Vaccine Management Podcast Episode 5 - Practical approaches to close the vaccine passport gap

Welcome, Dr. Suman.

Suman: Thank you Nick for having me again.

Nick: Yes doctor, so in our last few episodes, we talked about the gaps in pre-vaccination and vaccination stages like the communication, registration, scheduling, data management and of course the analytics. How about we cover the post-vaccination phase today, specifically the gaps in establishing the proof of vaccination, or more commonly known as the vaccine passport?

Suman: Actually, I was having this conversation with one of our state clients last week. And, I think this is definitely one of the most important topics for us to cover today. I have been tracking this closely as well.

Nick: Well, that’s interesting. Let’s talk about that today. But before we do, why don’t we describe what we mean by vaccine passports? Can you do that please?

Suman: Sure Nick.

As we understand, the community health status and verifiable COVID risk are a few leading indicators that governments consider while deciding to safely re-open commerce, recreation, and travel, until the herd immunity is achieved.

Vaccine passport or Immunization Passport or a COVID certificate or a COVID Pass, whatever we call it, is a document for people to show their health status and level of risk related to COVID contagiousness.

The so-called passport can be a digital wallet health solution or a smart card, like a driving license, with a unique bar code that indicates an individual’s vaccination status or recently taken COVID test-record.

People can securely store, manage, and access theses records for verification, helping the governments or any third-party entity to assess their COVID risk status, as needed or as requested. This could be done when people are trying to avail any social or recreational services or while travelling domestically or internationally.

This passport can be a great incentive for vaccine-hesitant individuals to get their shots, and resume travel or other activities.

Nick: So, it seems similar to vaccination records that we generally have to show when we travel or enroll into a school? So, why is there such a huge debate about it and what are the issues that governments are facing to issue this passport?

Suman: You are right. It is similar to it in some ways. But how and where will it be used is what’s causing the debate.

For example, today, we must mandatorily get an international vaccination certificate or what we call a Yellow Card to travel to the African continent. We also present our vaccination history for immigration. And, according to the Equal Employment Opportunity Commission guidelines we provide this information to the employers if we want to return to the workplace. Previously many have used similar documents to show their vaccination or prophylaxis status against diseases like polio, meningitis, hepatitis, measles, malaria, and tuberculosis, while travelling to sub-Saharan regions.

The debate around the current vaccine passport related to COVID are about the concerns around the Ethics, Social Liberty, Equity and Privacy related aspects.

Let’s understand a few facts about the Vaccine Passport solution and how these concerns get addressed.

First, the passport is not a mechanism to endorse or guarantee someone’s COVID immunity status or to discriminate against their liberty or freedom of movement. It is just a proof or a verification of their vaccination status and the most recent COVID test results that they’ve taken, which the government or any authority can use to control and tailor the community health risk level during the de-escalation phase of the pandemic. It is supposed to be a mechanism to ensure that everyone has a fair chance to return to a normal life, and without worrying about or posing a risk to any another person.

My second point is that the expected surplus vaccine supply by the end of May or June will help remove concerns around vaccine access privilege and issues around equitable distribution. So, there will be no need to enforce all-or-nothing permission or any categorical endorsement on denial of access to any service.

My third point is, I don’t think it’ll compromise privacy. If someone shows the passport to any third party, it means that they are agreeing to and providing their consent to verify the related information. And, only limited personal and medical data will be presented, for example the name of an individual, the age, the vaccination status, what vaccine they’ve taken, what is the lot number, what dose – either they’ve taken the first one or the second one, when have they been administered the vaccine, their COVID test results, personal details like name, age, what kind of tests they’ve taken, what are the results and what is the date of their testing. This is very similar to when we use our driving license, or a travel passport, or a TSA Precheck, or the airline boarding pass, where we have to establish our identity. In this context of the COVID vaccine passport, it will just be related to a person’s COVID health and vaccination status and nothing more than that.

People are already sharing their test reports with airlines for domestic and international travels. So, this information, along with the vaccination detail, doesn’t make a lot of difference. We should consider vaccine passport as another nonpharmaceutical intervention to help reduce the risk of the virus spread. It will prove that the people in the community are non-contagious and the estimated risk burden, if low, can help the government take the right decisions about easing restrictions and opening all socio-economic activities for the community.

Nick: You make some fascinating points, doctor. So, are you recommending that all states should opt for and be ok with vaccine passports, is that correct?

Suman: Indeed, why not. They definitely should. The passport can provide critical information for governments as they decide to re-open. Why someone wouldn’t want that information, I don’t understand. A single solution at the country level will be ideal, if not, it should be implemented with a set of standards that are universally agreed upon and accepted so that we do not end up with 50 passport type solutions from each government and private sector entities.

Nick: Interesting point, doctor. There have been additional reports on how difficult it would be to implement this passport in a standardized manner given that the federal government is not coordinating it. What are the biggest challenges that state and local governments should consider as they explore vaccine passports?

