I have been monitoring the vaccine credential effort for a long time and watching various initiatives worldwide with a particular focus on what might be done in the United States. In a series of blog posts over the past several months I have described at length how the situation in the US differs from the situation in many other countries. In this post, I will review the “facts on the ground” as I see them and offer a way forward for the US.
I have been monitoring the vaccine credential effort for a long time and watching various initiatives worldwide with a particular focus on what might be done in the United States. As international travel resumes the need for globally recognized vaccine credentials becomes more pressing.
The European Union (EU) has embraced digital “green” certificates for travel within the EU and is expected to require something similar to travel to EU member states from outside. Though international travel impacts relatively few Americans, the potential use of vaccine credentials for domestic travel in the US is also under discussion.
In a series of blog posts over the past several months I have described at length how the situation in the US differs from the situation in many other countries. We have provided some preliminary recommendations in some of those posts. Previous posts in this series are listed at the bottom of this article with links.
The Facts
Here is a summary of the facts as I see them now:
The Need
- There are several valid scenarios where validated proof of up-to-date vaccination status for COVID-19 and other vaccine-preventable diseases would be useful. We have described these elsewhere. These scenarios may or may not persist as time goes on, but the likelihood of the need for COVID-19 annual boosters only increases the potential need for ongoing record keeping and proof of vaccination for some time into the future.
Immunization Information Systems
- Immunization Information Systems (IIS) are the single most comprehensive sources of vaccination information in the US. They exist in every state and territory, as well as several large cities, and there will not likely be a national vaccination registry anytime soon (this is a complicated issue in the US and cannot be dealt with easily here).
- Some people may have vaccination records in more than one IIS based on where they live (or have lived) or work (or have worked). IIS-to-IIS data exchange has been implemented in only a limited number of locations but this will likely expand over the next year. Patients can also assist in the movement of their vaccination records from one location to another through EHR access to an IIS or by bringing their records manually.
- All IIS provide access to vaccination information to authorized users (clinical care organizations, but often schools, child care centers, and others) via web portal, with the ability to produce a paper (or PDF-based) vaccination report. These reports usually contain both vaccination history and a forecast of vaccines due now or in the future.
- Most IIS provide vaccination data digitally to clinical care systems, mostly through standard application programming interfaces (APIs) based on Health Level 7 (HL7) Version 2 messages and SOAP-based web services.
- Some IIS have begun to also allow citizens in their jurisdictions to access vaccination records directly via web portal or smartphone apps. This functionality is unevenly deployed across the country with the biggest challenge being proper identification of the person who is querying.
- Because of competing demands, including CDC requirements, and limited staff and resources, most IIS will be unable to prioritize the delivery of standards-based vaccine credentials over the next six to twelve months as they continue to work hard to maintain system performance, meet their own data management needs, and manage a major vaccination campaign as well as routine back-to-school and flu initiatives this fall.
Technical Standards and Implementation
- The technical standards for vaccine credentials seem to be coalescing around HL7 Fast Healthcare Interoperability Resources (FHIR) and SMART Health Cards which will soon be adopted as a formal HL7 standard through the SMART Health Cards: Vaccination & Testing Implementation Guide. These are not technologies currently being used by IIS.
- The US does not have the trust framework in place to manage the Public Key Infrastructure (PKI) necessary for digitally-verifiable credentials at a national level, nor is it likely to anytime soon. This is a byproduct of the decentralized nature of both healthcare and government. Verifiable credentials prevent tampering and allow a user to confirm that the source of the information is legitimate.
- There is a distinct underappreciation for issues related to determining if vaccinations are valid versus whether they simply were administered. A vaccine credential should only indicate that a vaccination was administered; a vaccine pass should evaluate the information in the credential – including clinical efficacy – to determine the status of the “holder” for a particular purpose. This distinction will become more pronounced as more COVID vaccines become available and as other vaccines become incorporated into the vaccine credentials.
- There are many, many applications being developed for both consumer credential “holder” wallets, generation of a health pass based on some set of “rules,” and for verifiers who want to view verifiable credentials.
- Some state and local governments have prohibited requiring proof of vaccination (e.g., Arizona, Florida, Texas, and others). These prohibitions vary in scope, and in some cases do not prevent private entities from requiring proof of COVID-19 vaccination.
Proposal for US Strategy
Based on these facts, this is what I propose (sorry, but some previous background is required to fully understand these points):
Simplest Strategy
- IIS should provide access to standards-based vaccine credentials through a FHIR-based API per the SMART Health Cards: Vaccination & Testing Implementation Guide (Figure 1 with explanations in Table 1). IIS would function as a vaccine credential issuer under this scenario and would have to serve as a digitally-verifiable source of vaccine information and provide access to the vaccine credentials to consumer apps.
