Verified Health Link
0.0.2-current - ci-build International flag

Verified Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions

2: Verifiable Health Links (VHL) - Volume 2

2:X.1 Transactions

2:XX Publish PKI Material

2:XX.1 Scope

The Publish PKI Material transaction is used by a trust network participants to share their key material.

A VHL Holder or a VHL Sharer initiates the Publish PKI Material on a Trust Anchor.

2:XX.2 Actor Roles

Actor Role
VHL Receiver, VHL Sharer Submit PKI material
Trust Anchor Distribute PKI material

2:XX.3 Referenced Standards

2:XX.4 Messages

2:XX.4.1 Publish PKI Material Request Message

2:XX.4.1.1 Trigger Events

When a trust network participant, a VHL Sharer or a VHL Receiver, generates a set of public-private key pair, it initiates submits this key material for validation and distribution by the VHL Receiver.




2:XX.4.1.2 Message Semantics


The message semantics for the submission of key material is left to the implementing jurisdiction of the trust network.  Within a trust network there may be different requirements for submission of key material depending on the usage of that key material,  For example:


    
  
  • publication of key material at a URL that is shared with the Trust Anchor via publication at a well-known website
    • 
  
  • publication of key material at a URL that is shared with the Trust Anchor through official channels (e.g. official letters)
    • 
  
  • submission of key material via API over a secured connection by a service managed by the Trust Anchor
    • 
  
  • secure in-person physcial transfer with verification of identify on a storage device.
    • 




2:XX.4.1.3 Expected Actions


Upon receipt of a set of public key material from a VHL Sharer or VHL Receiver, as trust network participants, the Trust Anchor validates and makes available a digitally signed version of the trust list.






2:XX.4.2 Publish PKI Material Response Message



There is no Publish PKI Material Repsonse Message defined in this profile.  This is up to the implementing jurisidiction of the Trust Anchor



2:XX.5 Security Considerations


The secure, trusted exchange of public key material is an essential component of a trust network.  The utmost care should be taken to ensure that key material is not compromised.  Implementers should pay particular attention to requirements from the implementing jurisidiction of the Trust Anchor.



2:XX Retrieve PKI Material



2:XX.1 Scope



The Retrieve PKI Material transaction returns a list of trusted public key material to be used by a trust network participant to validate document singatures, establish secure connections, or decrypt data.
A VHL Holder or a VHL Sharer initiates the Retrieve PKI Material against a Trust Anchor.



2:XX.2 Actor Roles




  
    

      Actor
      Role
    

  
  
    

      VHL Receiver, VHL Sharer
      Request PKI material
    

    

       
      Receive PKI material
    

    

      Trust Anchor
      Provide PKI material
    

  




2:XX.3 Referenced Standards



2:XX.4 Messages



2:XX.4.1 Retrieve PKI Material Request Message


2:XX.4.1.1 Trigger Events


A participant of a trust network, a VHL Sharer or a VHL Receiver, wishes to retrieve public key material in order to perform necessary actions such the validation of a digital signature, the establishment of a secure connection, or the decryption of encrypted content.    The received key material, or trust list, SHOULD be cached  by the trust network participant to reduce network and server load.



Preconditions:


    
  
  • The trust network participant knows in advance the endpoint at which to initiate the Retrieve PKI material from, which is provided by the Trust Anchor.
    • 




2:XX.4.1.2 Message Semantics


OPTIONS TO DISCUSS:


    
  
  • DID / JSON Web Keys
    • 
  
  • mCSD Endpoint
    • 




2:XX.4.1.3 Expected Actions



2:XX.4.2 Retrieve PKI Material Response Message



2:XX.4.2.1 Trigger Events



A Trust Anchor initiates an Retrieve PKI Material Response Message once it has completed, to the extent possible, the expected actions upon receipt of a Retrieve PKI Material Request message.



2:XX.4.2.2  Message Semantics


None defined. Up to a content profile to define.



2:XX.4.2.3 Expected Actions


A participant of a trust network, a VHL Sharer or a VHL Receiver,  SHOULD cache the received public material to reduce network and server load.



2:XX.5 Security Considerations


Depends on the content profile.





2:XX.1 Scope



The Issue Verfiable Health Link transaction returns a Verifiable Health Link authorization mechanism which can be used to provide access to one or more documents.  A VHL Holder initiates the Issue VHL transaction against a VHL Sharer.



2:XX.2 Actor Roles




  
    

      Actor
      Role
    

  
  
    

      VHL Holder
      Request that a VHL authorization mechanism be issued
    

    

       
      Receive VHL authorization mechanism
    

    

      VHL Sharer
      Generate a VHL authorization mechanism based on query parameters
    

  




2:XX.3 Referenced Standards



2:XX.4 Messages



2:XX.4.1 Issue VHL Request Message


2:XX.4.1.1 Trigger Events


A VHL Holder triggers a request for a VHL authorization mechanism to be generated from a Sharer in order to share health documents with a VHL Receiver.



The VHL Holder requests that a VHL authorization mechanism be issued to provide access to one or more health documents.



The [VHL Holder]((ActorDefinition-VHLHolder.html) MAY provide optional parameters.  The parameters may be to protect or constrain the scope of the authorization (e.g. configure a pass code, set the time period for which these documents should be made available).



Preconditions:


    
  
  • The Holder SHALL trust that Sharer has been authorized by its jurisidiction to authorize and provide access to health documents.
    • 
  
  • (optional) the Holder has selected consent and selective disclosure directives.
    • 




2:XX.4.1.2 Message Semantics


None defined. Up to a content profile to define.



2:XX.4.1.3 Expected Actions


The VHL Sharer shall generate a VHL to issue to a VHL Holder.



The VHL Sharer SHALL conduct or perform any necessary tasks to create or populate the folder of health documents that that VHL Holder has requested to be shared.  It is left to content profiles and other implementation guides to provide any further requirements but these MAY include:


    
  
  • generation of documents;
    • 
  
  • querying for existing documents associated to the VHL Holder of the requested type; or
    • 
  
  • creation of digital signatures.
    • 




Once these tasks are completed, VHL Sharer shall generate a VHL authorization mechanism according to a content profile.



A VHL Sharer may optionally:


    
  
  • record the consent of the individual to share their information under the Record Consent option.
    • 
  
  • create an audit trail of the creation of the VHL under the Audit Event option.
    • 




2:XX.4.2 Issue VHL Response Message



2:XX.4.2.1 Trigger Events



A VHL Sharer initiates an Issue Verifiable Health Link Response Message once it has completed, to the extent possible, the expected actions upon receipt of a Issue Verifiable Health Link Request message, as specified by an appropriate content profile.



2:XX.4.2.2  Message Semantics


None defined. Up to a content profile to define.



2:XX.4.2.3 Expected Actions


Is able to receive a VHL authorization mechanism from a VHL Holder



The Holder accepts the VHL for storage on wallet or other utilization.



2:XX.5 Security Considerations


Depends on the content profile.