Digital vaccination records


Don't try and re-invent the wheel - Just work on making it better than anyone else ~ John Muir

Easy to use presentation of authoritative digital vaccination records will become critical going forward. Some pointers to relevant information on authoritative sources and some considerations for technical implementers.

I am not a proponent of COVID-19 immunity certificates or passports for reasons I’ve articulated before. However, I do believe in asking the question “What is the one thing we can do now to prepare for a future vaccine, that will un-block multiple challenges downstream?” One possible answer is the ability to digitally present authoritative digital vaccination records.

Requiring the presentation of vaccination records when requesting a travel visa and for other purposes is not anything new, but the presentation of such records is typically a manual and paper-based process. Ensuring that the records are coming from an authoritative source is critical, so I hope that the following pointers serve as helpful guideposts for those looking into this area.

Authoritative sources

Unfortunately, there is no national organization in the U.S. that maintains vaccination records. People receive vaccinations from a variety of places including hospitals, OB/GYNs, workplace, doctor’s office, public health department, urgent care facilities and pharmacies, and the records themselves are kept in many places.

The most authoritative sources I could find in my research are those maintained at the State level in what is known as an Immunization Information System (IIS). It was not clear to me if every State has one and if there are mandatory requirements at the State or Federal level to report immunization records to the IIS.

As an example, my state Maryland, which has an Immunization Information System (IIS) called ImmuNet, has a note that “Reporting vaccination records to ImmuNet is mandatory in Maryland as of October 2019. Please contact your doctor or school to get vaccination records that are not in MyIR/ImmuNet.”

The ‘IIS Resources and Reference Materials’ and the ‘IIS Frequently Asked Questions’ are helpful and informative in understanding more about these systems.

Data exchange protocols

The important note here is that there has already been a lot of work done to standardize the data exchange protocols at the IIS level. There is a clearly defined SOAP (!) based data exchange protocol that is documented in the ‘HL7 Version 2.5.1 Implementation Guide for Immunization Messaging, Release 1.5 2018 Update’.

The implementation guide notes that an IIS can receive and share data on individual clients/patients with a number of other systems, including Electronic Health Record systems (EHR-S). It uses Health Level Seven (HL7), which is a nationally recognized standard for electronic data exchange between systems housing health care data. The HL7 standard defines a syntax or grammar for formulating the messages that carry this information and describes a standard vocabulary that is used in these messages which is platform independent.

The guide was a collaboration between the American Immunization Registry Association (AIRA) and the Centers for Disease Control and Prevention (CDC) to improve inter-system communication of immunization records. The effort has received input from the National Institute of Standards and Technology (NIST) to improve the capacity to test conformance with this Implementation Guide.

Foundation to build on

As the need and urgency around digital vaccination records increase, there are going to be many who will try to roll their own implementations using currently fashionable technologies and protocols. However, it is important that what is new needs to connect back into what is older and authoritative.

Yes, you may have to learn about SOAP, WSDLs and Schemas, but if you can then connect existing, trusted infrastructure to a Verifiable Credentials based infrastructure, you get the best of both worlds! Are you ready?

cyberforge: random and relevant

 Tweet  Share  Email

Get the best cybersecurity research, resources and insights to help secure and safeguard the digital world.
No Charge. No Spam. Unsubscribe Anytime.