Thursday, April 7, 2022

 Oh, of all things FHIR security.

1. Well the pandemic happened.

2. A simple way was devised to upload an image of a vaccination card from a pharmacy, etc. to a provider maintained electronic health record via SMART on FHIR, and then Apple integrated it into the Apple Health, followed up by it becoming a vaccination card with QR code suitable for proof of vaccination. Perhaps not perfectly secure, but entirely sufficient in most instances for the use case. I have participated in the Linux for Public Health   and I think it made a dent in the fake paper covid records.

3. Not strictly about the pandemic which captured everyone's attention since March of 2020, now April of 2022. Indicators such as morbidity and mortality indicate that lifespan is dropping, which is to say our public health system and hospitals were not geared to face a major pandemic. This is a structural issue which can be addressed with FHIR and FHIR security. There is an unsustainable cost associated with healthcare which occurs too late. The pragmatic solution is to simplify the process by moving data to where it is needed, early enough in the process to lower those costs. To get some perspective, the entire enchilada is roughly one sixth of the entire US GDP.  It does not have to be that expensive and is not in other countries. Anyone who approaches the problem rapidly finds out that both medicine and software are highly complex, and being Amazon, or Google doesn't necessarily help because the issues of scale are defined by Population Health. Your life span can be determined by your zip code and what services you can get. 

4. Therefore it's only logical to address those costs by providing more opportunities for pragmatic approaches. Better bi-lateral data flows between community and hospitals addressing failures in the key outcomes in which the US has lagged due to poverty. Money can only partially solve this structural problem. One has to get past the obvious complexity.

5. Who are the stakeholders?

Thursday, October 28, 2021

Updating the FHIR security understanding relative to Covid-19 proof of vaccination

As Tom Jones has pointed out on Linked In, the idea of having digitally signed health records transferred to a smart phone is a major step forward. To me the point of having validated records is this:

The records (FHIR resources)  have not been changed since the data entry into the EHR "in flight" over the network in a MITM attack to the Apple iPhone using Smart on FHIR design concepts.

That validity is verified like TLS (transport layer security) by Apple's digital certificates (but they don't really know about the validity of the data being transported), it is the transport endpoint validity of the FHIR Proxy that is verified, AFAIK.

Apple is ok with this since they have a business relationship with the healthcare provider and the EHR vendor ahead of time. So if it came from the real Epic Proxy server, then the data is assumed to be accurate based on what the Healthcare Provider entered.

Or to put it somewhat differently, accurate enough to meet the risk management requirements of avoiding an "in flight attack" or MITM to change the data which in turn arrives in Apple Health. 

We don't want hackers altering our healthcare data over the network. So that is a win. Previously FHIR transferred data into Apple Health, but it was not validated. The connection was over TLS so the server identity was validated, but there was no claim that the data was valid, which accomplished via a digital signature.

From Apple Health, now on the phone, the data continues signed, (and thus unchanged)  and is deposited in the patient's Apple Wallet with name, birthdate and a Jason Web token based QR code.  There are currently discussions between the secure health card developers and the EU DGC developers to create interoperability.

That code can be scanned by a verifier. It is thus a verified health record that can be used as a verified credential wherever proof of vaccination is required.

This saved a lot of work at mass vaccination sites that could deposit the immunization record directly to the Apple Wallet instead of filling out paper cards.  However when this was first implemented the data was not signed. Now with IOS15 it can be digitally  signed.

Only in this case it comes from the EHR or a state Immunization Registry, (IIS) using FHIR. For those of us with paper CDC cards, a photograph can be uploaded to a patient portal with the data and then the EHR updated using any means within the HIPAA system to verify the data. 

There are penalties for faking data relative to vaccine records but I am not aware of any HIPAA regulations that govern the accuracy of data once it is released to the patient and being managed by themself on their device for subsequent commercial and public health use. Note this exchange of data is governed by the Apple privacy policy and not some app's privacy policy. What an app developer does with your health data is an issue in itself, as any potential secondary use of the data by the verifier, so along the way there have been design requirements to limit the use of the data. The EU has declared an intention not to create a database of the vaccinated and unvaccinated that could be exploited.

