Build a Vaccine Credentials App with SMART Cards in 20 Min 🔥📲💉
💉

Build a Vaccine Credentials App with SMART Cards in 20 Min 🔥📲💉

Today we will be building the below with Cerner's FHIR sandbox.

image
image

SMART Health Cards

image
image
image

Idea is to have a JSON web signature with payload and a signature (issuer signs with private key and you can check against the public key)

How do you read these QR codes?

image

[above is from commonwell's smartcard reader]

SMART Cards are not just limited to COVID

Any test (VZV IgG, etc)

Any vaccine (MMR, Tdap, etc)

Building, Part 1

Basically, need to create a FHIR app

FHIR in the wild is basically OAuth2 and a REST API.

In a nutshell, to make a FHIR App, you need:

  1. A place to server code from (repl)
  2. Register your app with a FHIR server you want to use (Cerner sandbox)
  3. Launch a request against Patient/$health-cards-issue (see https://fhir.cerner.com/millennium/r4/other/health-cards/ )

image

You should see something like this

image

[Basically, we need to do this first to have a url to register, repl gives us a url to hook up]

Now we need to register our app

Create a new app

image

Name: Anything (like SMART Cards Test)

Replace the url with your url but keep launch.html and app.html

App Type: Patient

Client Type: Public

Authorized/OAuth2: Yes

Patient Scopes: Patient, Observation, Immunization

image

Click Save, you now have a client_id when you click back into your app

(Note: it takes 15 min sometimes for the client_id to actually get issued)

Part 2: Wire up your repl

Go to launch.html

Replace

  1. The client_id with your client_id
  2. The repl url with your repl url
image

Now launch it

image

Login as nancysmart/Cerner01 (the logins for all Cerner test patients are public and at https://docs.google.com/document/d/10RnVyF1etl_17pyCyK96tyhUWRbrTyEcqpwzW-Z-Ybs/edit) ... you can see this info at https://groups.google.com/forum/#!forum/cerner-fhir-developers

If you see the below, give it 15 min to complete registration

image

image

The main lift is getting the response from $health-cards-issue with name: verifiableCredential

image
image

To render the QR code, you need to convert the valueString to a numeric and then you can pass to kjua which will just render the svg

image

I didn't come up with that map logic, I took from

If you are looking for the json behind the scenes, you need to realize the valueString is base64url (not just base64) encoded, minified gzip without a header (need to use inflateRaw). Pako does the inflateRaw browser-side.

image

This json is logged out in the console

image

Note, it has patient name and dob, which is what we see in commonwell's smartcard reader

In conclusion ... test it out yourself

image

Thought for the future

As far as I know, SMART Cards can display any Observation or Immunization. It will be curious if these become a way to verify immunization for kids entering school/college or at employee health. Covid appears to be the tip of the iceberg for SMART Cards.

Extra Links