‘Health passports’ – portable proofs of vaccination, typically in the form of a smartphone app, or scannable QR code – are beginning to be deployed worldwide, and are a hot-topic of debate today in the US; but serious questions remain about their necessity, how they will address privacy concerns, as well as comply with health-data regulations like HIPAA.
Health Passports originally began as a means to facilitate international air travel. With many countries requiring proof of negative test-results before entering the country, the technology made the process of documentation simpler for processing.
Many of these same applications have now expanded to include vaccination status as well as test-results; but consumer concerns about the technology have grown as proposed use-cases have expanded to include sporting-stadiums or music venues, college campuses, or more mundane locations like restaurants.
As debate bubbles surrounding health passports, the question remains: Is the U.S. ready to implement such a system?
Recent research from DeleteMe helps clarify the current readiness of governments and private institutions, as well as the general public, to adopt this kind of technology. Additionally, DeleteMe’s survey sheds light on existing consumer attitudes towards the need for vaccination certification.
Read further to learn more about DeleteMe’s research and how health passports might impact your personal online security.
Full COVID-19 vaccinations, while growing by the week, have not yet reached the majority of Americans, irrespective of moves made by the Biden Administration to qualify as many people as possible.
Sadly, less than two percent of the world population is vaccinated, according to the New York Times. According to the CDC, less than 20 percent of the U.S. population is vaccinated.
According to DeleteMe polling, a significant share (65-75%) of those under 35 have not even had an opportunity to receive vaccinations, giving any health passports relatively limited utility in helping to speed ‘economic reopening.’ Because the number of people vaccinated is so low, even if everyone who is vaccinated used ‘health passport’ technology, that would be a very small amount of people compared to, for example, the total amount of worldwide air traffic.
Currently, states are using CDC-provided vaccination cards to provide patients with a record of their vaccination type, dates, and the administering agency or provider.
But these cards are not intended as official “proof” of vaccination in any sense — they’re for record keeping and patient scheduling. Despite this, there is still a booming cottage-industry currently faking these cards.
Official records of who has received full-vaccination are being tracked by state health agencies, but very few states are providing any follow-up documentation or digital records that would enable easy information transfer to a Health Passport application.
Of those who have received shots, only a tiny fraction has received any digital record affirming their current vaccination status. States have not yet designed any processes around health passports that enable simple and secure sharing of vaccination status with third parties.
Consumer opinions about health passports tend to vary depending on the framing of how mandatory they will be, their understanding of the potential use-cases, and the degree of privacy they provide.
A plurality (47%) support the idea of health passports, even if it means data-sharing, while 39% of those surveyed oppose health passports due to privacy concerns any 14% remain undecided.
Older respondents tend to be more opposed to health passports, whereas younger generations tend to see a health passport as “just another app.”
Going further, most of those in the “undecided category” simply want more information about how these programs are to be rolled out. Many aren’t opposed on principle, but currently have no idea (like the government) what these programs will eventually look like.
With no centralized, Federal database of vaccination records, certain “passports” may be difficult or even impossible for many to use without some kind of vaccine-confirmation standardization across states.
The general public may fear that adding complexity, some third-party disclosure of people’s vaccination status in order to confirm data for these “passports” may run afoul of Federal HIPAA regulations. That is not the case. According to a recent report, attorney Lisa Proskin:
“I don’t think it falls within HIPAA. If the vaccine required something with the doctor and the doctors were providing all of this information, it might be a little different. But the way it stands now, the person doing it, the person downloading the passport, is the one entering all of the information.”
Ultimately, the question needing to be addressed is, “how is vaccination status shared safely and securely?”
Despite the fact the CDC vaccination cards don’t function as any portable proof-of-vax-status, that doesn’t mean the information included on them isn’t valuable to scammers.
Scams involving purloined vaccination data are already springing up. False cards can be bought for a price, and researchers believe there are at least 1200 advertisements for fake vaccine cards and COVID test-results on the dark web.
Health agencies have urged vaccinated patients to stop sharing their vaccine cards on social media. A vaccine card includes sensitive personal information, the vaccine lot number, the vaccination location, and the brand used. This information alone could be used to create fake vaccination cards, potentially invalidating a legitimate document.
Even if an identity thief doesn’t get all your information on the card, they potentially have enough pieces of the puzzle to initiate various forms of targeted fraud – combining the information they do have with that available on data broker websites to create a richer profile of your identity. A hacker could then start a phishing scheme using this more robust profile, or initiate online/real world harassment attempts.
As mentioned in our previous coverage on the topic, privacy concerns surrounding health passports have remained high.
Some of these concerns have been validated by recent events, like a recent breach of European health regulators which resulted in vaccination data being leaked online. The Health sector remains the number one target for hackers, because of the high concentration of personal information these institutions manage, with relatively low degree of security and privacy protocols compared to other private sector areas.
FCC has also recently warned consumers about an expanding range of COVID-related robocall scams — schemes offer fake testing kits, cures for COVID-19, often primarily targeting elderly and underprivileged people.
If you’re concerned about the privacy issues that surround the COVID-19 vaccine, vaccination cards, and health passports, there is a way to protect your personally identifiable information. Visit joindeleteme.com/health-passports/ to learn more about how our Privacy Advisors remove your information from data broker websites. If you are wondering where your personal information might be found, use our free scan tool at https://joindeleteme.com/scan.
DeleteMe is our premium privacy service that removes you from more than 30 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.
Save 20% on DeleteMe when you use the code DIYPRIVACY.
Our privacy advisors:
Save 20% on any individual and family privacy plan with code: BLOG20