So this is a new thing, transforming the data from paper to digital, (unless it is already in electronic form) putting it into an electronic health record, (defined already by HHS) storing it in a state IIS with access by a patient,  digitally signing the data for integrity at a secure gateway,  and then putting it in a smartphone wallet and then  selectively exposing the card as a QR code to a verifier.

It is somewhat similar  to "group consensus" regarding the validity of data on a block chain that may be entirely decentralized that also ends up in a wallet, except the participants are  creating the signatures are regulated under HIPAA, compelled to release medical data to the patient, and there is a public health requirement that the immunization resource is accurate, and stays accurate from tampering.

Criminals have evaded these controls  by bribing medical support people who have access to update the IIS, and issuing fake CDC cards with valid vaccine lot numbers.

While there have been some cases of fraud where fake CDC cards have been created and medical records employees entered fake vaccination records into state IIS registries, this is a different part of the supply chain and would definitely be prosecuted under HIPAA and HHS Office of Civil Rights since fake medical records (and related billing fraud) have a long history of abuse, especially in regards to CMS. 

In fact that's why electronic signing of medical documents was proposed starting with durable medical goods like powered wheelchairs, but in general medical fraud is a huge financial  problem and prosecuted by the DOJ. Medical billing and coding is complex to say the least. 

In this case there are quite a few examples of fake CDC paper cards being printed in China and sold along with fake vaccination records. So considering the number of vaccinations taking place, and people who have smartphones, an accurate digital record that has signed validity has value.

The exact format, and how resistant it is to manipulation is the issue, but a card in a digital wallet works well since we are likely to have our smart phone anywhere we might need to prove vaccination status. And part of the puzzle is how it relates to digital identity. Some approaches prove a vaccination has taken place, but not the person who got the vaccination. Separating out these two data points is done to avoid tracking or a bread crumb trail of where the vaccination status was presented.

Individual records are not permanently signed in XML as I have proposed based on work with CMS, which would be a more difficult task of signing specific records, and still allowing them to be changed as necessary. 

This is the difference between signing an entire document, or individual fields within a document and in order to do this the XML must be canonicalized. XML digital signatures are standardized by W3C and ETSI and known as XADES and have different flavors.

Pursuant to Adrian Gropper's design considerations how has the FHIR community fared in terms of hits and misses using this approach?

What about Good Health Pass? The Smart Card format came from the Vaccine Credential Initiative and in general follows the FHIR specification, and related legislation for access very closely, but does not necessarily align with other emergent efforts like Self Sovereign Identity  Decentralized Identity, W3C validated credentials, and Linux Public Health. Nor does it map to the design for the EU Green Digital Certificate, which also uses encryption to create a different barcode coming from a health network that is tied back to individual countries who have national patient identifiers and their own IIS.  There is no equivalent national IIS in the U.S. or a national patient identifier. While the DGC gets the data from a national IIS, it uses an opaque identifier to create uniqueness instead of the actual ID in order to prevent tracking and meet GDPR requirements.

One can look at the work of David Chadwick, who wrote the book on the x.500 Directory (which Wikipedia contrary to fact claims never existed...which is very odd since I managed it in the U.S. sometime after Marshall Rose in the PSINet White Pages Project) that deconstructs what is required to make a verified credential that meets the W3C document. In particular I like how he leverages FIDO2 which is a really good way to interact with web sites, but requires generally one purchase a Yubikey to make the process simple. I use a Yubikey and it's the highest level of authentication you can use with Google, etc. and it should get rid of socially engineered account phishing for the most part. Aside from the cost, 35-50$ it is extremely easy to use.

