Digital vaccine credentials and exposure notification apps can be used to safely reopen social and economic activities and allow for more rapid and broader contact tracing. However, an official from the Government Accountability Office (GAO) said the improper implementation of both technologies sparked concerns about privacy, effectiveness, interoperability, and equity that may limit their use and potential public health benefits.
Hayden Huang, the assistant director for Science, Technology Assessment, and Analytics at the GAO, explained that users could link their COVID-19 vaccination record from an immunization registry or a COVID-19 test result from a certified test laboratory.
“A digital credential confirms the user’s identity and authenticates COVID-19 health information. It also validates the health information against the destination’s entry requirements, such as specific vaccines or tests accepted by a country or establishment,” Huang said.
These applications, if appropriately implemented, could be more difficult to falsify than a paper vaccine card. A digital credential also uses technologies that address widely shared concerns about the security and ownership of personal health information. For example, technology that addresses certain security concerns is blockchain, which enables the encrypted transfer of digital information without storing it in a centralized database.
However, some challenges do present themselves when these technologies are not appropriately implemented, Huang added. For example, a lack of clear standards for defined uses of digital credentials and minimizing the collection of personal information can undermine the security and privacy of users’ health data.
“This could limit public acceptance of digital credentials, reducing their potential public health benefits,” Huang said.
Additionally, Huang explained that the widespread use of digital credentials may exacerbate inequalities or constrain freedom of movement for those who do not have access to vaccines, cannot be vaccinated for health or age reasons, or do not own a mobile device.
As U.S. policymakers evaluate the role of these technology in the larger public health response, Huang emphasized that the following questions should be considered:
- What security, privacy, and legal safeguards might protect personal health data used in digital credentials?
- What might be done to help ensure that the use of digital credentials does not exacerbate existing health and economic inequalities, for example, by restricting freedom of movement for some populations?
- What might be done to facilitate the interoperability of numerous digital platforms to maximize the public health benefits of digital credential use?
- What steps might ensure that digital credentials can access information from U.S. immunization registries, facilitate Americans’ international travel, and other purposes?