLReceiver.html">VHL Receiver</a></li><li><a href="ActorDefinition-VHLSharer.html">VHL Sharer</a></li></ul><p>These requirements derive from <a href="Requirements-EstablishTrust.html">Establish Trust</a></p><table class="grid"/></div>
</text>
<url
value="https://profiles.ihe.net/ITI/VHL/Requirements/CreateTrustedChannel"/>
<version value="0.0.2-current"/>
<name value="CreateTrustedChannel"/>
<title value="Create Trusted Channel"/>
<status value="active"/>
<date value="2025-06-16T13:14:26+00:00"/>
<publisher value="IHE IT Infrastructure Technical Committee"/>
<contact>
<telecom>
<system value="url"/>
<value value="https://www.ihe.net/ihe_domains/it_infrastructure/"/>
</telecom>
</contact>
<contact>
<telecom>
<system value="email"/>
<value value="iti@ihe.net"/>
</telecom>
</contact>
<contact>
<name value="IHE IT Infrastructure Technical Committee"/>
<telecom>
<system value="email"/>
<value value="iti@ihe.net"/>
</telecom>
</contact>
<description
value="The [VHL Sharer](ActorDefinition-VHLSharer.html) and [VHL Receiver](ActorDefinition-VHLReceiver.html) SHALL jointly establish a mutually authenticated TLS (mTLS) connection prior to executing any Verified Health Link (VHL) transactions involving the exchange of sensitive data.
This requirement entails:
* The VHL Receiver initiating the mTLS handshake as the client and presenting a valid X.509 certificate
* The VHL Sharer responding as the server, presenting its own certificate and validating the client's certificate against a trusted Certificate Authority or Trust Anchor
Establishing this trusted channel ensures confidentiality, integrity, and bilateral authentication of all subsequent communications, and fulfills the trust obligations defined in the [Establish Trust](Requirements-EstablishTrust.html) requirement."/>
<jurisdiction>
<coding>
<system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
<code value="001"/>
</coding>
</jurisdiction>
<derivedFrom
value="https://profiles.ihe.net/ITI/VHL/Requirements/EstablishTrust"/>
<actor
value="https://profiles.ihe.net/ITI/VHL/ActorDefinition/VHLReceiver"/>
<actor value="https://profiles.ihe.net/ITI/VHL/ActorDefinition/VHLSharer"/>
</Requirements>