In my last and recent third vaccination I did not bring my CDC card, I filled out all the details online, got my jab, and downloaded the results as a PDF. The PDF was inaccurate in the injection site, a chirality error. Or in plain English they got the wrong arm. My healthcare provider fixed this error. I will ask the Pharmacy why the error happened and talk to their head of security whom I have worked with in the past. Was it a simple data entry glitch or a more serious IOC. I don't know, but the patient in this case fixed the error before it ever became a problem. That's really the point of looking at your own records, you don't want someone taking out the wrong kidney for example. Inaccurate, or invalid medical data is a common source of medical mistakes. One of my early motivations to debug medical errors was watching my wife go into shock while in the  ER and require 3-4 units of blood due to a test processing glitch on a weekend. One could blame that on bad triage in the ER,  but a proper supply chain on the test results not available in the 1980s would have gotten her to the ER way before it got that far because the bleeding was time sensitive.

What was interesting to me was that while the results were available as a PDF I was not able to import the data via FHIR. Other immunizations were available via FHIR.

This is data available for other business units of the same Pharmacy. 

The first pharmacy where I got my two shot jab doesn't even have a way to download it, it goes right to a company that has their own covid-19 app, and if you want to use that app, the privacy policy says they own it in perpetuity. 

Surprise, you didn't want to wait in line at a concert, use the app, and now they own your vaccination details! They make you consent and acknowledge you read the policy. And chances are, like others who also agreed to the privacy policy, it will end up like the famous episode of South Park with the human centipad. 

This is independent of vaccination records, but vaccination records are now a current use case. 

As a result there are many different ways to digitally represent this data, and different privacy policies that apply to those apps. Some apps want you to sign over all use of the data just to transfer the data from here to there. You don't need to do this and you should read the privacy notice. But you will not. And you will lie and say you did, just to use the app. This is normal.

Smart on FHIR is part of 21st Century Cures Act, and sort of a mushroom compared to the hyphae of the entangled set of medical records that exist worldwide. Patient Privacy Rights tracks this.

A lot of money is made in the aggregate transfer of medical records. 

Medical professionals 10 years ago were blocking access to medical records, that is now prohibited, the issue is now how to preserve privacy when those records are released and not part of the HIPAA business layer which papers over security issues on a business layer rather than a math layer (say the difficulty of factoring primes in Public Key Encryption) regarding the confidentiality of records. This directly affects encryption. 

HIPAA primarily relates to business associates and covered entities, but like the privacy policy no one in a hospital has actually read it except for the Privacy Officer. I once had my provider fail to provide requested digital information for "security reasons" which they finally admitted was simply a NDA on releasing data from the EHR vendor. This flat out lying and attempt to intimidate users is now criminal. Before it simply killed people when they failed to get the right information, because adherence to the doctor's treatment plan is incredibly important to prevent hospital re admission.

Sec. 4003

  • Defines interoperability as HIT technology that: (a) enables the secure exchange of electronic health information with, and use of electronic health information from, other health information technology without special effort on the part of the user, (b) allows for the complete access, exchange, and use of all electronically accessible health information for authorized use under applicable state and federal laws and (c) does not constitute information blocking.


The flows of medical data are enormous, and largely out of control from the individual end user who clearly does not understand HIPAA, much less the relationship between HIPAA and network encryption! 

How then to apply best apply security and thus understand risk?

Even with this obvious privacy breach, one can live a healthier life being aware of the data that reflects your current medical condition. This is situational awareness. 

It's not just how many steps you have taken from a wellness perspective, (which is good data) but all other data which might require medical  intervention that your primary care physician coordinates for you with various specialists. In general, things that would have killed you previously, like co-morbidities are treatable with the right interventions. Left untreated, such as in the current pandemic where wards are overflowing with unvaccinated covid patients, there is a much smaller chance of good outcomes for the non covid infected that need normal access. 

FHIR lets you communicate with your Electronic Health Record maintained by your provider, so it is a good thing. 

Literally one can  get a blood panel lab lying in a hospital bed and see the results on your smartphone minutes after it was put in the EHR. You will know before any one else reads it.