Suman: Good question Nick. This is going to be a complex implementation. More so because US, unlike other high-income nations, doesn’t have a national immunization information system or popularly known as an IIS. IIS is a confidential, secure, population-based digital database that records citizens’ vaccination records. States administer their own IISs with variable quality. And unfortunately, the current CDC paper card that we receive as a proof of our vaccination isn’t foolproof either. We’ve read multiple stories how it was falsified. Preventing this from happening is vital to state department of health’s integrity.

We still need to figure out if one standard like the ISO can be agreed upon by everyone and that will work worldwide. Meanwhile, governments must navigate various social, governance and technical policies to securely navigate the implementation of a vaccine passport solution. And these include:

• Standardized interoperability like the HL7 and FHIR to seamlessly exchange data across network
• Compliance with data security like HIPAA, HITECH, GDPR compliances standards
• Ensuring secure identity management
• Mechanism to obtain consent and verification to define what the end customer can view
• And, finally the ownership of the data, where will it reside, as well as guidance regarding provenance standards for vaccine and testing data, etc.

All of these will ensure protection of credentials against any fraud and ensure that the proper security and privacy protections of individual’s COVID related health information is always preserved.

Let me also highlight a few instances where we know this particular solution is under trial or development.

For example, the World Health Organization and the Government of Estonia established a digital health working group to develop a framework and standards for a smart digital COVID vaccine certificate.

The World Economic Forum, supported by the Rockefeller Foundation, has developed something called the CommonPass, and the IATA has developed a solution named TravelPass.

Britain and the European Union are in consideration. I have read that Australia, New Zealand, Denmark, Sweden, Iceland, Greece have committed to adopt a vaccine passport to ease up their socio-economic restrictions.

Israel has already instituted “Green Pass” to ease their social gatherings and travel purpose.

Coming back to the US, New York City is piloting the Excelsior Pass app and the State of Hawaii wants to adopt one for inter-state travel. Similarly, we see some of our US airlines like the American Airlines, JetBlue, and United Airlines already in similar solution trials.

So, both globally and locally there some good initiatives around this solution adoption. And, once we standardize it properly with respect to different compliance parameters, I think this is definitely the one that we should go for.

Nick: Wow, that is a lot of comprehensive information doctor. Let me follow up with the implementation of the vaccination passport with this question now. What are the specific factors that state and local governments should consider while choosing a solution for vaccine passports? For example, does Infosys Vaccine Management solution help close this gap?

Suman: The factors would be the same that I just mentioned, Nick - data security and privacy, infrastructure security, interoperability standards for data exchange, identity and access management, final ownership of data - making it centralized or decentralized, what would be the data use agreement, what data to expose and for someone to view and validate, and finally the standards of data credentials.

Actually, we extended our Infosys Vaccine Management platform to create a vaccine passport solution.

The solution complies with 3 core design principles - privacy, security, and portability. It enables citizens to quickly access and present their COVID health status, without losing control of the medical and personal information.

The solution considers a multi-use functionality to include both vaccine and testing information, digitally managing this information as a trusted data that can help verify individual’s COVID risk status in a secure manner.

We have extended the solution on a blockchain framework to scale with demand for efficient public health safety operations management and for enhanced ability to work across organizational and jurisdictional boundaries. The solution allows people to instantly share only the information that’s needed, for example, minimal exposure of personal and vaccination verifiable data elements in a mobile app.

And, for people on the other side of the digital divide who don’t have access to smart technologies, the solution allows agencies to create a smart card with a unique bar code – just like on our driver licenses or passports. The bar code, when scanned, will enable authorities to securely validate the data.

Nick: Well that’s all good information, doctor, but really who should implement this vaccine passport solution? What are your thoughts, especially given that there are many different vaccine management systems, as you alluded to, and being used within a particular jurisdiction, some managed by states, some managed by counties or pharmacy chains or individual providers?

Suman: Again, a very good question, Nick. Ideally, as I said, it should have been a national solution, but we don’t have a centralized database for all the immunization record of our citizens. So, I think such a solution should be institutionalized by the state authority to make it simple, accurate and standardized because they already own the IIS system.

And, you are right. With our decentralized vaccination model, the data are captured in different vaccine management systems, for example by the provider systems – the individual EHRs that they maintain, then at the county level, we have the pharmacy chains, and the grocery chains. All of them capturing the vaccination record in multiple formats. But, at the end of the day, they all get reported back to the state IIS.

The problem with such a distributed data environment is that there is an obvious challenge in trusting data, due to inconsistency, lack of accuracy, missing information, faulty reporting, and time lag in sharing the data. If agencies fix these issues like we had discussed in one of our previous episodes, the implementation will be easy, relatively mature and help build an effective domestic health management solution for COVID19 risk assessment.

Nick: Wow doctor, that is quite a bit of great information we talked about today and for us to think about. Thank you for joining us today and for sharing your insights.

And, thank you, our listeners.

We hope you found the discussion interesting. Stay tuned as we cover the state of COVID19 vaccination efforts and provide practical insights for states to execute their COVID19 vaccination program safely and effectively.

If you have questions or would like us to cover any specific areas, please drop us a note at askus@infosyspublicservices.com.

Bye for now.