Verifiable Health Links
1.0.0-comment - ballot International flag

This page is part of the Verifiable Health Links (v1.0.0-comment: Publication Ballot 1) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions

Requirements: Verify Document Signature

Official URL: https://profiles.ihe.net/ITI/VHL/Requirements/VerifyDocumentSignature Version: 1.0.0-comment
Active as of 2026-06-14 Computable Name: VerifyDocumentSignature

The VHL Receiver, upon receiving a digitally signed health document from a VHL Sharer, MAY verify the document's digital signature using previously retrieved PKI material.

This verification process confirms the authenticity, integrity, and provenance of the document independently of the Verified Health Link (VHL) itself.

The public key used for this verification MAY:

  • Originate from a different trust network than the one used to validate the VHL
  • Be unrelated to the key used to validate the VHL signature

Implementers SHOULD consult cross-profile guidance regarding interoperability with the IHE Document Digital Signature (DSG) profile, particularly in cases where additional attestation, long-term non-repudiation, or multi-party signatures are involved.

These requirements apply to the actor VHL Receiver

Extract Signature and Key IDSHALL

Upon receipt of a digitally signed health document, extract signature, key id, and participant code.

Lookup DSCSHALL

Lookup Document Signing Certificate (DSC) public key by key id and participant code

Verify SignatureSHALL

Verify signature using the public key