Say for example you had internal GI bleeding after surgery and had some blood transfusions, you know what your hemoglobin was before surgery, and now it is much lower. What needs to be done to stop that bleed?

At that point you want a plan. There is going to be an awful  lot of data that your care team will be analyzing before you are discharged. 

In particular, before the vaccines were readily available, going to a rehab facility might have been questionable versus going home and getting a home care nurse. These are all decisions with a certain amount of risk during Covid-19, and especially different variants and age of the patient.

Needless to say there are some real penalties in countries like France for using fake health credentials. Some people have been fined at Canadian airports for fake paper CDC cards, but the digital versions are still quite new. 

Some fake digital credentials will pass an inspector for the European Digital Green Certificate. 

And just as likely be caught if someone is stupid enough to try and use one posted to the Internet. Because valid identity does matter even it the vaccination data is hidden behind a zero knowledge proof. Scanner says vaccination data is good, green check mark. Name is Adolph Hitler born in 1931, think it is fake? In Africa I read that 80% of the Yellow Fever cards are fake. 

The immunization record has its own very specific history since the paper International Certificate used since air travel began,  the FHIR immunization resource is a distinct use case but also the same as other medical records in that FHIR can be used to transfer the data and is largely secure, with some exceptions.

How can patient control of data be made actionable?

Putting medical data under patient control lines up with patient centricity and in the larger goal of actionable data directly under consumer/patient control which stems from Patient Privacy Rights and Adrian Gropper specifically.  since that was published in May, it's interesting to take stock and see how we are doing so far because the design has tradeoffs. We should have a good idea how identity and consent work when this data is networked. We may need additional data to keep up with variants.

The idea of SMART on FHIR before having FHIR SMART card was to have an iPhone like application. 

Except we have skipped that step presently with IOS 15 to practically have the concept (and thus privacy) built right into the IOS.

Digitally signed (and thus validated in terms of origin from a FHIR SSL proxy) health records that are patient usable in a simple way are a sea change in the Health Information Technology field. 

My approach, which is different to sign the individual XML using ETSI standards has yet to be adopted. It's a much more granular approach and can express privacy restrictions on subsequent use of the data which can be linked back to privacy rights. It does not necessarily divorce identity from the vaccination record like the DGC which uses an opaque identifier. It more so says, here is validated data, this is me, here's a way to validate it and I require you to treat it according to policy. There is no attempt to achieve a Zero knowledge proof that says "fully vaccinated" or not. 

Or reference to a rules engine to make decisions. Some approaches like Evernym do use this approach, and like the red/green don't reveal the actual data just the status work flow. 

This flows back to 1990's concepts of identity versus anonymity, except in many cases, (Ever "Nym"), or say IBM's Excelsior covid pass, the app does not attempt to establish or verify identity. This is a philosophical design difference. 

Linking that data is done externally, so one presents an anonymized health records (yes I have been vaccinated) according to a policy rules engine, but I still need to show external ID like a drivers license to prove I own that record on my Smart Phone. 

So far the  only time I have had to prove in Philly that I was vaccinated to eat breakfast inside, I showed the Apple Immunization Record from my digital wallet and no ID. (Actually I showed a screen grab of the record since I went back a version in the IOS and it made it disappear from the wallet, but it was still in Apple Health when I reverted back to the developer beta, and I just added it back in). 

Will this work in NY without the Excelsior App? It will work in Los Angeles since they are Apple compatible.

I explain how this XML signing could have worked at Pahisp.org but in all practicality we have a lot of different apps, a stab at defining credential standards with Good Health Pass, which has some excellent requirements, and a now a practical application of a minimized FHIR immunization resource imported as Jason Web Token and barcode into Apple Health, and Apple Wallet.

CBOR versus JWT

That works very smoothly. It is however currently incompatible with 591 million European Digital Certificates that are generated by the European Health Network from Country Level Immunization Registries, "Tous Anti Covid" for example done by France which uses CBOR instead or JWT. 

