Widgetized Section

Go to Admin » Appearance » Widgets » and move Gabfire Widget: Social into that MastheadOverlay zone

Digital Health Pass Systems for COVID-19 Tracking

The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.

By Malik Dulaney
January 21, 2020

The past year has been challenging due to the coronavirus pandemic. We have gone from knowing almost nothing about the virus to having several vaccines available to the public. There have been closed borders; local lockdowns within the United States; and lockdowns in foreign countries. We have seen spurts of inactivity and activity around the world. Travel has continued, but at a smaller rate. Although there are several new virus strains to contend with, the world is now able to see light at the end of the tunnel.

The newly discovered variants and their global spread have caused the United States to enact new policies requiring proof of negative test results to enter the country. The Centers for Disease Control and Prevention have introduced a new rule requiring all international air travelers to provide a negative coronavirus test result before entering the country. Passengers must get a test within three days of their flight. The new rule starts on January 26, 2021.

What does the world do to return to some form of routine life, yet never return to this state of vulnerability? Various digital health pass solutions have been proposed by think tanks, private/non-profit coalitions and the travel industry. The goal of a digital health pass is to be able to demonstrate the health status of an individual and preserve data privacy. The pass will answer the questions, “Has this person taken a COVID test and/or have they received a COVID vaccination?” Digital health passes are also referred to as digital vaccination passports, immunity passports and immunity certificates. 

The simplest definition of a digital health pass is a trusted credential that verifies the identity and health characteristics of an individual utilizing digital and mobile technologies. The most common implementation will probably use a smartphone application, but could also utilize printed QR codes, blockchain technologies and/or biometrics (finger, facial or retinal identification). In practice, a user would install an app on their phone and register with a service that would verify their identity and link them to their smartphone. The service would then provide access to the subscriber’s health records and the subscriber would be able to provide trusted, verifiable information to others requiring it.

Currently, there are several competing versions of health pass solutions and frameworks developed by different entities. The CommonPass is one of the more promising health pass solutions. It is an international framework and standard being developed by the Commons Project and the World Economic Forum. The CommonPass is supported by major airlines: United Airlines, Virgin Atlantic, JetBlue, Lufthansa and Swiss Airlines. Other existing and proposed solutions, include Safely, IATA Travel Pass, Ink Digital Health Platform, AOKPass, COVI-PASS and IBM’s Digital Health Pass. 

In addition, the Vaccination Credential Initiative and the COVID-19 Credentials Initiative are other entities working in the health pass space. The Vaccination Credential Initiative is a recently announced coalition of major health and technology companies, including Microsoft, Oracle, Epic, Cerner, Salesforce, Carin Alliance and the Mayo Clinic.

Digital health passes can be used as a tool for society to return to some form of normalcy, while mitigating the spread of COVID-19. They can provide real-time COVID-19 status verification and track STD’s, yellow fever and common medical conditions, while protecting privacy and anonymity. Passes can verify if a COVID test has been taken and whether or not there was a negative result. It can also serve as a record for vaccinations. This information will allow the pass to be used to enter public venues, grocery stores, movie theaters, office buildings, live concerts, international flights, sporting events and to cross borders. If implemented correctly, the potential for digital health passes is promising.

There are potential cybersecurity and privacy concerns. Many of the passes developed and in development have made cybersecurity and privacy a focal point of their solutions. However, it is impossible to develop a completely secure solution. Inherently, digital health passes work with sensitive, personally identifiable information. This brings to light further concerns about invasion of privacy, personal information tracking and data misuse. Some of the solutions store encrypted health data on the users’ phone, so that they are physically in possession of their data. This makes securing their smartphone critical. Other solutions may use a cloud network design where the users’ data is stored on the services’ remote servers. This makes users reliant on the security of the services’ cloud infrastructure. These are just some of the aspects to consider when evaluating this technology.

If digital health pass adoption comes to pass, it may help us move towards recovery in a safe manner. Going forward, policymakers and public administrators must examine these technologies with the protection of citizens’ digital interests in mind. For technologists, it is important to design and implement digital health pass systems with cybersecurity and privacy preservation as the core principles. 

Author: Malik Dulaney, PhD, CISSP is an information technology professional with the University of Dallas and an adjunct cybersecurity professor with the Gupta College of Business at the University of Dallas. He is also a public sector researcher with research interests in cybersecurity in public and nonprofit organizations, cyber warfare and information technology policy. He can be reached at [email protected].

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.25 out of 5)

Leave a Reply

Your email address will not be published. Required fields are marked *