In the U.S, after you get vaccinated against COVID-19 you are given a small paper card issued by the CDC that is essentially the only evidence that you’ve received your shots. It might seem like a flimsy level of proof, one that you could easily lose, but replacing that paper copy with a digital one has become a political lightning rod in America.
In spite of that, many companies are attempting to attack the problem to produce a viable form of digital proof, sometimes called vaccine passports. For all intents and purposes, what many call a vaccine passport is simply proof you’ve been vaccinated that you can carry on your smartphone, rather than on a card in your wallet.
Some have argued against the digital approach for privacy reasons. Others have claimed it is a civil liberties issue, and some have pointed to equity issues related to not having equal access to appropriate technology or the internet.
That lack of consensus along with the open ethical questions, has led some states, including Florida and Georgia, to ban the use of electronic passport records, at least as far as requiring them to conduct state business or to create a centralized vaccination record-keeping system. In Iowa, the governor signed a law last month that prohibits businesses and the state from requiring any proof to access services, whether the card is physical or digital.
These are just a few examples of the patchwork of state laws and executive orders that has resulted in even more complexity for companies trying to develop products to solve this problem. But not every state is banning digital vaccination records. Earlier this month, California opened a registration system to request a digital record of your vaccination and New York announced a system earlier this year to download proof of vaccination to your smartphone. More on these approaches later.
We spoke to several experts to get their take on moving your vaccine card to the digital world to find out how this could work in spite of the obvious friction.
Practical issues
According to Dr. Shira I. Doron from Tufts Medical Center in Boston, whose specialties include infectious diseases and hospital epidemiology, it’s not as simple a matter as may sound.
For starters she says, states have not kept records in a consistent way. People have been getting vaccinated in all kinds of places from school gyms to pharmacies to stadiums, and it’s not clear if those records have made their way to people’s primary care physicians, assuming they even have one.
“[Vaccine passports could work] if [a system] had been rolled out that way [with central record keeping in mind] from December 15th [when we started vaccinating], but it was not. So, if somebody takes it on to go backwards and issue that kind of proof to people, maybe a system like that could work — and of course there are a lot of people that have taken issue with the ethics of that,” she said.
For her, it comes down to infection rates. As they drop with more people getting vaccinated, it could alleviate the need for any kind of proof at all because we would be safer simply because the infection rate fell below 10%. “I think that more ideally we get down to such a low infection rate and such high rate of vaccination that there is no longer a concern about people walking into a building,” she said.
Putting it in on the blockchain
If the infection rate remains higher than desirable, or certain entities like universities want to require it, how do we offer proof of vaccination beyond the paper card? Some people are pointing to the blockchain, but the approach isn’t without controversy. New York State is using IBM’s blockchain technology for its proof of vaccination called Excelsior Pass, but privacy advocates worry that doing so could expose people’s personal medical information.
The idea with the IBM approach is that you to go to your physician’s healthcare portal or some other place that has your vaccine records, and which has partnered with IBM. The portal will present you with a QR code which you can take a picture of with your phone and store in your phone’s digital wallet. The person then presents the QR code at a venue, which uses a companion scanning application to view it to see proof of vaccination (or a recent negative test). Finally the venue would verify the identity of that person with a secondary form of ID like a driver’s license.
The question then is why use the blockchain at all in this instance. IBM Global VP of Payer and Emerging Business Networks Eric Piscini, says that there are three main reasons. “The first is that the immutability of the blockchain is extremely important, and that’s [a big reason] why we use it. The second piece, which is also very important is the decentralization of that platform so that [all of the vaccine data] is not just in one place. It’s decentralized and managed by different parties. […] The third piece […] is the audit trail, and not just for me as a consumer, but as an [entity] that is trying to verify me,” he explained.
But are those reasons enough to justify its use? Steve Wilson, an analyst at Constellation Research, who specializes in end user privacy thinks the blockchain is an inappropriate technology to use for digital proof of vaccination. “Basically, I don’t see how blockchain adds anything to the digitizing of COVID vaccinations or tests. The purpose of blockchain is to crowd-source agreement on the ordering of some events, and logging that order in a shared record. What problem in vaccination management does that address,” he asked.
An open-source approach to the problem
When California released a digital vaccination record app last week, it went a different route, using an open-source framework called the Smart Health Cards Framework. The framework was developed by an organization called The Commons Project (TCP) along with a broad coalition of health and technology organizations including Oracle, Microsoft, Salesforce, Epic and others.
JP Pollak, co-founder of The Commons Project, Senior Researcher-in-Residence at Cornell Tech, and Assistant Professor at Weill Cornell Medicine, says that since the government has made clear it won’t be compiling vaccine records in a central database, and because the vaccine administration system itself is so fragmented, it’s even more challenging to create digital records. His organization is working to create a solution to that problem.
“What we’re working on at The Commons Project is a steering group called the Vaccination Credential Initiative or VCI. And the purpose of that group is basically to design and advocate for a specification, someday hopefully a standard, that makes it so that all of those disparate issuers of vaccines can issue the same vaccine record in a signed and portable format,” he said.
That comes in the form of a Smart Health Card app that VCI has developed. “The additional layer that we have built is what turns [your vaccine] information into what we’re calling the Smart Health Card. And basically it’s all of the information that goes on your CDC card — so your name, your date of birth, the type of vaccine that you received, the dates of your doses, lot numbers and where you received it. All of those kinds of things get packaged up into this credential, and that credential is then signed by the issuer,” he said.
In addition to California, the state of Louisiana also went live with the The Commons Project solution this week, and Walmart recently announced that anyone that received their vaccine through them is now able to download a digital version of their vaccine record directly to the CommonHealth app (available on Android) or CommonPass app (available on iOS or Android). The company also hinted that other companies that have administered the vaccine would be following Walmart’s lead in the coming weeks and providing access to digital records through the same apps.
The approach doesn’t necessarily solve all of the criticisms around equitable access to technology, privacy or the ethics of being asked to show proof vaccination, but it does provide a means to deliver the information digitally for those that want it in an open way.
Regardless of the method your state chooses, if it indeed chooses any approach at all, it will come with its own set of pros and cons. The paper CDC card, as Wilson points out, is similar in many ways to the “Yellow Card” vaccination record that people traveling overseas have been carrying for decades, and that has worked fine.
But it seems that in 2021 when approximately half the world’s population owns a smartphone, while two-thirds have some sort of mobile phone, smart or otherwise, it makes sense to make this record available in a digital form. For the many startups and large companies trying to solve that problem, they will have to do more than come up with a clever solution. They will also need to figure out how to convince individuals, businesses and governments that it makes sense to even offer this approach, and that may be the biggest hurdle of all.