Each country has their own app. States in the US have apps, but there is no Federal certificate app. C=US could potentially resolve this interoperability problem but the EU allocated money to fix this and the U.S. government did not. So if you live in California you can use the FHIR Smart Card to create a wallet entry in Apple. 

The difference is that Apple in IOS 15 integrates this into Apple Health, which is FHIR based and homes back to a list of approved healthcare providers. 

Any HIPAA based messaging system can load an Immunization record onto Apple's wallet. This was done very early with LA county mass vaccination sites. 

To contrast when I got interested in HIT networking in discussions that date back many years. I remember going to a conference for developers of "Connect" where a woman spoke about keeping records from different doctors in different systems in paper files in boxes in the back of a Volvo for her husband to avoid unnecessary testing and to keep various doctors informed without duplication. At that point we were only talking about a gateway between systems. Now we are talking about portals and phones that can publish records directly to a doctor. That's a lot of progress.


I intend to write a Medium article on a practical way to use a FHIR smart immunization record using Apple, it's very simple to scan the barcode in an Epic Patient Portal and import into an Apple Wallet. The FHIR Smart Card is not compatible with the European Digital Green Certificate. I have the Tous Anti Covid Apple App, and since the FHIR barcode is made as a Jason Web Token (and valid) the TAC will not scan it since it expects a record in CBOR signed by the French Health system. It probably would scan one of the fake entries currently existing on the Internet.


I mentioned in a meeting with Kaliya (identity woman) of Linux Public Health that I felt a lack of digitally signed health records on smartphones was a significant drawback to moving forward and this has now been addressed. It would appear with DGC that the signatures are not entirely bullet proof. I suspect they are ok with the JWT, but I don't think anyone has seriously tried to hack one. 


 In this case Apple addressed it using their own smartphone built in apps, namely Apple Health, which uses FHIR, and a selected list of providers. The list of approved providers is the "business layer" that holds it together, so there are prerequisites. It is a very specific way of applying standards, and obviously Linux Public Health and Good Health Pass have  an ecosystem POV that does not require Apple, and a specific health care provider. FHIR itself is HL7 based, and thus agnostic, but the developer discussions took place in the FHIR discussion boards, and the security concerns are being currently addressed. Of course consumers have no idea regarding the scope of these discussions that are largely ongoing.


Once you get into the finer details on how you sign health records and the mode of transmitting the records, then standards as well as consumer behavior come into play. Of course there has been a lot of press recently regarding the white hat pen testing of FHIR API used by aggregators, and related insecurities exposing millions of patient records. Not the FHIR API itself, but as John Moerkhe has noted and Hl7 has announced, specifically the aggregators that pull down medication lists, etc in bulk.

I am still looking into that, I read the excellent FHIR API hacking report,  and the Burpsuite Pen Test examples and will post what I learned.

Friday, October 15, 2021

A glimpse back before a lot of progress in digital Covid credentials

 FHIR Security after a year of Covid-19 


Smart on FHIR applied to covid-19 credentials.


So we now have a significant amount of people who have been vaccinated and the response of the developer community to build covid-19 credential apps has been tremendous. I have Smart on FHIR developer accounts that I signed up during a blockchain conference, and was firing up one of those clients to check out basic transfer of Immunization Records to the client. Of course I also have Apple Health on my iPhone. Basically that works extremely well. When I first started writing this blog post I came across some anomalies in OAUTH that gave me pause due to a data transfer failure to one of the Smart on FHIR clients where I have a developer account. So I started poking around OAUTH security. Note I saved this as a draft meaning to circle back after doing some investigation, so this is a not current to the published date since there has been considerable development since this point.

Thursday, April 22, 2021

 

Topics to explore as this continues to develop since March of 2020 when we started exploring blockchain and PKI to do "immunity passports" to reboot the global economy and specifically tourism in a privacy by design effort that will not create additional "surveillance capitalism".  Part of the effort is about making this work practically and not be a referendum on digital identity and cryptography topics such as Decentralized Identity. Parenthetically, you can spin up a private preview of DID in an Active Directory instance in the Azure cloud that is priced at $9.00 per user to play with the technology.

