IP Review

Unattributed Code Systems

Copyright Fragment

This fragment is available on download.html

No use of external IP (other than from the FHIR specification)

Copyright and Registered Trademark Uses

IG © 2024+ IHE IT Infrastructure Technical Committee. Package ihe.iti.vhl#0.0.2-current based on FHIR 4.0.1. Generated 2026-03-13 Links: Table of Contents | QA Report | New Issue | Issues Version History | CC0 | Propose a changeexternal ( src )
hl7.fhir.us.hai: Healthcare Associated Infection Implementation Guide ®© HL7 | CC0 ( src )
REQUIRED (R) ( src )
VHLs and SMART® Health Links (SHLs) are conceptually related but rely on fundamentally different trust assumptions. In the VHL model, a pre-established trust relationship exists between the VHL Sharer and the VHL Receiver, verified via PKI material exchanged through Trust Lists. In contrast, SHL assumes no prior trust between the SHL Receiver and SHL Sharer. Instead, trust is conveyed at the time the SHL is presented, often using embedded JWS signatures and keys controlled by the SHL Sharer. See Appendix A for a more detailed comparison. ( src )
Verifiable Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions ( src )

External References

Type Reference Content

web www.ihe.net contact : https://www.ihe.net/ihe_domains/it_infrastructure/ , iti@ihe.net , IHE IT Infrastructure Technical Committee: iti@ihe.net

web euvabeco.eu The European Vaccination Card (EVC) is a citizen-held card to foster informed decision-making on vaccination, and improve continuity of care across the EU.

