WHO SMART Trust
1.1.5 - CI Build International flag

WHO SMART Trust, published by WHO. This guide is not an authorized publication; it is the continuous build for version 1.1.5 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/WorldHealthOrganization/smart-trust/ and changes regularly. See the Directory of published versions

Home

Official URL: http://smart.who.int/trust/ImplementationGuide/smart.who.int.trust Version: 1.1.5
Draft as of 2024-09-10 Computable Name: Trust

Introduction

Overview

This guide describes the specifications and on-boarding procedures for WHO's Global Digital Health Certification Network (GDHCN). The GDHCN is a mechanism to support verification of health documents and certifications that are exchanged between participants of the GDHCN. These health certifications may include COVID-19 certificates, routine immunization cards, and home-based records consistent with International Patient Summary standards. This mechanism provides means of harmonizing global health protocol standards and establishing a system for recognition of digital certificates for continuity of care and at point of entry. The GDHCN is designed to leverage existing investments by jurisdictions that were made under the COVID-19 response and provide the digital health infrastructure needed for resiliency in future epidemic and pandemic responses.

The GDHCN is a digital reflection of the trust WHO already has with Member States. The GDHCN is a digital trust network is based on proven concepts which are used to describe the specifications and mechanisms for establishing trust, which allow eligible participants to establish new trust domains for exchange of verifiable digital health records. Eligible participants of the trust network may apply to join by following an on-boarding process. The GDHCN is operated under the GDHCN Administrative and Operational Framework.

Trust Network

Trust Network

Background & Purpose

In response to COVID-19, Governments and organizations across the world have developed and adopted standards and technologies to create, present, and verify digital vaccination and test credentials. However, a global technical framework to enable convenient use and interoperability of these credentials between systems – while also allowing domestic autonomy over their use – does not exist yet and is critically needed.

The WHO Global Digital Health Certification Network is a collection of components that are used to verify interoperable digital health documents or certificates. This system of comprised of three main features:

  • A collection of well defined digital health documents that are issued and verified by members of the GDHCN
  • A Public Key Infrastructure (PKI) that is used for the publishing and distribution of public keys used for verification of digital signatures of the digital health documents.
  • A Knowledge Library used to maintain metadata including terminology codings, product codes and business rules that are used to provide semantic interoperability of these digital health documents

In addition to verifying and validating COVID-19 certificates, a global digital health trust network such as the GDHCN can:

  • Establish trust of digitally signed clinical algorithms published by WHO through the SMART Guidelines work.
  • Allow for a global product catalogue of trusted medical products and devices.
  • Ensure information about a patient can be accessed and trusted regardless of one is in the world.
  • Support health systems resiliency to address future outbreaks in a world.
  • Empower individuals to manage their own health and well-being.

The interoperable exchange of health information in a trusted environment is a complex task with an increasingly large number of stakeholders (e.g. public health agencies, accredited labs, border control organizations, institutions authorized to verify) that need to ensure that data is transferred safely and securely, that the health content is interoperable, and that information is understandable and actionable. This guide details how to utilize a global technical framework to allow interoperability of health credentials between systems, while preserving domestic autonomy over their use.

Achieving global interoperability of health certificates does not require that all jurisdictions use the same standard. Interoperability can also be achieved when there are pre-arranged mechanisms in place so that certificates issued by one jurisdiction are accepted in another. A number of services and technical artifacts have been developed to address particular criteria for establishing interoperability and a system of trust including:

  • Data models, transformations and vocabulary definitions that allow exchange of health data between various standards formats, preserving a jurisdiction's autonomy regarding domestic processes while allowing re-issuance and mutual recognition of credentials between jurisdictions
  • Standard specifications for exchanging public keys between various networks for verifying digital signatures on health credentials
  • A global trust registry and federated public key infrastructure solution that provides technical interoperability and technical governance between regional trust networks
  • Workflows for creating, sharing and executing business rules that evaluate public health policies against health data for cross-border or port of entry requirements
  • Open source tools and technical guidance to reduce the burden of implementing the technical infrastructure to participate in the federated trust network, including open source trust network infrastructure for jurisdictions to implement their own regional trust networks
Audience

This guide describes expected workflows for potential actors in a trust ecosystem, namely:

  • Issuers that provide verifiable health credentials to individuals,
  • Verifiers that consume verifiable health credentials provided by individuals, and
  • Trust Networks that establish trust relationships and policies between issuers and verifiers.

