Digital vaccine credentials can be used to certify that a person has been vaccinated or tested for COVID-19, but those tools come with challenges that can limit the use of the credentials including security and health data privacy concerns, the Federal government’s chief watchdog agency said.
The Government Accountability Office (GAO) recently spotlighted how mobile device-based vaccine credentials can be used to reduce COVID-19’s spread and allow travel and other activities to resume safely. According to GAO, the concept of a health credential is not new, and that “a paper vaccine certificate known as the ‘yellow card’ has long been recognized as an official record of immunizations for international travel and other purposes.”
Digital vaccine credential users would download an application on a mobile device, create an account, and link their COVID-19 vaccination record from an immunization registry or a COVID-19 test result from a certified test laboratory. From there, the application would:
- Confirm the user’s identity and authenticate COVID-19 health information;
- Validate health information against the destination’s entry requirements, like specific vaccines or tests accepted by a country; and
- Generate a secure digital code the user can present to officials, like airline staff or border control officials.
“A digital credential can use technologies that address widely shared concerns about the security and ownership of personal health information,” wrote GAO. “An example of a technology that addresses certain security concerns is blockchain, which enables the encrypted transfer of digital information without storing it in a centralized database.”
A digital credentialing system, however, comes with considerable challenges, GAO said, including:
- A lack of clear standards for defined uses of digital credentials, which can undermine security and privacy of users’ health data;
- A lack of harmonized technical standards leaving interoperability challenges that would impact achieving effective and secure data transfer among numerous digital platforms used by immunization registries, testing laboratories, industries, governments, and other parties; and
- Digital credential use could exacerbate inequalities or constrain freedom of movement for those who don’t have vaccine access, cannot be vaccinated for health or age reasons, or don’t own mobile devices.