Immunity is relative: an approach to COVID-19 transmission risk certification.
Maarja-Liis Ferry, SICCAR E-Health lead.
In a world where data is simultaneously our most valuable and vulnerable asset, the UK must act swiftly to be a world leader in setting standards and providing solutions to the issue of COVID-19 ‘immunity passports’. SICCAR proposes an open approach that relies not on a one-off, static proof of vaccination, but on a dynamic certification of transmission risk based on both vaccine and testing status.
Adaptable and dynamic certification
The UK Government states that every adult in the UK is to be offered a first dose of a coronavirus vaccine by July 31st, 2021. As plans for opening the economy, and travel, after a year of cyclical lockdowns are revealed, the issue of vaccine certification has come to the forefront. The ethics, data protection and equitable access aspects of this have been subject to debate. One thing is certain: there will be demand for trusted and certain certification of COVID-19 transmission risk both within the UK and internationally.
Industries such as aviation, hospitality, tourism, and sport have a vested interest in verifying individual risk of COVID-19 transmission. Any infection clusters linked to these industries pose a threat to future profitability and lead to potential liability associated with those infection clusters causing individual morbidity and mortality. In the context of international travel, many countries that have been more successful than the UK in supressing COVID already require proof of a negative test for entry and have begun to adapt travel restrictions to account for vaccination.
However, immunity to COVID-19 is not guaranteed. Although vaccination prevents serious disease and hospitalisation in most fully vaccinated individuals, it has a variable impact on the ability of the individual to transmit the virus. As our knowledge of the virus, emerging variants and the long-term efficacy of available vaccines develops, the definition of ‘COVID safe’ will change based on geographical location and epidemiological context, rather than spring from a globally applicable standard. Therefore, it is not a case of ‘immunity certification’, but of stratification of transmission risk relating to the specific individual and context.
Any solution must deliver certification dynamically, and tie together both vaccination and testing information from various public and private sector sources to provide an individual risk of COVID transmission. ‘A Case for Digital Health Passports’ from the Tony Blair Institute for Global Change supports this integration of vaccination and test status, and calls for solutions that are adaptable, transparent and reliable. The integration of these also allows for adaptability for international travel, in which different countries may have different conditions for entry related to the type of vaccine given, or different levels of quarantine exemption and entry testing requirements depending on the individual’s vaccination and testing status.
Current information on vaccination and testing status in the UK is siloed in various public and private sector databases, and verification of a negative test requires only the presentation of a static and easily forged online PDF. As we begin to move more freely, the issue of forged certification and unverified test providers will become more apparent. Any solution that allows a return to some version of normality must be transparent, reliable, and tied to the identity of the presenter to prevent forgery. Additionally, it must have the capacity to easily integrate future innovations such as reliable antibody status and lateral flow testing.
Building trust through individual empowerment
SICCAR proposes a distributed system to maintain the safety and veracity of personal data. Such systems will only be effective if they can be demonstrated to work in secure and reliable ways within and across domains of activity and industry. This raises significant challenges for digital data security, privacy, and trust where relevant data is aggregated by a single body in a centralised approach. Generally, a decentralised approach is better set to support privacy, less vulnerable to attack, and more resilient against failure. Additionally, this approach allows the individual to be the messenger of their own data. SICCAR proposes the integration, rather than aggregation, of this data.
The current approach to health data is paternalistic. Individuals are not in control, and often must jump unnecessary administrative barriers with several different organisations to access their own information. Personal data must be in control of the individual, and accessible by the relevant parties only in a revocable, time and context-specific manner. By democratising the individual’s access to their own data and not leaving this in the control of any single institution, reasonable digital rights concerns may be addressed. In addition, by empowering the individual to present their own data verifiably, the administrative burden of widespread demand for vaccination and testing certification on already stretched healthcare providers can be avoided.
Setting a precedent
Some answer to the question of verifying COVID risk status is inevitable. The worst-case scenario is an unequal, bloated system in which individuals are forced to jump through administrative hoops to access their own health data, and front-line healthcare staff are unfairly burdened with providing this certification. It is the responsibility of the UK Government to embrace innovation and actively participate in defining good data sharing practice both within the UK and internationally. There is an opportunity to set the tone for ethical data handling, and personal data autonomy, for years to come. To shy away from this challenge would be to willingly cut the UK population off from participation in the global economy, with a far-reaching economic and social impacts.