Vaccine Credential Activities: Redirecting the Conversation for Public Health Registries
US public health agencies have been playing a critical role in the response to the COVID-19 pandemic. They are currently managing an unprecedented vaccination campaign. Immunization Information Systems (IIS) are a key tool that these agencies use to manage their public health mission and the vaccination campaign. How should public health agencies understand and manage the flurry of controversy – and the loud cautions – surrounding digital vaccine credentials? This blog post is part of a series of posts we have written over the past few weeks where we offer specific advice to reduce confusion about what vaccine credentialing is and how it functions. As a leading public health informatics consulting company, HLN is uniquely positioned to provide guidance and support for government, private enterprise, and consumers interfacing with IIS projects and their standards. A list of previous posts in the series can be found at the end of this post.
Over the past year US public health agencies have been at the forefront of the response to the COVID-2 pandemic. Now that vaccines are available, Public Health Departments are playing a critical role in organizing the allocation, ordering, distribution, administration, and reporting on the vaccine. As more products become available and as more people get vaccinated these processes become more intensive and the data management requirements more complex.
A critical part of public health’s response is to operate Immunization Information Systems (IIS). One of the key capabilities of IIS is to consolidate data from many sources, primarily from electronic health records (EHR) systems as well as other clinical records. IIS also provide clinical decision support (CDS) by automating the complex clinical guidelines that determine which vaccine doses are valid and which may be due now or in the future for a patient. IIS contain a mixture of data from sites administering vaccines as well as historical data provided by clinical users for doses administered at other sites. In many jurisdictions, IIS are considered authoritative, legal sources of information for such purposes as school compliance, daycare and camp admission. HLN supports IIS directly in New York City and Rhode Island, and also works with many other states to implement their IIS solutions successfully.
For over two decades, HLN Consulting has assisted public health agencies in developing proven strategies and implementation of EHR data sharing solutions. This experience makes us uniquely positioned to provide guidance and support for government, private enterprise, and consumers interfacing with IIS projects and their standards.
How should public health agencies understand the flurry of excitement – and the loud cautions – surrounding digital vaccine credentials? We encourage public health agencies to take the following steps to reduce confusion about what vaccine credentialing is and how it functions:
- Recognize that conceptually this is not really new.
- Stop calling them “passports.”
- Continue to promote IIS as the most complete source of vaccination information.
- Learn to work with new, non-traditional users with different types of needs.
- Maintain quality as the stakes are higher for bad quality data.
- Prepare for increased volume and demand.
- Embrace new standards carefully.
- Develop a comprehensive IIS consumer access strategy.
Here is a brief explanation of each of the key strategies:
- Recognize that conceptually this is not really new. For more than twenty years IIS have provided immunization data back to the clinical care community – providers and hospitals who administer vaccinations – for COVID-19 as well as many other vaccines. Digital credentials simply represent a different style of sharing this information.
- Stop calling them “passports.” This term has become politically charged. Remember that digital credentials only represent clinical facts – that one or more immunizations have been given – no more, no less. This is no different than other forms of immunization documentation that have been used for years, paper-based and electronic. Consider vaccine credentials to just be another form of presenting immunization information, albeit with the ability to verify the source of the information.
- Continue to promote IIS as the most complete source of vaccination information. See our white paper that discusses why. Public health agencies have been using IIS for more than twenty years to consolidate a complete immunization record for the people within their jurisdictions, and to provide that data to authorized users through standardized, electronic means. This has been done reliably and securely for many years. IIS need to become comfortable with the notion that the records they provide will be considered “official” even though the source of this data – clinical care – is largely outside of IIS control. Little emphasis has so far been made on the sources of data for digital vaccine credentials.
- Learn to work with new, non-traditional users with different types of needs. While IIS have historically provided data to clinicians, vaccine credentialing is about providing data to consumers to be consulted by third parties, called “verifiers,” to support many different uses including travel and admission to venues, schools, and even workplaces. Many IIS have not yet begun to provide data to consumers in any form, and many of these “verifiers” come from industries outside of healthcare with no health information experience. In addition, IIS may be called upon to provide less data in a given transaction: some uses of data may not call for the complete immunization record and forecast of immunizations due that IIS traditionally provide. Similarly, application providers need to understand just what they can – and cannot – expect from IIS to make their applications usable.
- Maintain quality as the stakes are higher for bad quality data. Because of the potential uses and misuses of COVID-19 (and perhaps other) vaccination data, the stakes are potentially much higher for bad, or falsified, records. IIS have well developed data quality programs and they should be confident in their data quality strategies while assuming a tact of continuous improvement to ensure high-quality data.
- Prepare for increased volume and demand. IIS need to be prepared not only to scale to new levels of demand for query access, but as a result also for increased expectations for 24×7 operation and resilient, high-availability services. Users will have high expectations and little tolerance for system failures. Cloud computing will certainly help strengthen IIS operations.
- Embrace new standards carefully. Digital credentials bring with them new standards for providing access to data based on Health Level Seven (HL7) Fast Healthcare Interoperability Resources (FHIR) standards and the SMART Health Cards Framework. IIS need to consider employing bridging strategies, such as interface engines (which facilitate the movement and translation of data) and third parties tools and services, to ease their transition to these new standards. It is worth noting that some aspects of these new standards may be challenging to implement in the US due to the lack of a national infrastructure for supporting a verifiable digitally-signed credential.
- Develop a comprehensive IIS consumer access strategy. This strategy should include access to both traditional immunization summaries for school, camp, and child care participation as well as standards-based vaccine credentials. Nowadays, this may require coordination with other branches of government and other more general consumer data access initiatives
Despite the current confusion around the vaccine credentialing, we believe that in the US the government and private sector can rely on existing methods of storing and updating vaccine immunization data to securely share decentralized immunization information, enabling the reopening of schools, businesses, travel, and entertainment venues.
A vaccine credential called a “Green Passport” has been proposed by European Union (EU) for its member nations based on interim guidance developed by the World Health Organization (WHO). This “Green Passport” has already attracted criticism. The European Data Protection Board (EUDP) released a joint opinion in response to this proposal highlighting concerns based on existing EU regulations:
- That the Green Passport might be used beyond the duration of the COVID-19 pandemic.
- That personal data from the digital certificates would be retained by verifying organizations.
- That the existence of a digital certificate might reveal an underlying medical condition for those not yet generally vaccinated for COVID-19 without a reason (such as minors).
Although these issues are unique to the EU, the concerns behind them speak to the same fears felt in the U.S.: that a “digital passport” would be used for purposes not originally intended, leading to the loss of privacy and restriction of freedom.
First, we must stem the confusion, and enlighten newcomers to electronic health information. Public health agencies can redirect the conversation to build upon their tradition of providing immunization information to authorized individuals. Open source products, like HLN’s Immunization Calculation Engine (ICE), can help both the public and private sectors enable the easy sharing of high-quality, industry-tested software to improve the lives of Americans through data sharing.
Previous posts on vaccine credential activities: