Difference between revisions of "Patient Credential"

Revision as of 19:35, 6 July 2019

Full Title

The format of the document sent from a Identity Proofing Credential Service Provider to the device where the credential is stored.

Context

• When a patient has gone through [Identity Proofing]] and is "known to the practice", the Patient Credential can be installed on the patient's Device to allow IAL2 level of assurance authentication to access their PHI at the EHR.
• Note that the Identifier of the issuer will be the practice, but the Identifier of the Data Controller of the EHR may be different. It is required that the two Identifiers are both part of the same Trust Anchor so that the patient (or guardian) will trust one because of the trust of the other.

Format

Example of a JWT payload of a JWT-based verifiable Patient Credential using JWS as a proof

{
  "sub": "did:example:ebfeb1f712ebc6f1c276e12ec21",   // patient
  "jti": "http://example.edu/credentials/3732",
  "iss": "did:example:abfe13f712120431c276e12ecab",   // pcp
  "aud": :did:exmaple:wxyz89879872937498938749244",   // data controller (EHR)
  "iat": "1541493724",                                // issued date
  "exp": "1573029723",                                // expiry date
  "nonce": "660!6345FSer",
  "vc": {
    "@context": [
      "https://trustregistry.us/2018/health/v1"
    ],
    "type": ["PatientCredential", "IAL2"],
    "credentialSubject": {
      "physician": {
        "type": "known_to_the_practice",
        "name": "<span lang='fr-CA'>connu de la pratique</span>"
      }
    }
  }
}

References