On newspapers and televisions in Europe a heated debate is going on: should a passport be issued to people that have been vaccinated (such a passport would facilitate access to public transportation, restaurants….)?
There are reasons for issuing, and using, these passports (mostly economic ones) and there are others for opposing them (they would discriminate those that have not been vaccinated, including those that for a variety of reasons cannot be vaccinated…).
However, I am not addressing the pros and cons in this discussion, what piqued my interest is the VCI, Vaccination Credential Initiative, and more specifically its composition: Microsoft, Salesforce, Epic…. Sure, there are Healthcare institutions, like the Mayo Clinic, but most companies are from the IT sector. This is their statement of purpose:
The Vaccination Credential Initiative (VCI) is a coalition of public and private partners committed to empowering individuals with digital access to their vaccination records based on open, interoperable standards so they can:
protect and improve their health, and
demonstrate their health status to safely return to travel, work, school and life while protecting their data privacy.
Participating health organizations (“Vaccination Data Sources”) agree to provide individuals with digital access to their vaccination records using the open, interoperable SMART Health Cards specification based on W3C Verifiable Credential and HL7 FHIR standards (“SMART Health Cards”) and be listed in a common registry of issuers. Vaccination Data Sources can provide individuals with access to their SMART Health Cards via:
Digital wallet apps that adhere to the SMART Health Cards Framework
PDF or paper printed with QR code referring to the SMART Health Cards
Participating technology and other collaborating partners agree to support Vaccination Data Sources in issuing SMART Health Cards.
It is a sign, to me, of the growing relevance of the IT technology in the healthcare domain.
VCI is a US based initiative, I guess we will soon see an equivalent (hopefully interoperable) initiative in Europe and in Asia. Actually, China has already implemented, and enforced, a sort of digital health passport that citizens have to use to access public transportation, public offices and more. It is a QR code displayed on their smartphone containing Covid-19 relevant information. The color of the QR code indicates if a person is allowed to move around, access public utilities or is subject to specific restrictions.
South Korea has been using data provided by smartphones, payment transactions and safety cameras to create logs of people whereabouts (see picture).
For most Western people this tracking screams of privacy violation but it seems that this is not the perception of the lay person in those parts of Asia. Actually, most people consider tracing technologies as helpful in controlling the epidemic and in providing awareness of risk to the individual. The balance between personal privacy and societal benefit is clearly shifted towards societal benefits.
In my circle of friends and acquaintances I have noticed a progressive shift of perception in that direction as well, although from a personal advantage point of view. In other words, Western people seem to be more and more willing to trade privacy for the benefit of being freed from restriction of movement. People are willing to have a passport, and be traced, if that means they can resume their previous life style (now I am vaccinated, so I should be able to go to restaurants, travel… ).
The proposal made within the Digital Reality Initiative attempts to fill the gap between privacy and societal benefit by using Personal Digital Twins -PDT- to decouple personal data from their meaning at societal level. As shown in the graphic the idea is to have for each person a mirroring in bits of that person status and “story”. This set of data is used locally for risk assessment and this evaluation is shared with the healthcare institution without releasing identification data (to protect privacy). The aggregate of all risk assessments done by the healthcare institutions generates (through data analytics) a map of risk and this is used to decide proactive measures (like confinement, wearing of protective masks…, closing of shops, restaurants, limit public transport capacity…). This measures and the areas where they need to be enforced are communicated to the Government institutions that evaluating the overall risk against other considerations (including the impact of measures on the economy, the availability of resources…) will take a political decision and dictate/enforce containment measures.
These measures are communicated to all PDTs that in turns will make their Physical Twin (the person) aware of the restrictions, Each PDT knows if some of those measures apply to its physical twin and will create “localised” awareness. Up to this point there is no privacy violation, the Healthcare institution does not know who is affected nor the Government knows who has to be subject to restrictions. It is like deciding that because of a growing number of car accidents in a certain area a decision is taken to enforce speed limit in that area. Nobody knows who is actually driving there and signs are posted to make drivers aware of the speed limit. However, if someone exceeds the speed limit than a speed trap will detect it and that person will be fined. Likewise, if a person decides to violate the containment measures the Government institution will be notified (by the PDT) and that person will be liable.
Independently of the solution used it is clear to me that bits are becoming a powerful weapon to fight viruses and this will probably be a lasting legacy from the current pandemic.