Type	Reference	Content
web	www.ihe.net	contact : https://www.ihe.net/ihe_domains/it_infrastructure/ , iti@ihe.net , IHE IT Infrastructure Technical Committee: iti@ihe.net
web	euvabeco.eu	The European Vaccination Card (EVC) is a citizen-held card to foster informed decision-making on vaccination, and improve continuity of care across the EU.
web	eur-lex.europa.eu	ANNEX II - Essential requirements for the harmonised software components of EHR systems and for products for which interoperability with EHR systems has been claimed
web	eur-lex.europa.eu	Article 9 - Right to obtain information on accessing data
web	eur-lex.europa.eu	A critical privacy requirement for the EVC is unlinkability: Article 5a(16) of Regulation (EU) No 910/2014 as amended Article 5a(16): The technical framework of the European Digital Identity Wallet shall:
web	smart.who.int	The World Health Organization (WHO) operates the Global Digital Health Certification Network (GDHCN) , a trust network for public-sector health jurisdictions. The GDHCN provides the infrastructure for the bilateral verification and utilization of Verifiable Digital Health Certificates across participating jurisdictions.
web	profiles.ihe.net	The GDHCN distributes trust lists using Decentralized Identifiers (DIDs) . Each participating jurisdiction's key material is represented as a DID Document containing verification methods with the jurisdiction's public keys. These DID Documents are published as endpoints by the Trust Anchor, analogous to how the IHE mCSD Profile distributes service endpoints for Organizations. This enables participants to discover and retrieve the PKI material needed for signature verification through a standardized, cacheable, and federated mechanism.
web	ewsdata.rightsindevelopment.org	In the region of the Americas, "countries identified several priorities for cross-border digital health, including optimizing available human resources through international telehealth, validating digital certificates, ensuring continuity of care, and regional resilience to face health emergencies by sharing data for public health. During the IDB-PAHO co-led event, RELACSIS 4.0.1 a plan was launched to strengthen regional digital health services and resilience, through regional data exchange and policy harmonization. Sixteen countries successfully exchanged digital vaccine certificates (COVID-19, Polio, Measles, and Yellow Fever) and critical clinical information (diagnosis, allergy, and prescription information) using international standards during the 2nd Regional LACPASS Connectathon.2 Regional bodies and network such as the Council of Ministers of Health of Central America and the Dominican Republic (COMISCA), The Caribbean Public Health Agency (CARPHA), and the LAC Digital Health Network (RACSEL) have all identified cross-border data sharing as a priority." footnote
web	ewsdata.rightsindevelopment.org	The Pan-American Highway for Health (PH4H) "aims to provide patients with better healthcare services, regardless of their location. It will also enhance healthcare for those who move temporarily for work or study, as well as for migrants, by enabling them to share their health history, thus improving their employability and access to education. " footnote
web	profiles.ihe.net	Initiate Authenticate Node ITI-19 transaction to establish a secure connection and validate participation in the trust network using PKI material published by the trust anchor.
web	profiles.ihe.net
web	profiles.ihe.net
web	github.com	Verifiable Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions
web	www.ihe.net	IG © 2024+ IHE IT Infrastructure Technical Committee . Package ihe.iti.vhl#0.0.2-current based on FHIR 4.0.1 . Generated 2026-03-13 Links: Table of Contents \| QA Report \| New Issue \| Issues Version History \| \| Propose a change
web	github.com	Links: Table of Contents \| QA Report \| New Issue \| Issues Version History \| \| Propose a change
web	github.com	Links: Table of Contents \| QA Report \| New Issue \| Issues Version History \| \| Propose a change
web	profiles.ihe.net	Links: Table of Contents \| QA Report \| New Issue \| Issues Version History \| \| Propose a change
web	www.ihe.net	Links: Table of Contents \| QA Report \| New Issue \| Issues Version History \| \| Propose a change
web	profiles.ihe.net	This requirement is satisfied by implementing secure channel establishment as defined in the Audit Trail and Node Authentication (ATNA) Profile, specifically through the Authenticate Node [ITI-19] transaction.
web	profiles.ihe.net	This transaction MAY be conducted over a secure channel, as defined in the Audit Trail and Node Authentication (ATNA) Profile.
web	profiles.ihe.net	Implementers SHOULD consult cross-profile guidance regarding interoperability with the IHE Document Digital Signature (DSG) profile , particularly in cases where additional attestation, long-term non-repudiation, or multi-party signatures are involved.
web	profiles.ihe.net	In this requirement, the VHL Sharer acts as a Consent Recorder, as defined in the Privacy Consent on FHIR (PCF) profile. Specifically, the Sharer SHALL initiate the Access Consent - ITI-108 transaction to formally capture the Holder's consent.
web	profiles.ihe.net	In this requirement, the VHL Sharer acts as a Consent Recorder, as defined in the Privacy Consent on FHIR (PCF) profile. Specifically, the Sharer SHALL initiate the Access Consent - ITI-108 transaction to formally capture the Holder's consent.
web	profiles.ihe.net	IHE mCSD : Mobile Care Services Discovery
web	smart.who.int	The VHL Sharer generates a QR code containing the VHL. The QR code is encoded as an HCERT/CWT structure per the WHO SMART Trust HCERT specification and contains the SHL payload embedded at claim key 5 within the hcert claim (claim key -260).
web	smart.who.int	After constructing the SHL payload (steps 1-4 above), the VHL Sharer SHALL encode it within an HCERT structure as per the WHO SMART TRUST specification. The HCERT claim SHALL be 5 for VHL.
web	smart.who.int	The VHL Sharer shall than generate the QR Code as per the HCERT Specification .
web	profiles.ihe.net	See ITI TF-2: Appendix Z.6 for more details on response format handling.
web	smart.who.int	WHO SMART Trust HCERT Specification : HCERT Structure
web	profiles.ihe.net	ITI TF-2: Mobile Health Document Sharing (MHD) : ITI-66 Find Document Lists
web	profiles.ihe.net	ITI Internet User Authorization (IUA) : IUA Profile
web	www.ihe.net	IHE IT Infrastructure Technical Committee
web	www.ihe.net	Contact: ( https://www.ihe.net/ihe_domain... , iti@ihe.net , IHE IT Infrastructure Technical Committee: iti@ihe.net )
web	profiles.ihe.net	IHE uses the normative words: Shall, Should, and May according to standards conventions .
web	profiles.ihe.net	The use of `mustSupport` in StructureDefinition profiles equivalent to the IHE use of R2 as defined in Appendix Z .
web	profiles.ihe.net	Editor, add the following new or modified actors to the IHE Technical Frameworks General Introduction Appendix A :
web	profiles.ihe.net	Editor, add the following new or modified transactions to the IHE Technical Frameworks General Introduction Appendix B :
web	profiles.ihe.net	Editor, add the following new or modified terms to the IHE Technical Frameworks General Introduction Appendix D :
web	smarthealth.cards	HL7: SMART Health Cards Overview VHL: VHL Volume 1 – Actors
web	smarthealth.cards	HL7: SMART Health Cards Overview VHL: VHL Volume 1 – Security
web	smarthealth.cards	HL7: SMART Health Cards VHL: VHL Volume 1 – Record Consent
web	smarthealth.cards	HL7: SMART Health Cards VHL: VHL Volume 1 – Use Cases
web	profiles.ihe.net	This section defines the actors, transactions, and/or content modules in this profile. Further information about actor and transaction definitions can be found in the IHE Technical Frameworks General Introduction Appendix A: Actors and Appendix B: Transactions .
web	profiles.ihe.net	This section defines the actors, transactions, and/or content modules in this profile. Further information about actor and transaction definitions can be found in the IHE Technical Frameworks General Introduction Appendix A: Actors and Appendix B: Transactions .

