SMART Verifiable IPS for Pilgrimage
1.0.1 - ci-build

SMART Verifiable IPS for Pilgrimage, published by WHO. This guide is not an authorized publication; it is the continuous build for version 1.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/WorldHealthOrganization/smart-ips-pilgrimage/tree/main and changes regularly. See the Directory of published versions

Transactions

These are the transactions defined for ips-pilgrimage

The Record Consent Request Event transaction is initiated by a Origin Country Health Solution against the Origin Country HIE. This transaction shall follow the IHE PCF record consent (ITI-108) transaction. The Origin Country Health Wallet acts as the Consent Record actor role and the Origin Country HIE acts as the Consent Registry actor role.

Origin CountryHealth WalletOrigin CountryHealth WalletOrigin CountryHIEOrigin CountryHIE01:send consent record request02:store consent directives03:send consent record response

Trigger Events

Message Semantics

Message Semantics Request

  • The message semantics for Record Consent Request utilizes a FHIR Consent resource set as PUT or POST http request.

  • See https://profiles.ihe.net/ITI/PCF/ITI-108.html for more details.

  • Specifically,

    • Access Consent - Create (ITI-108)
    • Access Consent - Update (ITI-108)
Message Semantics Response
  • See the ITI 108 for Create and Update sections. The success or failure of the create/ update interaction is indicated by the http response code (e.g., 400, 200, etc.).

Expected Actions

  • The consent is stored in the consent registry. Please see here for Capability statements for the Consent Registry actor

issue Verifiable SHL - request

The issue verifiable SHL Request Event transaction is initiated by a Origin Country Health Wallet against the Origin Country HIE.

Origin CountryHealth WalletOrigin CountryHealth WalletOrigin CountryHIEOrigin CountryHIE01:send issue SHL request02:generate HCERT containing the SHL03:send issue SHL response

Trigger Events

  • The issue verifiable SHL request transaction is initiated when a privacy configuration form has been recorded by a digital health wallet that includes disclosure and time limit settings.

    Message Semantics

Message Semantics Request
  • The message semantics for retrieve SHL Request shall include parameters that are required to construct a SMART Health Link Payload, specifically
    • flag for Passcode
    • expiration time
Message Semantics Response
  • The issue verifiable SHL Request - Response shall include a serialized CWT via a QR Code Image as specified in the Expected Actions section.

Expected Actions

The following are the expected actions for the Origin Country HIE once it receives the privacy configuration:

  • The SHL specificationsshall be followed to create a SMART Health Link which is then wrapped in HCERT structure and shared as a CWT structure, by following the below steps:
    • Establish a SMART Health Link Manifest URL
    • Build SHL manifest json that points to the health document (IPS) content
    • Generate SHLink URL for Manifest
    • Construct SHLink Payload
      • Minified
      • Base64urlencoded
      • Prefixed with shlink:/
    • Build HCERT containing SHL generated in previous step
    • Build COSE Payload including the HCERT and sign with private key using Kid
    • Build CWT with header payload and signature
    • Serialize the CWT and using Base64
    • Generate QR code

retrieve SHL manifest - request

The Retrieve SHL Manifest Request Event transaction is initiated by the Host Country EMR against the Origin Country HIE.

Host CountryEMRHost CountryEMROrigin CountryHIEOrigin CountryHIE01:retrieve SHL Manifest request02:send SHL Manifest request response

Trigger Events

  • The retrieve SHL manifest request transaction is initiated when the host country EMR has extracted a SHL payload from a QR code that was scanned and the decrypted CWT decrypted yielded a HCERT payload that wrapped the SHL payload within it.

    Message Semantics

Message Semantics Request
  • The message semantics for retrieve SHL Manifest Request shall be a POST request as specified by SMART Health Link Manifest Request, along with the passcode provided in the body of the request.
Message Semantics Response

Expected Actions

  • The recipient OCHIE checks if the SHL request is valid and responds with the SHL Manifest.

retrieve IPS - request

The Retrieve IPS Request Event transaction is initiated by the Host Country EMR against the Origin Country HIE.

Host CountryEMRHost CountryEMROrigin CountryHIEOrigin CountryHIE01:retrieve IPS request02:send IPS request response

Trigger Events

  • The retrieve IPS request transaction is initiated when the host country EMR has extracted a SHL manifest and is now requesting for retrieving the IPS in JSON format.

    Message Semantics

Message Semantics Request
  • The message semantics for retrieve IPS Request shall be a GET request for the IPS json.
Message Semantics Response
  • The message semantics for retrieve IPS Request-response shall send the IPS as a Json file.

Expected Actions

  • The recipient OCHIE responds with the IPS Json.