- For people who may have vaccination records in more than one IIS, record consolidation should be achieved either via IIS-to-IIS communication before a vaccine credential is generated or via access from a consumer app to multiple IIS as directed by the consumer.
- IIS should continue to provide traditional, complete vaccination records which contain both vaccine history and vaccine forecast for a patient.
Alternative, Fallback Strategy
- Those IIS unable to provide this functionality should partner with a single vaccine app provider to function as a “proxy” issuer of vaccine credentials for COVID-19 on its behalf (Figure 2). This app would query IIS via current HL7 v2 standards and in turn provide standards-based vaccine credentials through a FHIR-based API. The app would serve as the authorized, digitally-verifiable source of vaccination information in that jurisdiction. Vaccine credentials delivered in this way should be able to function with the most prevalent digital wallets being used by consumers.
- IIS should authorize the proxy issuer to provide vaccine credentials to other authorized consumer apps that meet jurisdiction-defined policies for identifying patient records in the IIS and for providing patient consent to acquire records on the patient’s behalf. Specific data sharing agreements will likely be necessary.
- Optionally, IIS could provide their own consumer app either as an exclusive or additional tool for consumers to use to store and present their vaccine credentials. Many of the consumer apps being developed have poor user interfaces largely due to limited experience by their developers in the immunization domain.
Supplemental Strategy
- IIS should offer a new service by offering their immunization evaluation and forecasting rules systems to consumer apps via API to ensure that health passes are based on valid vaccinations and not just a count of doses administered (Figure 3). HLN’s open source Immunization Calculation Engine (ICE) could be the basis of such a service.
Table 1 – Explanation of Objects in Figures | |
IIS stands for Immunization Information System. This can be a state and locally-run public health repository of immunization information. | |
VC “Issuer” Service is a standards-based computer service that provides digital vaccine credentials for individuals whose records are stored in the IIS to authorized applications via an application programming interface (API). | |
A VC “Proxy” service is a service that can be offered by a public health agency via a partnership with another organization when the agency is unable to provide the service itself. | |
The HL7 v2 Service is used by the VC “Proxy” service to query IIS for vaccination data using older data exchange standards already widely used by IIS. | |
The cloud represents a pervasive, wide-area network used to interconnect all the participating systems and computers for vaccine credential generation and use. This generally means the Internet. | |
The “holder” is the citizen who wants to show vaccination credentials when needed or required (like at an airport for travel). | |
The “verifier” is the individual who views vaccination information and validates that the holder has satisfied the requirements for which the information was being provided (like an airline representative or security officer at the airport). | |
ICE stands for Immunization Calculation Engine. It is used here as an example of a clinical rules engine service that, when provided with patient information, can determine if vaccinations administered are valid and also predict what new vaccinations may be required now or in the future. |
Where We Go From Here
The need to provide an ongoing, complete vaccination record will far outlive the need to provide a COVID-only vaccine credential; in Israel movie theatres and most public places have now been opened to vaccinated and unvaccinated without restriction. As more and more people get vaccinated for COVID-19 in the US, a specific vaccine credential for COVID will become less and less relevant. However, as the rest of the world catches up, vaccine credentials will continue to have some relevance for Americans seeking to travel internationally.
Previous posts on vaccine credential activities:
A Complicated Path Forward in the US (Part 1) – Potential Sources of Data (A discussion of the basic philosophy of the vaccine credentialing movement, including where data for use in a digital vaccine credential might come from in the US, IIS will likely be a major source of this data.)
A Complicated Path Forward in the US (Part 2) – Major Initiatives Underway (A review of the major vaccine credentialing initiatives that are currently underway worldwide, including VCI, CCI, the EU and WHO.)
A Complicated Path Forward in the US (Part 3) – Recommendations (Initial recommendations for how public health agencies in the US – federal, state, and local – should approach vaccine credentialing. Additional federal leadership would certainly be useful.)
WHO Interim Guidance (Comments on the Interim Guidance released by WHO for member countries in March 2021. Their recommendations are particularly unsuited for the US)
It’s All About the Rules! (For vaccine credentialing to be effective the issue boils down to the rules that are going to be developed and adopted to make the SVC’s usable. Many of these rules currently don’t exist so we will start by analyzing some key factors.)
Vaccine Credential Activities: Redirecting the Conversation for Public Health Registries (In this article we issue more specific advice for public health agencies about vaccine credentialing to reduce confusion about what vaccine credentialing is and how it functions.)
Vaccine Credentials Do Not Replace Full Vaccination Histories (In this article we address the similarities and differences between vaccine credentials and traditional immunization histories and offer some opportunities for public health to maintain its role in data access.)