This is a rapidly developing news topic and a blog post can't really keep up.  While I have a general idea how this can work using international standards, the harmonization effort is better than expected, especially if we can use PKI. PKI is the dominant security technology for the Internet. 

However the harmonization effort is in full swing to make this an economic recovery and health collaboration on an international scale. As of this moment (and entirely subject to change) even if you are fully vaccinated, there are still many travel advisories for many destinations from the U.S.  How long will vaccination immunity last, and therefore making travel plans? One thing seems clear, variants will be around, and booster shots with different tailored MRNA and thus updates to an electronic FHIR Immunization record. XML digital signatures and segmented privacy tags are a power set of standards to deal with updated data where covid-19 shots may become the equivalent of Flu shots, with updated immune responses.

I am ready to activate my IP for c=US as part of the development effort to foster economic development and have considered many approaches to do this. It is illustrative to see how various organizations are self organizing to develop requirements and where the actual information blocking is taking place that is part of the U.S. healthcare system, and addressed by 21st Century Cures.

The "passport" nomenclature or trending topic in the news has been retired in favor of "credentials' and specifically Verifiable Credentials W3C standard, digital signatures, in some instances PKI is now favored by EU and WHO as a simple to set up validation mechanism similar to what is done by the ICAO with e-passports using a Public Key Directory or PKD. 

Linux Public Health has had good coverage and discussions to lead into the topics. VCI and Mitre has created a FHIR IG. Validation of the data is an important topic with people faking their own CDC shot cards and getting arrested and fined in Airports for doing so. 

https://pahisp.org for details on the FHIR IG effort to introduce medical documentation XML digital signatures to FHIR Immunization Records that can be verified internationally.

Developer resources on covidcleared,org to boot a developer community based on ITU Open Systems, since I am a ISO developer. 

Multiple Vaccination and Covid Test documentation projects are now in play and widely covered in the news, especially the Washington Post by Diamond and other journalists.

How will this all sort out? Is the CovidCleared effort taking root to have people self-validate their vaccination status in a privacy preserving way? Various consortia seems to indicate convergence.

I am researching how the 2015 Certification criteria for EHR was applied to the EHR to IIS linkage. It looks like most state IIS should have a bi-lateral communication link with a State IIS to update the IIS or conversely update the EHR for the patient. I think I will make a request for my use case to get my EHR record updated from the IIS. I was able to upload the shot card from the patient portal but the problem remains with validation versus self reported.

States like Fla and AZ have banned Covid-19 electronic validation for commerce purposes.

Tuesday, February 9, 2021

Increasing Harmonization of Electronic Verification of Identity based Vaccinations

While there are still a lot of bad assumptions regarding Identity, (and let me remind you I coined the 'term identity management" to create new approaches and this has clearly taken off with it's own momentum!) I have an opinion. It's the harmonization and management part that is a challenge. 

This thing about a virus having economic impacts is well known. It goes beyond lockdowns. There is a long history of which 2020-21 is one chapter, and the effects are unfortunately predictable.  They were predictable when there were only a handful of infections in the US and before there was uncontrolled community spread. It is the nature of how the economy is wired before the pandemic and how much change can or should occur. There are cascading sets of requirements that inevitably coalesce around identity. Other concepts like mobility and tourism also play a role.  So of course everyone thinks about the International Vaccination Record or Yellow Card.

While it took some time for the "identity gang" to create some definitions that were beyond the ISO concepts in the x,500 Directory they managed to persevere. Along the way came concepts for privacy that involved the use of multiple identities for different purposes. And also the perennial anonymous versus identified attributes that has been updated to SSI, or self sovereign identity rather falsely compared to "centralized" approaches. This is highly relevant to a vaccination, and vaccination proving approach and thus has a long history. A lot of this surrounds the issue of "Trust" which lies as a central concept of security controls. In fact, we overload trust with too much baggage. We need to replace trust to the extent that we can with math. The concept was studied by Lincoln when he read math texts in his tent. It is built into c=US in terms of equality and thus is highly relevant to the problem at hand.

