Vaccine Credentialing Activities: A Complicated Path Forward in the US (Part 1) – Potential Sources of Data
As COVID-19 vaccination increases the US is preparing for a phased reopening. A key factor of that reopening in the United States and some other countries may be a requirement for individuals to prove that they have been vaccinated against COVID-19. “Proof” will likely be embodied in a paper – or perhaps electronic – certificate whose source and contents can be independently verified to ensure validity. Uses of such a certificate include international travel, and perhaps also domestic travel (like what is being proposed in the European Union), admission to large venues such as sporting events or other entertainment, and even school or business admission.
The digital community has been especially active in thinking about how digital vaccine certificates might be implemented. Most of the major initiatives are international in focus and many consumer-oriented software and app developers are engaged in these efforts. Open source solutions are a key component to the emerging solution set as will be discussed in Part 2 of this series.
All of the efforts seem to have identified three roles:
- The “issuer” who stores the vaccination information initially (could be a clinical site where the vaccine was administered, or a public health registry where this data was reported).
- The “holder” who is usually the citizen who wants to show that information when required (like at an airport for travel)
- The “verifier” who wants to view that information and validate its authenticity (like an airline representative or security officer at the airport).
There are many, many unknowns about how these roles will play out, especially when both data and people cross international borders where policies and medical practices differ.
But most of the focus to date has been on the presentation of the data not so much on the source of the data. In Part 1, we will focus on how the digital vaccine certificate is dependent upon access to authoritative data regarding the immunization status of the patient. Specifically, the certificate needs access to valid doses received and possibly an immunization forecast of doses due now or in the future, though specific data requirements have yet to be defined.
While this issue is most pressing for COVID-19 vaccination, a broader solution could be used for other vaccines as well. The World Health Organization (WHO) already supports a paper-based international certificate of vaccination (ICVP, or “yellow card”) which is used by US citizens for international travel where appropriate. The Presidential Executive Order on Promoting COVID-19 Safety in Domestic and International Travel issued on January 21, 2021, states that the US government “…shall assess the feasibility of linking COVID-19 vaccination to International Certificates of Vaccination or Prophylaxis (ICVP) and producing electronic versions of ICVPs.” Note that responsibility for this activity is placed principally on the Department of State with consultation from other agencies in the US and around the world.
Sources of Immunization Data
There are many possible sources of immunization data scattered across many systems. Identifying the most complete, accurate and easily accessible data source is critical. Some sources aggregate data that is collected from distributed systems and locations. They are generally preferable to these more distributed sources as they provide record consolidation (assembling a whole record from fragments found in different places) and include quality assurance services to ensure that the combined record is accurate and coherent.
There are several potential sources of data for the certificate in the US, each with different data reliability, including:
- Immunization Information Systems (IIS): Immunization information systems consolidate data from many sources, mostly EHRs and other clinical records. They also provide clinical decision support by automating the complex clinical guidelines that determine which vaccine doses may be due now or in the future for a patient. IIS contain a mixture of data from administering sites as well as historical data provided by clinical users for doses administered at other sites. In many jurisdictions, they are considered authoritative for such purposes as school compliance, daycare and camp admission. Some limitations to this data source include: Variability in statutory restrictions on who can access immunization data and for what purposes; Incomplete adult records; Low participation of adults in some IIS (and in some cases no participation); And, inconsistency in the inclusion of travel vaccines in IIS. See our new white paper on this source of data.
- Electronic Health Records (EHR): For doses administered at a clinical site (which includes ambulatory, in-patient, pharmacy, public health clinics, temporary points of distribution and others), EHRs could be an authoritative source of data as long as the data is entered accurately. However, there are some issues with using EHR data. These include: Many dose administration records are not entered into EHRs in real time; Often these records are entered later in batches. If this happens it makes the point of vaccine administration a less than optimal moment for patients to try to capture a record electronically. EHRs also store historical data provided by patients or acquired via records exchange with other clinical sites. These other records may be suspect as they do not contain data from encounters conducted at the clinical site that is storing them. Most IIS retain the provenance of records received from vaccinating sites, though historical records submitted from those sites often do not have provenance recorded within them. Some EHR vendors provide access, when authorized by the patient or jurisdictional law or policy, to patient data that spans health information organizations, and this might provide an additional point of aggregation for immunization records.
- Personal Health Records (PHR): Patients can self-enter data into many personal health records based on paper records (like “yellow cards,” the commonly used term for the International Certificate of Vaccination or Prophylaxis), encounter summaries, or memory. Of course, these records are rarely validated from their original source. The PHR at best represents data from these other primary sources.
- CDC Vaccine Administration Management System (VAMS) or other COVID-19 specialized clinical applications: One of the functions that IIS do not typically perform is support for patient appointment scheduling for a vaccination clinic or site. To remedy that for the demands of the COVID-19 vaccination program, jurisdictions have deployed a variety of government-developed and private appointment scheduling systems that typically also contain vaccine administration functions for clinical staff at these sites. One such system, the Vaccine Administration Management System developed under contract to the Centers for Disease Control and Prevention (CDC), contains an authoritative record of COVID-19 immunizations for those patients served by the application, much as an EHR does. VAMS data may or may not be transmitted to an IIS promptly. Other systems have also been deployed which support data submission to IIS, and as time goes on jurisdictions are looking increasingly to the private sector to develop additional solutions. It is not clear whether these new applications will collect sufficient data for submission to public health and IIS.
- CDC COVID Data Clearinghouse: The CDC Data Clearinghouse which was developed as part of the COVID-19 response currently collects and aggregates redacted COVID-19 dose administration data from IIS. The records that are sent to CDC in this format do not currently contain identified patient information (name, full address) so they would not make a strong source for a digital vaccine certificate. The standard Data Use Agreement that jurisdictions sign with CDC for participation in this project does not appear to cover direct patient access to this data so even if it contained names and addresses it would not be appropriate to share directly with a patient.
- Health Information Exchanges (HIE): Health information exchanges may also be a source of aggregated immunization data. However, their data quality assurance programs are likely more suspect since immunization is not usually a specialty of the HIE, but rather the data are just one component of a more comprehensive patient record. In other cases, immunization data pass through HIEs on the way to IIS or other clinical data exchange destinations. The Office of the National Coordinator for Health Information Technology (ONC) has recently funded the Association of State and Territorial Health Officers (ASTHO) to advance IIS-HIE interoperability.
State, city, and territorial IIS provide the strongest potential source of information for a digital vaccine credential. EHRs may not contain the required data at the right time for patients to make best use of it, though scheduling systems deployed by jurisdictions to assist with the COVID-19 vaccination campaign may have capabilities that enable good patient access. In Part 2, we will review the major initiatives that are underway that are trying to develop the standards and implementation of a digital vaccine credential.