web

eur-lex.europa.eu

ANNEX II - Essential requirements for the harmonised software components of EHR systems and for products for which interoperability with EHR systems has been claimed

web

eur-lex.europa.eu

Article 9 - Right to obtain information on accessing data

web eur-lex.europa.eu A critical privacy requirement for the EVC is unlinkability: Article 5a(16) of Regulation (EU) No 910/2014 as amended Article 5a(16): The technical framework of the European Digital Identity Wallet shall:

web smart.who.int The World Health Organization (WHO) operates the Global Digital Health Certification Network (GDHCN) , a trust network for public-sector health jurisdictions. The GDHCN provides the infrastructure for the bilateral verification and utilization of Verifiable Digital Health Certificates across participating jurisdictions.

web profiles.ihe.net The GDHCN distributes trust lists using Decentralized Identifiers (DIDs) . Each participating jurisdiction's key material is represented as a DID Document containing verification methods with the jurisdiction's public keys. These DID Documents are published as endpoints by the Trust Anchor, analogous to how the IHE mCSD Profile distributes service endpoints for Organizations. This enables participants to discover and retrieve the PKI material needed for signature verification through a standardized, cacheable, and federated mechanism.

web ewsdata.rightsindevelopment.org In the region of the Americas, "countries identified several priorities for cross-border digital health, including optimizing available human resources through international telehealth, validating digital certificates, ensuring continuity of care, and regional resilience to face health emergencies by sharing data for public health. During the IDB-PAHO co-led event, RELACSIS 4.0.1 a plan was launched to strengthen regional digital health services and resilience, through regional data exchange and policy harmonization. Sixteen countries successfully exchanged digital vaccine certificates (COVID-19, Polio, Measles, and Yellow Fever) and critical clinical information (diagnosis, allergy, and prescription information) using international standards during the 2nd Regional LACPASS Connectathon.2 Regional bodies and network such as the Council of Ministers of Health of Central America and the Dominican Republic (COMISCA), The Caribbean Public Health Agency (CARPHA), and the LAC Digital Health Network (RACSEL) have all identified cross-border data sharing as a priority."
footnote

web ewsdata.rightsindevelopment.org The Pan-American Highway for Health (PH4H) "aims to provide patients with better healthcare services, regardless of their location. It will also enhance healthcare for those who move temporarily for work or study, as well as for migrants, by enabling them to share their health history, thus improving their employability and access to education. "
footnote

web profiles.ihe.net Initiate Authenticate Node ITI-19 transaction to establish a secure connection and validate participation in the trust network using PKI material published by the trust anchor.

