A privacy preserving approach to sharing COVID-19 test status.
The COVID-19 crisis will subside and millions of individuals will need to get back to normal life.
The only way to ensure that the pandemic is contained is by increased testing and verification of the population. Therefore, individuals must have the ability to share the results of their COVID-19 test with unrelated parties via proper consent and in a secure manner.
The discussions around a COVID-19 certificate grows louder, as economies around the world remain in turmoil, due to the inability to re-open and define the new normal until testing and reporting can be performed.
We foresee the rapid deployment and adoption of a COVID-19 “passport” that enables the mobility of citizens.
A key problem is the deployment of new tools and process that are individual centric, within a complex supply chain, composed of multiple silos, compliance requirements and inflexible processes designed to protect the current status.
The key questions are— How do you provide such personal information in a way that; easily integrates to already established processes ? preserves the individual’s privacy? And can be trusted by the other party ?
This post is a discussion around a possible solution to address this challenge.
One that allows for the electronic representation of COVID-19 test status, in a manner that can be trusted by the unrelated parties, under the control of the individual. Utilizing current technology standards to enable rapid integration to current systems, allowing for interoperability between organizations and delivering a scalable solution, while complying with HIPAA and privacy requirements.
Our individual centric approach focuses on meeting the objectives of the three key stakeholders in the transactions:
The following is a high level overview of the process.
Identity of the individual
For any solution to be successful it has to provide a strong method to validate proper ownership of the identity, and their COVID-19 test results.
It also have to be able to offer method that can be used by everyone, including the forgotten and underserved communities. Individuals which may not have identity information or are unwilling to share it.
Under such constraints, we are proposing the following key modules for capturing the identity of the individual:
Individual Identity Onboarding Process
One method is for the individual that has a relationship with an insurance company or heath provider, and they want to use such identification.
The application could accept their identity information, verify it and then create a digital identity within the mobile device and while bind it to the device with their own secret or pin number.
The second method, are individuals that may want to use their legal identity documents, like drivers license or passports, where instead of using the information from a medical provider. Once the information is validated, they could use that legal identity to create a digital representation, and bind it to the device with their own secret or pin number.
The third method is to provide an ability for individuals without an identity document, to be able to create a unique identifier for this process, binding the electronic representation to the device to ensure the same level of assurance when presented.
To achieve this objective, the application could use the facial features of the individual to create a unique digital identity (self credentialing) and bind it to the device, with all of the information remaining within the control of the individual inside their device.
The objective is to make sure when the COVID-19 documentation is presented, the unique individuals are representative of the proper document, in a way that can be verified by the unrelated party, in a manner that they can trust.
Reducing any fraudulent or misleading activity via impersonation or identity information sharing.
COVID-19 Test results gathering:
Gathering the information about tests in a trustworthy manner in a fragmented and decentralized healthcare environment is a major challenge.
For the information to be trusted, the application must provide transparency to the original document, otherwise the system can be altered, reducing its value and possibly exposing society to a resurgence of COVID19 cases due to increased mobility and personal interaction.
To achieve this objective a solution could deploy multiple methods to gather the data.
The first and more direct method is via a direct API link with the testing labs. We recognize the challenge of this process, as it requires the integration of a current operational supply chain into our process.
An alternative, is to use the identity of the individual, and based on consent, to use a delegated identity method. Where the user ‘s digital identity allows the gathering of the test result information from the appropriate source of truth.
Once that information is gathered, the Covid-19 test results would be digitally signed and encapsulated inside a cryptographic envelope to ensure provenance, security and privacy.
Authentication for COVID-19 Results Presentation:
A second component of the application is the use of strong authentication to ensure that the information that is being presented is being presented by the proper individual, the one that owns the test results .
The use of FIDO as the standard authentication protocol, provides interoperability between multiple systems, provides a password-less experience to the user.
Leveraging a method that allows a path for identity verification prior to authentication, the application can deliver a strong level of assurance to the unrelated party, before COVID information is shared.
We foresee this activity to happen in person, as the individual is
looking to gain access to a facility and knowledge of their current COVID-19 status is paramount to gain access to the location.
COVID-19 Test result presentation:
The final component of the framework is the sharing of information to unrelated 3rd parties. We have used the same thinking as during the identity component, to focus on the lowest common denominator to be able to provide multiple methods to share the information, based on the needs of the unrelated party that needs it.
Our key objective remains the same, rapid integration and adoption, while giving them the flexibility to determine the level of assurance that they require for verifying the information based on their requirements.
One and the most basic, is once the user has properly authenticated , is to represent the information of the test results as a static QR code that can be read by a standard reader, and would limit the information displayed to the individual, test date and result.
The second method is displaying the information via a Dynamic QR code that can be ingested by the QR reader and would provide a dynamic and time sensitive link to display the information as provided by the originators of the test results.
The third method could be via the electronic transfer of the encapsulated information to the relying party using a provided application or component that proves provenance mobile to mobile.
All three methods are contingent on the results of a strong authentication by the individual, restricting the information that is shared with the third parties.
Solutions will require to be:
Standards driven for scalability, interoperability and future enhancements.
Able to connect to diverse medical records or lab systems and aggregate information from multiple test providers.
Have the ability to operate at the lowest common denominators for identity and information sharing to ensure wide adoption with minimal friction
Have the ability to work within current technology stacks and processes.
Ensure compliance to current privacy and consent laws and regulations
Easy to use by all members of society.
The impact of COVID-19 will have an unprecedented impact in our society, but increased surveillance and a decrease of privacy should not be one of them. On the contrary, we have an opportunity to define a new normal, where privacy is no longer blindly granted.
This approach creates a balance that keeps the individual in control of their information while providing a transparent and a verifiable path for authorities and other organizations to gather information at that moment in time about private COVID results.
This is not a moment to trample on civil rights under the premise of a crisis. It is an opportunity to design applications that provide the proper balance between the needs of the many and the rights of the individual.
This can be achieved, delivering a solution that meets the requirements of society without inviting additional supervision or aggregation of data by either governments or large technology providers is the path forward in the new normal.