Ethical Considerations for Implementing Digital Health Credentials
By Rob Katz and Yoav Schlesinger
With COVID-19 vaccines’ authorization in many countries, we’re entering the next chapter of the pandemic. And while the promise of safe and effective vaccines brings great hope, we recognize it will take many months for the majority of the population to be vaccinated. As vaccines move through priority groups, there will need to be a way for people to maintain their health records and to demonstrate health status as we start to resume in-person gatherings. Technology can play a key role here, but it’s critical this work is done thoughtfully, making sure we do not widen existing inequities.
In June of 2020, Salesforce developed Privacy and Ethical Use Principles for Your COVID-19 Response, which we applied in building Work.com.
As vaccines became authorized, we added the Principles for the Ethical Use of COVID-19 Vaccine Technology Solution in December 2020 – with the hopes of supporting others in developing and implementing responsible solutions. Putting this to practice, we’re sharing key considerations for private organizations implementing digital health credentials.
Before we do, let’s consider digital identification, or “digital ID” itself. It’s the way a person can be unambiguously identified through a digital channel (how I definitively know you’re you and no one else). At Salesforce, we are not alone in the belief digital ID should be “Good ID” — that it should be, among other things, established with individual consent, while protecting individuals’ privacy and ensuring control over personal data. Digital health credentials are related to this type of more generalized ID (think about how I know your health credentials are yours and that you haven’t just borrowed a friend’s phone). While digital credentials can unlock access to critical services, their introduction can also introduce new risks and challenges.
Human rights and equity
With human rights and equality at the forefront, it’s important that digital health credential technologies are accessible to all — meaning they can be used by people who may not have access to reliable internet, email, and/or smartphones. For example, while 91% of Americans 65+ have a cellphone, only 51% have a smartphone; and while 93% of college graduates have home broadband internet, only 46% of those with less than a high school education do. Accessibility of credentials is critical for people with disabilities as well.
Practically, this also suggests digital health credentialing solutions should offer various means for users to present their credentials, such as through a print-out, QR code, or SMS text. Solutions should also meet accessibility standards and be offered in multiple languages.
On a broader level, the terms “digital health credentials” and “digital vaccination credentials” should not be used interchangeably — vaccine passes are important, but they can’t be the only available solution. COVID-19 vaccines won’t be available to everyone at the same time, and not everyone will be able to get vaccinated for health or other reasons. Equity demands that individuals also be able to show their health status by allowing for the presentation of vaccination status, COVID-19 testing status, or other means such as recovery status. In order to avoid a societal divide between those with vaccinations and those without, we recommend digital vaccination credentials be a subset of digital health credentials — to ensure equity for all.
Privacy and autonomy
A user’s decision to use an application or to adopt a technology should be voluntary, and with full understanding of the purpose and use of the technology. If a person elects not to opt-in, they should be provided alternative methods to demonstrate their health status.
This means that, for example, if an airline chooses to make vaccination mandatory for travel, then an individual who opts out of a digital credential should be able to present a valid paper certificate that equally proves their vaccination, COVID-19 testing, or recovery status.
What’s more, when it comes to the presentation and verification of digital credentials for travel or other in-person gatherings, the holder of the credential should be allowed the power to selectively disclose information. In practice, this means they’re able to understand what information is being requested by the verifier (for example: name, COVID status, vaccine or test issuer, date of vaccination or test) and choose which pieces of information they share.
In times of crisis, like the COVID-19 pandemic, people may also be more willing to share personal data for their own safety or for the safety of society. But, they may no longer want to share this data once the crisis is over. That’s why it’s critical to make sure users know how their personal data is being collected and used, and have the right to control that information throughout the period that data is used or retained.
For example, it’s reasonable to expect that an employer wouldn’t share an employee’s vaccine status with their health insurance provider — and vice versa — unless and until the employee expressly consents for that information to be shared. In short, it should be up to the individual to decide what they share, with whom, and when.
Trust and transparency
Trust and transparency are particularly important in times of high uncertainty. Wellness surveys were one of the first global efforts to start to identify COVID-19 risk at scale, but they’re based on the honor system, and they aren’t able to flag people who are pre-symptomatic or asymptomatic. So while they may remove some risk, they aren’t as effective in helping to prevent transmission or control the spread of the virus as an authorized test.
With more widespread testing and vaccine infrastructure becoming available, a digital health credential increases trust — it’s verifiable proof that you and those around you are COVID-19 negative, or have been vaccinated. As we begin to return to offices and in-person events, people will need to be able to trust that people’s health and vaccine status data are accurate, making the community at large safer. Finally, users will need to be able to put trust in the credentialing technology itself, knowing the technology is used for what it claims, rather than other undisclosed uses like surveillance.
Key to preventing unwanted surveillance is ensuring that no record is kept of the credential’s presentation and verification. Take driver’s licenses as an example. The government may issue a driver’s license, but they do not keep a record of each time that license is used to purchase alcohol by someone over the age of 21. Similarly, health pass systems should minimize the extent to which they create permanent records of when/where they’re used.
Key to building trust is the intentional inclusion of a range of external experts, partners, and community representatives — especially those who may be historically underrepresented. This may mean working with groups that may have less trust in technology to develop alternative solutions or including public health experts in your development to ensure the technology truly meets the need.
Our continued commitment
Technology for vaccine management presents a very new and rapidly evolving landscape — but finding ways for people to gather safely is going to be a pivotal part of getting stores and concert venues opened, trains and planes moving at full capacity, restaurants safely operating for in-person dining, and more. We support an open, safe, and interoperable system for digital health credentials that embody the principles above, which will allow people to seamlessly navigate the complex new normal. In sharing how we are thinking about the implementation of digital health credentials, we hope to help others develop and use responsible solutions that will help us all move forward, safely and effectively.