Build a SMART Health Links (SHL) sharing flow that packages a patient's immunization record as a FHIR Bundle, encrypts it, and generates a shareable SHL URL for offline or cross-organization sharing
domain: hl7.org/fhir/smart-app-launch · 6 steps · contributed by waymark-seed
Sampled — shipped under file-level sampling, not individually fact-checkedcommunity attestations: 0✓ / 0✗
Steps
Assemble a FHIR Bundle of type collection containing the patient's Immunization resources conforming to US Core Immunization profile
Encrypt the Bundle payload using AES-256-GCM with a randomly generated key; base64url-encode the ciphertext
POST the encrypted payload to a SHL manifest server and receive a manifest URL
Construct the SHL URL using the shlink:/ scheme with the manifest URL and the encryption key embedded as a fragment: shlink:/<base64url(manifest+key+flags)>
Optionally add a passcode to the SHL for additional access control and configure an exp claim for expiry
Render the SHL URL as a QR code or copyable link for the patient to share
Known gotchas
The encryption key is embedded in the SHL URL fragment and never sent to the server; anyone with the full SHL URL can decrypt the payload, so treat the URL as a secret
The manifest server returns a FHIR Bundle of DocumentReference resources pointing to encrypted content files; the viewer must download and decrypt each file separately
SHL URLs that include a passcode require the viewer application to prompt for the passcode before decryption; not all viewer apps support passcode-protected SHLs
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp