Today we will be building the below with Cerner's FHIR sandbox.
SMART Health Cards
Idea is to have a JSON web signature with payload and a signature (issuer signs with private key and you can check against the public key)
How do you read these QR codes?
[above is from commonwell's smartcard reader]
SMART Cards are not just limited to COVID
Any test (VZV IgG, etc)
Any vaccine (MMR, Tdap, etc)
Building, Part 1
Basically, need to create a FHIR app
FHIR in the wild is basically OAuth2 and a REST API.
In a nutshell, to make a FHIR App, you need:
- A place to server code from (repl)
- Register your app with a FHIR server you want to use (Cerner sandbox)
- Launch a request against Patient/$health-cards-issue (see https://fhir.cerner.com/millennium/r4/other/health-cards/ )
Fork the repl at https://replit.com/@patientDev/smartcards#index.html
You should see something like this
[Basically, we need to do this first to have a url to register, repl gives us a url to hook up]
Now we need to register our app
Create an account at https://code.cerner.com/developer/smart-on-fhir
Create a new app
Name: Anything (like SMART Cards Test)
Replace the url with your url but keep launch.html and app.html
App Type: Patient
Client Type: Public
Authorized/OAuth2: Yes
Patient Scopes: Patient, Observation, Immunization
Click Save, you now have a client_id when you click back into your app
(Note: it takes 15 min sometimes for the client_id to actually get issued)
Part 2: Wire up your repl
Go to launch.html
Replace
- The client_id with your client_id
- The repl url with your repl url
Now launch it
Login as nancysmart/Cerner01 (the logins for all Cerner test patients are public and at https://docs.google.com/document/d/10RnVyF1etl_17pyCyK96tyhUWRbrTyEcqpwzW-Z-Ybs/edit) ... you can see this info at https://groups.google.com/forum/#!forum/cerner-fhir-developers
If you see the below, give it 15 min to complete registration
The main lift is getting the response from $health-cards-issue with name: verifiableCredential
To render the QR code, you need to convert the valueString to a numeric and then you can pass to kjua which will just render the svg
I didn't come up with that map logic, I took from
If you are looking for the json behind the scenes, you need to realize the valueString is base64url (not just base64) encoded, minified gzip without a header (need to use inflateRaw). Pako does the inflateRaw browser-side.
This json is logged out in the console
Note, it has patient name and dob, which is what we see in commonwell's smartcard reader
In conclusion ... test it out yourself
Thought for the future
As far as I know, SMART Cards can display any Observation or Immunization. It will be curious if these become a way to verify immunization for kids entering school/college or at employee health. Covid appears to be the tip of the iceberg for SMART Cards.
