Vaccine Credentialing Activities: A Complicated Path Forward in the US (Part 3) – Recommendations
As COVID-19 vaccination increases the US is preparing for a phased reopening. A key factor of that reopening in the United States and some other countries may be a requirement for individuals to prove that they have been vaccinated against COVID-19. “Proof” will likely be embodied in a paper – or perhaps electronic – certificate whose source and contents can be independently verified to ensure validity. Uses of such a certificate include international travel, and perhaps also regional travel (like what is being proposed in the European Union), admission to large venues such as sporting events or other entertainment, and even school or business admission.
The digital community has been especially active in thinking about how digital vaccine certificates might be implemented. Most of the major initiatives are international in focus and many consumer-oriented software and app developers are engaged in these efforts. Open source solutions are a key component to the emerging solution set. All of the efforts seem to have identified three roles: the “issuer” who has the vaccination information initially; the “holder” who is usually the citizen who wants to show that information when required; and the “verifier” who wants to view that information and validate its authenticity. There are many, many unknowns about how these roles will play out, especially when both data and people cross international borders where policies and medical practices (like the need for certain vaccinations or tests) differ.
In the US the situation becomes somewhat more complex due to the distributed and decentralized nature of both healthcare delivery and public health. Unlike many other countries where healthcare is delivered and regulated by the central government in a “top down” fashion, in the US healthcare is a very local activity and governed almost exclusively by state, local, territorial and tribal law.
The federal government does not hold patient data in any kind of “official” capacity in the US. Data in Immunization Information Systems (IIS) are only as reliable as the original sources of the data and the nature of the quality assurance (QA) processes that attempt to ensure that the data are free from at least the most common errors. IIS can often flag suspect data, but as they are not the source of the data they often do not have sufficient information (or the tools or time) to correct all errors. The American Immunization Registry Association (AIRA) has released some “talking points” to assist IIS projects in discussing data quality issues and we have written about unintended consequences of the US COVID-19 data management program as well.
So where do we go from here? We suggest the following:
- Continue to stress the notion that IIS should be the authoritative source of immunization information whenever possible. Focus solution providers on this idea. In recent testimony to Congress, former Governor and Secretary of Health and Human Services (HHS) Michael Leavitt stressed just this point by stating as his very first recommendation that, “All vaccinations should be reported to the state Immunization Information Systems.”
- We should monitor and be conversant (and where possible participate) in the most relevant (but currently fragmented) initiatives to ensure participating organizations are adopting/adhering to relevant standards and laws and the initiatives are meeting strategic US goals.
- The Centers for Disease Control and Prevention (CDC) should embark on an initiative for developing a comprehensive national strategy for consumer access to lifetime immunization records, leveraging emerging technologies where appropriate. AIRA should also play a key role in this activity. Note that much of the technical development being done now involves technologies that IIS are not currently using (such as HL7’s Fast Healthcare Interoperability Resources, or FHIR). Most IIS do not have a consumer access strategy (see our earlier work on this topic). The biggest technical challenge to IIS consumer access is the inability to verify a patient’s identity based on what the IIS knows about the patient. Yet despite all the obstacles IIS continue to be the most complete, most reliable source of immunization information in the US today.
- Public Health Agencies should continue to strengthen and improve the data quality assurance programs within IIS projects with particular emphasis on data reliability and provenance. They should develop, with CDC ‘s and AIRA’s assistance, additional tools and strategies to measure and improve IIS data quality, and they should resist pressure to require IIS reporting of data before sufficient quality assurance has been maintained.
- We should all promote open source solutions that appear to have momentum and support world-wide. Software solutions for digital vaccine credentialing must have broad implementation and discourage a “have and have not” culture. Open source solutions provide the strongest foundation for equitable, widespread adoption. For a good summary of open source contributions to fighting the COVID-19 pandemic see this article published in the Linux Professional Institute blog.
It is possible that with the easing of the pandemic, even a year or two in the future, that the urgency and need for a specific COVID vaccine credential will ease, or be removed entirely, even for international travel. Access to immunization data by patients, however, will likely be a key requirement for the foreseeable future. Routine immunizations have fallen off considerably since the pandemic began so we may soon see renewed emphasis on immunization status more broadly within the population. Our systems need to be positioned now to support that broader information access requirement. Note that there will be a session on digital credentials at the 2021 ONC Annual Meeting at the end of March. Finally, for a good summary of national efforts in this area around the world, see the page maintained by the Ada Lovelace Institute.