Licensing, gaining "trusted issuer" status, etc

[DangerPoodle]

So I have a working implementation, but I'm unclear on whether I can publicly claim to be "SmartHealthCard Compliant", use the icons from smarthealth.cards, etc. Also, I'm not sure how to get "trusted issuer" status, so (e.g.) the phone app will verify my QR's rather than say "issuer not recognized". Is there a licensing process, test suite I have to pass, etc? I couldn't find any docs for this.

TIA!

[jmandel]

Thanks for these questions, and welcome! Awesome to hear you've developed a Health Cards implementation :-)

A few notes and links to share for SMART Health Cards issuers.

• Anyone can build a SMART Health Cards implementation, using our free, open specifications. If you're interested in using the SMART logo in conjunction with your implementation, https://smarthealthit.org/logo/ outlines terms and has a process to get you started. (Note: you do not need to use the logo or SMART branding in association with your implementation -- but if you want to use the logo, you must follow this process.)

• Which issuers are "trusted" is highly dependent on context. At the level of the core spec, https://spec.smarthealth.cards/#trust provides the relevant background -- basically, the SMART Health Cards implementation guide imposes no particular trust framework, and it's up to individual verifiers to decide which apps to trust. To make this ecosystem more manageable for verifiers, https://vci.org is offering a public directory of issuers -- it's designed to include issuers directly responsible for providing immunizations (e.g., pharmacies or health systems) as well as state-level immunization registries. I should note that VCI directory doesn't include software vendors as issuers per se; an issuer would always be an organization responsible for managing health records (and that organization may rely on software vendors, of course). There's background at https://github.com/the-commons-project/vci-directory; it's fair to say that VCI is aiming to start slow and small here. As a first step, even before getting listed in the VCI Directory, you might consider joining VCI at https://vci.org/join-us (it's a free and lightweight process).

• Part of signing up for either of steps above (logo use; VCI Directory) is demonstrating that you pass the validation SDK at https://github.com/smart-on-fhir/health-cards-validation-sdk (https://demo-portals.smarthealth.cards/ can be a helpful resource for exploring, too).

[DangerPoodle]

Awesome, thanks!