web

profiles.ihe.net

web

profiles.ihe.net

web github.com Verifiable Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions

web www.ihe.net IG © 2024+ IHE IT Infrastructure Technical Committee . Package ihe.iti.vhl#0.0.2-current based on FHIR 4.0.1 . Generated 2026-03-13
Links: Table of Contents | QA Report | New Issue | Issues Version History | | Propose a change

web profiles.ihe.net This requirement is satisfied by implementing secure channel establishment as defined in the Audit Trail and Node Authentication (ATNA) Profile, specifically through the Authenticate Node [ITI-19] transaction.

web profiles.ihe.net This transaction MAY be conducted over a secure channel, as defined in the Audit Trail and Node Authentication (ATNA) Profile.

web profiles.ihe.net Implementers SHOULD consult cross-profile guidance regarding interoperability with the IHE Document Digital Signature (DSG) profile , particularly in cases where additional attestation, long-term non-repudiation, or multi-party signatures are involved.

web profiles.ihe.net In this requirement, the VHL Sharer acts as a Consent Recorder, as defined in the Privacy Consent on FHIR (PCF) profile. Specifically, the Sharer SHALL initiate the Access Consent - ITI-108 transaction to formally capture the Holder's consent.

web profiles.ihe.net IHE mCSD : Mobile Care Services Discovery

web smart.who.int The VHL Sharer generates a QR code containing the VHL. The QR code is encoded as an HCERT/CWT structure per the WHO SMART Trust HCERT specification and contains the SHL payload embedded at claim key 5 within the hcert claim (claim key -260).

web smart.who.int After constructing the SHL payload (steps 1-4 above), the VHL Sharer SHALL encode it within an HCERT structure as per the WHO SMART TRUST specification. The HCERT claim SHALL be 5 for VHL.

web smart.who.int The VHL Sharer shall than generate the QR Code as per the HCERT Specification .

web profiles.ihe.net See ITI TF-2: Appendix Z.6 for more details on response format handling.

web smart.who.int WHO SMART Trust HCERT Specification : HCERT Structure

web profiles.ihe.net ITI TF-2: Mobile Health Document Sharing (MHD) : ITI-66 Find Document Lists

web profiles.ihe.net ITI Internet User Authorization (IUA) : IUA Profile

web

www.ihe.net

IHE IT Infrastructure Technical Committee

web www.ihe.net Contact: ( https://www.ihe.net/ihe_domain... , iti@ihe.net , IHE IT Infrastructure Technical Committee: iti@ihe.net )

web profiles.ihe.net IHE uses the normative words: Shall, Should, and May according to standards conventions .

web profiles.ihe.net The use of mustSupport in StructureDefinition profiles equivalent to the IHE use of R2 as defined in Appendix Z .

web profiles.ihe.net Editor, add the following new or modified actors to the IHE Technical Frameworks General Introduction Appendix A :

web profiles.ihe.net Editor, add the following new or modified transactions to the IHE Technical Frameworks General Introduction Appendix B :

web profiles.ihe.net Editor, add the following new or modified terms to the IHE Technical Frameworks General Introduction Appendix D :

web smarthealth.cards HL7: SMART Health Cards Overview
VHL: VHL Volume 1 – Actors

web smarthealth.cards HL7: SMART Health Cards Overview
VHL: VHL Volume 1 – Security

web smarthealth.cards HL7: SMART Health Cards
VHL: VHL Volume 1 – Record Consent

web smarthealth.cards HL7: SMART Health Cards
VHL: VHL Volume 1 – Use Cases

web profiles.ihe.net This section defines the actors, transactions, and/or content modules in this profile. Further information about actor and transaction definitions can be found in the IHE Technical Frameworks General Introduction Appendix A: Actors and Appendix B: Transactions .

Internal Images

PH4H.png

ehds_legal.png

hajj-diagram.png

trust_network.png