So throw a lot of technology and startups at a problem and still aim for harmonization using existing standards. 

There are now lots of competing companies and standards in the identity space, while c=US is arguably the original with a clear provenance back to at least 1993. One can read the RFC on the Internet side, and see where it started. One can also see how cryptography as developed under ISO x.509v3 greatly enhanced commerce, but also represented in the recipe a loss of identity for the end user.

Obviously one will have an entirely different view of the elephant depending on one's orientation.

So having a software architecture that preserves privacy is important. Let's see how that can be at each layer of the business process model. In other words, don't lead with doing facial recognition because some hacker will gladly spoof that approach, or a finger print.  Sure it makes for great graphics like the illustration in the video, but also consider how facial recognition is being applied in China.

Using smartphones. Sure why not. We can already build apps, and of course so we do. Will that serve everyone? Probably most border crossing travelers. But not everyone.

Is it ethical to make economic decisions based on presumed covid-19 immunity? That is worth considering in depth, but in fact it is already taking place in the real world. The question is then how to achieve the privacy requirements.





Tuesday, December 1, 2020

A Covid-19 Architecture for Restaurants

I think this is the perfect application for the covid cleared architecture! I want to partner to save the restaurant industry before it is too late. Get introduced by a Top Chef as their branded solution.  All the parts are essentially in place. This allows them to have normal indoor dining. Think of it as a personal chef that works for your family except your family is the group of people you dine with at that moment in time. This can start out with high end restaurants, and then migrate to smaller scale restaurants for developers who choose to use the architecture or API. I also want to offer on line training on how to do this with a major programming skills market place. 


A couple points. This is not an anonymous app like Google-Apple .It is a highly permissioned app with a cloud service as a third party broker as a cloud service serving a very specific interaction in restaurants and lowering risk.


It is a "design by contract". You share actual covid-19  medical testing  data, in some form, that preserves privacy, (as does everyone else at the restaurant sitting, including the employees). There is follow up and perhaps a special status for restaurants that demonstrate compliance.

"Under the new measures, restaurants, bars, gaming operations, gyms, fitness facilities and other businesses and activities will be limited to 25 percent of applicable fire code capacity, down from 50 percent. Retail stores – including grocery stores – will remain at 50 percent of capacity, with strict social distancing and additional monitoring requirements." Nevada Nov 23 for three weeks.

What if a restaurant in a casino could operate at 100% and safely, by adding the capability to leverage a restaurant based solution? They want a solution.

Friday, May 1, 2020

A rather good article by VOX on the current state of Covid-19 serological testing.  This all relates to communicating your covid status using different app architectures with varying degrees of privacy and risk due to post pandemic surveillance use.

So far Tom Hanks and Madonna are part of a growing group of people who are willing to share their test results.  How this affects social distancing and thus commerce, like eating in a restaurant or taking an uber is very much TBD.

Theoretically governors are basing their re-opening plans on hard numbers regarding new cases.

In theory. And relative to risk of additional virus spread.

Covid Cleared sees the American  public as consumers of health data related to the SARS-CoV2 virus on a general level posted by Public Health authorities based on rtPCR testing, but also individual interactions related to immunity testing. We are not yet at the stage of an immunity certificate until needed research is concluded. However we can build the architecture and apps to make it possible and should do so.

Developers can access a FHIR server via an API. End users can (eventually and even now) get tested and get that data into their medical record. Depending on the level of anonymity required, that data can be shared. In some instances a Decentralized Identity can be used and for further privacy only a Zero Knowledge attribute exchanged.

This does not rely on a centralized bio surveillance or constant (battery draining) Bluetooth connection to be present, or GPS surveillance.