The audience for this guide includes decision makers, analysts and technical assets at potential individual issuers, existing trust networks or potential verifiers who may participate in the federated trust network. Stakeholders include Member States, regional networks, and standards development organizations.

Participants

Latest Status

Latest Status

Available Trust Domains

Currently, the following trust domains are available:

  • DDCC: The Digital Documentation of COVID-19 Certificates (DDCC) Trust Domain covers the utilization of COVID-19 Vaccine Certificates and Test Results
  • IPS-PILGRIMAGE:implementation Guide is intended to support the utilization of variable International Patient Summary (IPS) documents during pilgrimage.
  • PH4H: currently in DRAFT, implementation guide to support the PH4H Initiative that aims to enable connected health for all people in Latin America and the Caribbean (LAC). Led by the Inter-American Development Bank (IDB), the Pan-American Health Organization (PAHO) and the countries of the region.

Ethical Considerations and Data Protection Principles

As with any digital solution, there are ethical considerations, such as potential impacts on equity and on equitable access, and data protection principles that need to inform the design of the technical specifications, as well as provide guidance on how resulting solutions can be ethically implemented. The following page discusses some key ethical considerations and data protection principles that Member States are encouraged to – and, where they have legal obligations, must – include in their respective deployments of digital solutions. These ethical considerations and data protection principles have also informed the design criteria for WHO’s SMART Guidelines and for the utilization of the WHO’s Global Digital Health Certification Network.

References

This Implementation Guide is based on the following References

Dependencies

There are no dependencies for this implementation guide. The source code for the WHO SMART Guidelines IG template is available here.

IGPackageFHIRComment
.. WHO SMART Trustsmart.who.int.trust#1.1.5R4
... HL7 Terminology (THO)hl7.terminology.r4#6.0.2R4Automatically added as a dependency - all IGs depend on HL7 Terminology
... FHIR Extensions Packhl7.fhir.uv.extensions.r4#5.1.0R4Automatically added as a dependency - all IGs depend on the HL7 Extension Pack
... SMART Basesmart.who.int.base#0.1.0R4
.... HL7 Terminology (THO)hl7.terminology#5.5.0R4
..... FHIR Extensions Packhl7.fhir.uv.extensions.r4#1.0.0R4
.... Using CQL with FHIRhl7.fhir.uv.cql#1.0.0R4
.... Canonical Resource Management Infrastructure Implementation Guidehl7.fhir.uv.crmi#1.0.0R4
.... Structured Data Capturehl7.fhir.uv.sdc#3.0.0R4
... WHO Digital Documentation of COVID-19 Certificates (DDCC)who.ddcc#1.0.0R4
.... International Patient Summary Implementation Guidehl7.fhir.uv.ips#1.1.0R4
..... HL7 Terminology (THO)hl7.terminology.r4#5.0.0R4
..... fhir.dicomfhir.dicom#2022.4.20221006R4
.... International Patient Accesshl7.fhir.uv.ipa#1.0.0R4
..... SMART App Launchhl7.fhir.uv.smart-app-launch#2.0.0R4
.... Mobile access to Health Documents (MHD)ihe.iti.mhd#4.2.2R4
..... HL7 Terminology (THO)hl7.terminology.r4#5.5.0R4
... SMART ICVPsmart.who.int.icvp#0.1.0R4
.... International Patient Summary Implementation Guidehl7.fhir.uv.ips#2.0.0-ballotR4
.... Mobile Care Services Discovery (mCSD)ihe.iti.mcsd#3.8.0R4
..... HL7 Terminology (THO)hl7.terminology.r4#3.1.0R4
..... Basic Audit Log Patterns (BALP)ihe.iti.balp#1.1.0R4
.... SMART TSsmart.who.int.ts#0.1.0R4

Package hl7.fhir.uv.extensions.r4#5.1.0

This IG defines the global extensions - the ones defined for everyone. These extensions are always in scope wherever FHIR is being used (built Sat, Apr 27, 2024 18:39+1000+10:00)

Package hl7.fhir.uv.extensions.r4#1.0.0

This IG defines the global extensions - the ones defined for everyone. These extensions are always in scope wherever FHIR is being used (built Sun, Mar 26, 2023 08:46+1100+11:00)

