By Benjamin Kiunisala, Head of Customer Engagement for TrustGrid Pty, Ltd., in Sydney, Australia., http://trustgrid.com.
The controversy over vaccine passports continues to rage as COVID-19 infection numbers fluctuate across the United States. Government agencies are requiring employees to be vaccinated. Restaurants, clubs, and businesses are requiring patrons to show proof of COVID vaccination. Most school districts and colleges are insisting students and faculty provide proof of vaccination before returning to classes. And states continue to issue changing mandates regarding mask requirements and vaccinations
With the FDA now recommending booster shots for citizens, the debate over vaccine passports is becoming more heated. Healthcare providers are issuing cards showing proof of vaccination but counterfeit vaccination certificates are readily available online for only a few dollars. The ongoing problem is providing a secure and reliable way to show proof of vaccination without compromising patient records or violating HIPAA regulations.
The solution is to separate proof of vaccination from patient information. The technology is available to validate proof of inoculations without having to rely on paper cards or access to patient records, and it is secure and impossible to copy. Using distributed ledger technology, which is the foundation of blockchain security, healthcare providers can provide proof of vaccination in digital form that is secure, updatable and can be accessed from anywhere.
The Challenge of Vaccine Validation
Much of the controversy around issuing proof of coronavirus vaccination is illustrated by the loaded phrase “vaccine passport.” A passport is a credential issued by the U.S. Passport Office to show proof of identity and citizenship. To issue a passport, the government needs proof of citizenship such as a birth certificate or social security card. Everything is handled by one central office that secures your personal data, e.g., your social security number, in exchange for a passport.
There is no central agency responsible for managing medical records but instead, patient records are maintained by doctors’ offices, clinics, hospitals and care facilities. Those records are protected by HIPAA to secure patient privacy, making data access and sharing more difficult. In addition, those medical records need to be secured. There was a 25% increase in healthcare data breaches in 2020 as cybercriminals try to steal personal medical data for Medicare fraud and to falsify prescriptions.
By creating a digital trust ecosystem powered by distributed ledger technology, providers can validate patient information, such as vaccines, without ever exposing sensitive personal information.
Distributed Ledger Security
A digital trust ecosystem is a cloud infrastructure that organizations opt into to enable digital authentication of personal identity and credentials, such as having a valid driver’s license, accreditation or vaccination status. Although the technology behind digital trust is sophisticated, the concept is simple.
Distributed ledger technology enables secure authentication by validating data without storing it. In the case of patient health information, information such as vaccination status for a patient is validated by the healthcare provider and that status is shared with the ecosystem. The digital trust system then uses distributed ledger to record the patient status and secure it.
Since the ledger is distributed, authentication keys are stored on multiple locations in the cloud. The system must synchronize all the keys and they need to match to authenticate a record. This makes the system secure since no single key that provides access, plus the data is encrypted.
To create a personal vaccine validation, the patient opts into the ecosystem to create a social contract with their doctor or healthcare professional. The healthcare provider then issues a unique QR code to the patient that they can store on their smartphone showing proof of vaccination status. When asked for vaccine verification, anyone can scan the QR code to review vaccination status.
Extensible As Well As Secure
There are many advantages to creating a digital authentication record: It protects the patient and the healthcare institution by maintaining patient privacy; Information is shared in real-time so status can be amended or updated at any time; The system also generates a secure audit trail for regulatory compliance.
Like physical IDs, these digital credentials can have an expiry as well. Patient information shared from the healthcare institution, such as date of the vaccination and patient age, coupled with the efficacy of the vaccine can be used to determine when the digital credential expires.
The digital trust ecosystem also is extensible. Other groups can opt-in, such as school systems, airlines, sports venues, theaters and corporations. While the QR code can be used to verify vaccine status, it can also be used for other purposes such as a corporate or student ID. And the sole purpose of the QR code is to validate a specific query; personal information isn’t needed or exposed. The binding of the code to the individual’s identity ensures that the code cannot be forged or misused while also allowing offline capabilities.
It appears the COVID-19 pandemic will be with us for a while yet, and it’s uncertain how the need for proof of vaccination will progress. No matter which way the regulations go, the technology is there to provide simple and secure vaccination authentication while protecting patient records.
