Should companies use vaccine verification systems?

With the explosion of the delta variant, more organizations may turn to digital passports to verify employees' safety as they return to the office.

vaccine-passport.jpg

Image: ronstik/Shutterstock

With news this week that Pfizer's COVID-19 vaccine received FDA approval it is expected that more Americans will get the shots. And as more companies start bringing workers back, they are mulling whether to implement vaccine passports.

A vaccination passport can be either physical or digital documentation proof that you have been vaccinated against COVID-19.

A July survey of 191 companies of various sizes and industries found that 2.65% said they would mandate the vaccine, down from 3% in March, according to business and executive coaching firm Challenger, Gray & Christmas.

SEE:  The return to the office is a mashup of rules, increasing stress and a desire for vaccine mandates  (TechRepublic)

"An ongoing labor shortage and vocal political contingent against vaccinations may give companies pause to announce full-on mandates," said Andrew Challenger, senior vice president. "Companies may decide mandates will deter sorely-needed applicants, which could also lead to work delays," he said.

But other companies view vaccine mandates and passports as critical to their ability to keep workers safe with the delta variant increasingly spreading and some states lifting mask mandates.

"Since the beginning of July, demand and need for functional vaccine passport technology has exploded and states and companies are scrambling to find solutions to fit that need,'' said Richard Bird, chief customer information officer at Ping Identity, which came out with a free vaccine verification system called Project COVID Freedom earlier this year.

There have been incidents of people "flashing a library card" to get into events that require proof of vaccines "and getting waved through,'' Bird said. Now there are more concerns about liability and super-spreader outbreaks, and a lot more people are interested in valid vaccine passports, he said. "That's created a tremendous number of conversations."

Vaccine passports can either be proprietary to whoever has contracted to have them built, such as in the case of state agencies. Ping's PCF was designed as a decentralized approach, where the technology serves as the conduit between the vaccine provider and the vaccinated individual, Bird said.

"We don't have any interest in monetizing your personal data,'' he said. "Our solution empowers people to show their vaccine status at their choice."

PCF acts like a digital wallet that resides on a person's device and the vaccine information is held by the provider that administered the shots, he said.

"We sit as brokers in the middle as the pathway to keep the information current,'' Bird said, adding that PCF is not consumer-facing and it is up to Ping's customers—the healthcare provider networks, hospitals, insurance companies and pharmacies—to provide it.

Interest has grown because there has been an over-reliance on physical vaccine cards "so there is assurance of the validity of vaccination,'' he said.

When PCF is implemented it will also enable healthcare providers to send notifications when a person is eligible for a booster, Bird said. He anticipates PCF being available within three to four months since customers will have to develop a web or mobile app with the technology.

The PCF passport software is secured with the same safety protocols Ping provides in all of its software, Bird said.

"Ping is not holding any information so we've got no security controls to make sure that information is encrypted at rest or in transit,'' he said. "We're doing positive verification of identity on both ends, and authentication and authorization for transit of those identities."

The authorization component creates a mechanism to keep vaccine passports valid, he said.

The only downsides to a digital passport program are when they are built on old architectures, Bird said. "I also see negatives to vaccine passports where any of the data is used either explicitly associated with the vaccinated person or anonymized data being used for revenue purposes, monetization. Those examples exist."

The decentralized model helps ensure that data will not be aggregated and monetized, Bird said.  

"I'm not trying to be biased and say decentralized is the only way to go, but you have to call into question models that aggregate huge amounts of data when they have been shown to be not well protected and big tech organizations [are making] money off your data,'' he said. "Those models will lead to consumer distrust."

Also see