Vaccine verification is critical to any country’s ability to control the course of the pandemic. Having a reliable, secure, and accurate verification system gives governments, businesses, schools, or any other institution the opportunity to assess the safety of indoor and outdoor gatherings and provides real-time statistics into vaccinated populations. Though many countries around the world have developed their own vaccine verification systems, often evolved from previous contact tracing apps, developing a reliable, secure and accurate system remains a challenge. Part of this is due to data storage and retrieval protocols. Another major obstacle is information sharing, especially when you consider how important it is that vaccine verification systems are accepted across domestic borders and international ones.
Dr. Tom Frieden, the director of the Centers for Disease Control and Prevention from 2009 to 2017, voiced his concerns about the long-term difficulties of having multiple Covid-19 vaccination verification systems. “Its own user interface, validation, data storage, retrieval processes, and security protocols, will make it difficult to quickly and securely verify vaccination status.” In order for a system to work, he advocates for five essential requirements.
- Accuracy should be maintained by utilizing a computerized immunization information system i.e., an online record of vaccinations received by people.
- Proper assurances and safeguards must be implemented to ensure the security and privacy of everyone’s personal data.
- For unforeseen circumstances, options to use other forms of identity should also be allowed. For instance, having the ability to use paper vaccination records with additional personal verification, such as a photo ID.
- The system must only be used to verify vaccination records and should avoid adding information about previous tests and results to avoid clustering data.
- And must be accessible in real-time, “such as when people are going through airport security.”
Blockchain technology can provide a practical solution to the challenges of vaccine verification and can help meet the requirements Frieden describes. Due to the decentralized and encrypted nature of blockchain technology, information stored on the blockchain ledger is extremely tough to tamper with. That addresses a very crucial requirement of a vaccination verification system, which is ensuring the security and privacy of personal data.
By scanning serial numbers of vaccine shipments and storing them on a blockchain ledger, goods can be authenticated at any point of the supply chain. To understand the process of how exactly the blockchain technology solves the question of data storage, retrieval processes and information sharing, we can look at ‘VacciFi’ , an architectural framework for Covid vaccination passports provided in a study which looked into a GDPR-Compliant Blockchain-Based Covid vaccination passport.
MORE FOR YOU
Let’s say we’re applying this framework to travel. With this framework, an unvaccinated person would register through their local health authority for vaccination. After registration, they would be issued a vaccination ID, which they would take to the hospital or clinic where they would be vaccinated. During the visit to the hospital, the front desk will record all necessary information about the person getting vaccinated. Information such as traveler’s name, passport number, contact number, etc will be stored off-chain due to regulations such as general data protection compliance purposes. The hospital would store two types of information on the blockchain: 1) Passport number and generated hash of the vaccination ID and, 2) date of administered vaccination dose. This will generate a QR code which can be pasted on the passport and is also shared by email as an electronic copy.
The purpose of the QR code is for verifying vaccination details and validity. In the off-chain systems, four operations can occur: create (the right for the creation of a new record in the off-chain), read (the right to read and view record), update (the right to update existing records) and delete (deletion of records). Here is the proposed access privileges by different authorities based on VacciFi’s framework:
Here, all parties have the ability to read the existing records and in the process verify a citizen’s vaccination records. The only party that is allowed to create or delete the file is the vaccination authority.
When traveling, the QR code is presented by the traveler to the immigration staff. Upon a scan of the QR code, all relevant vaccination details and the hash code (generated at the hospital) from the local off-chain storage. The hash is then verified by comparing it to the hash stored onto the permissioned blockchain, via a smart contract. If there is a match, the blockchain will return the validity and dates of vaccination (Figure 3), thus completing the verification process.
The security associated with only QR code-based digital health evidence systems, which many vaccine passports adopt, is a big source of concern. With personal data being involved, any leaks or insufficient safeguards will harbor the possibility of complete invasion of privacy. Blockchain technology is already being deployed to fight counterfeit vaccines and scams that threaten our long-term stability.
This dilemma extends beyond just vaccines. Reports of fake vaccination certificates in circulation are constantly making the news, alluding to the need for a more trustworthy technology to mitigate these unintended and deadly consequences. The World Health Organization says that fake vaccines and other ill-intended alternatives to bypass our vaccine verification systems “pose a serious risk to global public health”. With vaccine inequality also posing as a negative catalyst in our fight against Covid-19, fake vaccines are a more prominent issue in poorer countries, which already have a low supply and vaccination rates.
George Connolly, president OneLedger Technology Inc., oversaw the development of the OnePass vaccine passport, a scalable and secure blockchain-based vaccine passport. He explains in an article that these passports, issued by a medical provider, include a private key individual to the user. To each private key is a corresponding public key, which is stored in the blockchain ledger. Using the ledger, a QR code is generated to confirm the vaccination of an individual. Users of blockchain-based passports have the freedom to decide what information they choose to disclose, such as name, date of birth and or nationality. This reinforces privacy protections and encourages the creation of reliable and accurate vaccination records.
Though blockchain can’t solve the questions around the inclusivity and equity of vaccine verification systems, it can provide a platform for success for countries trying to implement their systems safely, securely and with the capacity to manage information flow in real time.