Package hl7.fhir.uv.cql#1.0.0

This implementation guide defines profiles, operations and guidance for the use of CQL with FHIR, both as a mechanism for querying, as well as inline and integrated usage as part of knowledge artifacts. (built Fri, May 31, 2024 14:18+0000+00:00)

Package hl7.fhir.uv.crmi#1.0.0

This implementation guide defines profiles, operations, capability statements and guidance to facilitate the content management lifecycle for authoring, publishing, distribution, and implementation of FHIR knowledge artifacts such as value sets, profiles, libraries, rules, and measures. The guide is intended to be used by specification and content implementation guide authors as both a dependency for validation of published artifacts, and a guide for construction and publication of content. (built Fri, May 31, 2024 16:38+0000+00:00)

Package hl7.fhir.uv.sdc#3.0.0

The SDC specification provides an infrastructure to standardize the capture and expanded use of patient-level data collected within an EHR.
This includes two components:
* Support more sophisticated questionnaire/form use-cases such as those needed for research, oncology, pathology and other clinical domains.
*Support pre-population and auto-population of EHR data into forms/questionnaires for uses outside direct clinical care (patient safety, adverse event reporting, public health reporting, etc.). (built Tue, Mar 8, 2022 18:32+0000+00:00)

Package smart.who.int.base#0.1.0

Base SMART Guidelines implementation guide to be used as the base dependency for all SMART Guidelines IGs (built Fri, Sep 20, 2024 13:43+0000+00:00)

Package hl7.fhir.uv.ips#1.1.0

International Patient Summary (IPS) FHIR Implementation Guide (built Tue, Nov 22, 2022 03:24+0000+00:00)

Package hl7.fhir.uv.ipa#1.0.0

This IG describes how an application acting on behalf of a patient can access information about the patient from an clinical records system using a FHIR based API. The clinical records system may be supporting a clinical care provider (e.g. a hospital, or a general practitioner), or a health data exchange, including a national health record system. (built Sun, Mar 26, 2023 20:50+0000+00:00)

Package ihe.iti.mhd#4.2.2

ImplementationGuide for IHE IT Infrastructure Technical Framework Supplement Mobile access to Health Documents (MHD) (built Sat, May 18, 2024 12:30-0500-05:00)

Package who.ddcc#1.0.0

This WHO Digital Documentation of COVID-19 Certificates (DDCC) Implementation Guide details how to use Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) for consistent digital representation of COVID-19 certificates and interoperability. (built Thu, Oct 17, 2024 05:00+0000+00:00)

Package ihe.iti.balp#1.1.0

The Basic Audit Log Patterns (BALP) Implementation Guide is a Content Profile that defines some basic and reusable AuditEvent patterns. This includes basic audit log profiles for FHIR RESTful operations to be used when there is not a more specific audit event defined. A focus is enabling Privacy centric AuditEvent logs that hold well formed indication of the Patient when they are the subject of the activity being recorded in the log. Where a more specific audit event can be defined it should be derived off of these basic patterns. (built Wed, May 4, 2022 10:07-0500-05:00)

Package ihe.iti.mcsd#3.8.0

The IHE Mobile Care Services Discovery (mCSD) IG provides a transaction for mobile and lightweight browser-based applications to find and update care services resources. (built Fri, Aug 12, 2022 09:41-0500-05:00)

Package smart.who.int.ts#0.1.0

An empty Implementation Guide to be used as a starting point for building SMART Guidelines Implementation Guides (built Fri, Oct 4, 2024 14:19+0000+00:00)

Package smart.who.int.icvp#0.1.0

SMART Guidelines for International Certificate for Vaccination or Prophylaxis (built Mon, Oct 7, 2024 07:27+0000+00:00)

Providing Feedback

Feedback specific to this Implementation Guide can provided through:

  • Frequently asked questions can be viewed here
  • Clicking on one of the Feedbacks link to the right of any section header
  • Sending an email to gdhcn-support@who.int
  • Creating an issue on GitHub trust repository

Community

Sign up on chat.fhir.org community and follow the stream who-smart-guidelines for questions, queries and chats related to WHO SMART Guidelines

WHO also hosts weekly calls on authoring and implementing WHO SMART Guidelines where participation is welcome. Please send an email at gdhcn-support@who.int in order to get invited.

Disclaimer

The specification herewith documented is a demo working specification, and may not be used for any implementation purposes. This draft is provided without warranty of completeness or consistency, and the official publication supersedes this draft. No liability can be inferred from the use or misuse of this specification, or its consequences.