Tech companies are racing to build smart vaccine passports. But technology isn't the only problem

Estonia is leading the way in developing digital vaccine certifications, but the biggest headache has nothing to do with technology.

What are digital vaccine passports, and when will we get them?

As some countries around the world start vaccinating their populations against COVID-19, the idea of creating digital "vaccine passports" is gathering pace. Among those leading the way, the Estonian, Hungarian and Icelandic governments have all signed up to pilot a technology that would allow people who have received the jab to prove their health credentials at the scan of a QR code. 

Dubbed VaccineGuard, the platform's goal is to link between various agents, from the vaccine's point of manufacture all the way to the border guard controlling an individual traveler, to create a system in which reliable information about the immunization process can be shared across myriad different sources and countries. 

For citizens, VaccineGuard would be, in simple terms, a digital version of the vaccine certification document that is already issued by the World Health Organization (WHO), also known as the yellow card, which works as an internationally recognized medical passport that carries individuals' vaccination records.  

SEE: Rural America is in the midst of a mental health crisis. Tech could help some patients see a way forward (TechRepublic)

VaccineGuard nevertheless comes with some technological upgrades: when administering a vaccine, healthcare providers will be required to generate a digital certificate in the form of a QR code, which patients could in turn access via email, through an app or as a printout. The code will act as a verified proof of vaccination that can be displayed when required – whether that is to travel, to go back to work or to attend a public event. 

The company behind the platform, Guardtime, also announced a partnership with vaccine manufacturer AstraZeneca in Estonia, to further expand the scope of VaccineGuard's data ecosystem. Using blockchain technology, vaccine manufacturers will be able to serialize the vials they produce, creating a birth certificate of sorts so that products can be tracked all the way to their point of administration.  

This will not only play a key role in ensuring that no jabs are counterfeit, but also enable health authorities to check that the number of vaccine certifications issued on the platform match the number of vaccines that were actually delivered and administered. 

Ain Aaviksoo, the chief medical officer of Guardtime, explains that the end-goal is to cement the reliability of the vaccination process – and to ensure that when a citizen presents their digital vaccination certificate, the validity of their health credentials can effectively be verified.  

"All the data is kept in one information space," Aaviksoo tells ZDNet. "This increases the integrity and reliability of vaccination as a procedure. We can give independent, auditable guarantee that the data presented is based on truth." 

VaccineGuard is being piloted as part of an agreement signed between Estonia and the WHO last October, to collaborate on developing a digital certificate of vaccination that would work across borders, also called a "smart yellow card".  

Guardtime is only one of the companies to have jumped on the opportunity to create a digital version of vaccine passports. Only last week, for example, Microsoft, Salesforce and Oracle joined the Vaccination Credential Initiative (VCI), with the view of developing a technology that will allow people who have received the COVID-19 vaccine to keep a record of their immunization history in a digital "Health Wallet" app on their phones. 

In India, the Co-Win app is already at work, providing real-time information about vaccine stocks and individualized tracking of those who have been vaccinated. Other platforms such as CommonPass have also been developed for individuals to document their COVID-19 status, for example while they travel. 

"Guardtime is one of the different vaccine certification options out there," Marten Kaevats, the digital advisor to the government of Estonia, tells ZDNet. "And it's likely that every country will be choosing a different type of vaccine certification that is not necessarily VaccineGuard." 

"We are not pushing one particular private sector company," he continues. "Our main goal, rather is to make all of those different solutions work together." 

SEE: Diabetes monitoring is having a smartwatch and smartphone revolution

Fundamentally, explains Kaevats, vaccine passports can only work across borders if there is certainty that all the providers of immunization certificates are legitimate. In other words, it is one thing to digitize vaccine certificates – but it is another entirely to make sure that all the certificates from different platforms are trusted around the world. 

Enabling this global agreement on vaccine certifications is what's really at the heart of the WHO's agreement with Estonia. The idea is to come up with a framework that different digital platforms will adhere to, ranging from a whitelist of certified care providers to the key information that needs to appear on the vaccine certification. 

Without unified standards, in effect, even the most cutting-edge technological solutions will fall flat, lacking the reliability that needs to underpin the initiative in the first place. 

The service offered by VaccineGuard, for example, relies on "trustworthy" healthcare institutions issuing vaccine certifications, and QR codes can only be created by issuers that belong to a list of authorized organizations – but much work remains to be done to define who those authorized participants should be, and what criteria they need to meet. 

"How can one government trust information that comes from a random hospital in Estonia, for example?" says Kaevats. "If you get vaccinated in a hospital in London, how can I trust that the information delivered by that hospital is reliable? How do I know that this hospital even exists?" 

The issue, therefore, has more to do with international law than technology, says Kaevats. "It's about creating trust between governments, and between the government entities that certify medical institutions. What we are piloting, really, is this global trust architecture that needs to be in place," he says. 

SEE: Technology's next big challenge: To be fairer to everyone

The Estonian government and the WHO have started building the foundations of this "universal trust framework" with Iceland and Hungary, which have also decided to use Guardtime's technology; and more countries are expected to get involved over the next few months. By the end of May, as countries gather for the World Health Assembly, Kaevats hopes to have a working pilot in place to encourage nations to jump on board with the project. 

It might take some time, therefore, before the designs for a smart yellow card put forward by technology companies open up international travel on a truly global scale. Guardtime's Aaviksoo, for his part, is readying for strong collaboration between the private and the public sector in the weeks to come. "It is very important that we define who guards the access to these documents," he says. 

"It is absolutely necessary to build this in a robust manner. Even if you don't see the other side of the ecosystem, you need to be certain that what is revealed to you in this digital form is valid."