Vaccine passports open the door for greater patient empowerment
The method of proof has traditionally been paper-based — scanning the record, copying, and sending via email or uploading into a portal. But now, according to Dr. Brian Anderson, “There is an opportunity to leverage a new technology, a new tool, this concept of a verifiable credential, which creates a framework between issuers and verifiers.”
As the chief digital health physician at MITRE and cofounder of the Vaccination Credential Initiative (VCI), Anderson worked to create the SMART Health Card framework for interoperable, verifiable, trustworthy clinical information. He shared thoughts on both the present and future of vaccine passports in a conversation with athenahealth director of government affairs, Greg Carey.
Empowering individuals to own and share their health data
We mostly associate vaccine passports with COVID-19 vaccines right now, but the technology’s potential reaches far beyond the current moment. A digital credential like the SMART Health Card can be used to store any type of verifiable health data, like vaccination history or test results, and that data can then be accessed and shared easily via a smartphone app or QR code. At its core, VCI’s credential is a way to give patients more control over their health data and enable them to take a more active role in their well-being.
“We wanted to come together as technology vendors to empower individuals to be able to tell their own story, with their own health data, in a verifiable, trustworthy, consent-driven way,” Anderson said. “We’re really excited to see where this is going, and what it means for individuals to be able to have this kind of data, not just for vaccinations.”
Solving for data privacy concerns
Anderson says that because VCI’s goal is centered around patient empowerment, data privacy is a guiding principle of their work. Their SMART Health Card credential stores and shares only the bare minimum data needed, so there’s no risk of accidentally clicking a button and sharing an entire longitudinal health record with a third party. From a privacy perspective, it’s only storing what you’d likely find on your child’s immunization record, for example: the patient’s name, date of birth, who administered the shot, the date the shot was given, and the manufacturer of the vaccine.
“If you give a credential that [has] their entire longitudinal record and enable an individual to share it, there’s always the risk that there could be nefarious actors on the receiving side,” Anderson said. “We want to protect individuals from a risk mitigation standpoint, so we did privacy by design in designing the specification.”
Looking ahead to the future of vaccine credentials
While COVID-19 certainly accelerated the use case of vaccine passports, these platforms aren’t new — and they’re not going away anytime soon, Anderson says. As patients increasingly become more educated and more empowered to take care of their health, additional use cases will arise.
This type of verifiable credential that can be shared with patient consent could be useful when providers want to verify clinical data, for example. Anderson envisions a patient with diabetes being able to share their sugar logs with their provider via the patient-owned and patient-created credential, giving the provider more information about their patient’s health and more confidence that the information is trustworthy.
“Where I see VCI going is really less about vaccination credentials, and more in the direction of consumer-driven health, where patients are able to move their data around and give it to whomever they want,” Anderson said. “It’s their story to tell.”