As the COVID-19 vaccination rollout continues, and people envision resuming some sort of normalcy, there has been growing discussion about the need for some sort of vaccine passport whether it’s a physical card or more likely a digital solution enabling people to seamlessly and securely access their COVID-19 vaccination records.

Understandably, requiring a passport has political ramifications, and a huge chasm exists between theorizing and realizing such a massive scale project tied directly to personal health care information.

Despite the undeniable challenges, a number of well-known technology organizations have already jumped into the ring going through the motions of exploring exactly what would be involved.

Having participated in a similar exercise while developing AT&T’s mHealth platform, Mike Joyce, client strategist and engagement partner with Theorem, shared his thoughts on the digital passport.Mike Joyce TheoremTheorem’s Mike Joyce

IW: What are the challenges in actually deploying this system effectively?

Joyce: Technical solutions for systems like this are well understood and are based on cryptographic protocols that go back decades. These are the same protocols that empower the internet (Public Key Cryptography).

Effectiveness of these types of systems are usually hindered by two non-technical challenges: a. Public trust, b. Adoption and integration. These are correlated but have distinct and sometimes opposing goals; there are tipping-points for both.

Public Trust. “How might we explain some of the most complicated math in the world to the average person being vaccinated?” 

More so than “the system says that I have a vaccine.” How do we actually know for sure? There are mathematical proofs that can guarantee the trust of such systems, but how do you explain such proofs in a way that is convincing?

This is a hard problem that can be solved with effective communication and education, the reliance on the credibility of institutions, trouble-free and highly communicative UX choices, and the momentum of feedback loops related to positive public outcomes. For instance, being able to go to your favorite restaurant with this app in a safe and trouble-free way.

Integration, Incentives, Vertical Adoption. How might we incentivize vaccinators, and it’s related value chain, to invest in IT integration to enable widespread distribution so that the system is adopted, useful and trouble free?

The value chain of healthcare in the United States is especially complicated. I would summarize it in the following categories:

  • Research institutions invent technologies (like crypto protocols): This is what MSFT, ORCL and CRM have done here. In this case they have produced a working concept.
  • Software companies creating software, which is then sold to healthcare providers, insurers and care recipients.
  • Insurers, who are rarely involved with the direct application of care, but instead rely on a network of care providers. Insurers are often aggregators of patient digital medical records. These insurers rely on MASSIVE IT systems, which are often fragmented state-by-state to manage and process medical records. These systems are focused on billing practices and reconciliation. These systems are heavily regulated by HIPAA and other state insurance regulatory bodies. Statues and guidance vary wildly by state. 
  • Care providers. These are frontline workers composed of hospitals, small practices and retail care providers like Walgreens and CVS. The software systems employed by each care provider vary wildly in complexity, scale and capability. Small practices are likely to be reliant on outsourced SaaS care management systems.
  • The care recipient. This is the person actually receiving care in the form of a vaccine. They will first and foremost need a digital medical record, which must be stored someplace in a HIPAA compliant data store, must be easily retrievable via an app that integrates with all of the software that is used by #2, 3 and 4.
  • The retail establishment.

This illustrates a classic problem in implementing technology – vertical integration. A system as described requires vertical integration throughout the entire stack. Each of the steps in the stack has its own integration points, statutory compliance steps, internal teams with different cultures, resource constraints and individual incentives. 

IW: What are the keys to overcoming the complexities? And what would a successful deployment actually look like?

Joyce: The complexities here are not technical, API’s, information exchange, cryptography and rollouts are well understood problems. Synchronizing these things across five disparate ecosystems is an organizational collaboration problem, not a technical one.

As health care systems are so heavily regulated, the only way in which something like this can be implemented is by forcing incentive alignment throughout the value chain by providing guidance through regulators and institutions. 

A New Centralized System. A centralized, third party system which stores vaccine administration information would be the easiest and most straightforward approach, but this is likely to run into its own challenges.  

  • Universal, Federal ID systems don’t effectively exist in the United States, such a registry would likely face political and public image challenges related to privacy.
  • State and local statues differ, which must be reconciled with a centralized system.
  • Care providers, instead of using their existing systems for managing care, would need to utilize a distinct application for recording the administration of a vaccine.
  • Centralized, federal leadership would be required.

Bottom line: “It’s very complicated operationally to run a program like this, and the leadership needs to be commanding, and from the top,” says Joyce. “This feels more like an example of what could be done, to compel regulatory and/or policy action than it does a real implementation effort. It’s the right move by the tech companies, but there is much more to be done.”