Thursday, April 22, 2021

 

Topics to explore as this continues to develop since March of 2020 when we started exploring blockchain and PKI to do "immunity passports" to reboot the global economy and specifically tourism in a privacy by design effort that will not create additional "surveillance capitalism".  Part of the effort is about making this work practically and not be a referendum on digital identity and cryptography topics such as Decentralized Identity. Parenthetically, you can spin up a private preview of DID in an Active Directory instance in the Azure cloud that is priced at $9.00 per user to play with the technology.

This is a rapidly developing news topic and a blog post can't really keep up.  While I have a general idea how this can work using international standards, the harmonization effort is better than expected, especially if we can use PKI. PKI is the dominant security technology for the Internet. 

However the harmonization effort is in full swing to make this an economic recovery and health collaboration on an international scale. As of this moment (and entirely subject to change) even if you are fully vaccinated, there are still many travel advisories for many destinations from the U.S.  How long will vaccination immunity last, and therefore making travel plans? One thing seems clear, variants will be around, and booster shots with different tailored MRNA and thus updates to an electronic FHIR Immunization record. XML digital signatures and segmented privacy tags are a power set of standards to deal with updated data where covid-19 shots may become the equivalent of Flu shots, with updated immune responses.

I am ready to activate my IP for c=US as part of the development effort to foster economic development and have considered many approaches to do this. It is illustrative to see how various organizations are self organizing to develop requirements and where the actual information blocking is taking place that is part of the U.S. healthcare system, and addressed by 21st Century Cures.

The "passport" nomenclature or trending topic in the news has been retired in favor of "credentials' and specifically Verifiable Credentials W3C standard, digital signatures, in some instances PKI is now favored by EU and WHO as a simple to set up validation mechanism similar to what is done by the ICAO with e-passports using a Public Key Directory or PKD. 

Linux Public Health has had good coverage and discussions to lead into the topics. VCI and Mitre has created a FHIR IG. Validation of the data is an important topic with people faking their own CDC shot cards and getting arrested and fined in Airports for doing so. 

https://pahisp.org for details on the FHIR IG effort to introduce medical documentation XML digital signatures to FHIR Immunization Records that can be verified internationally.

Developer resources on covidcleared,org to boot a developer community based on ITU Open Systems, since I am a ISO developer. 

Multiple Vaccination and Covid Test documentation projects are now in play and widely covered in the news, especially the Washington Post by Diamond and other journalists.

How will this all sort out? Is the CovidCleared effort taking root to have people self-validate their vaccination status in a privacy preserving way? Various consortia seems to indicate convergence.

I am researching how the 2015 Certification criteria for EHR was applied to the EHR to IIS linkage. It looks like most state IIS should have a bi-lateral communication link with a State IIS to update the IIS or conversely update the EHR for the patient. I think I will make a request for my use case to get my EHR record updated from the IIS. I was able to upload the shot card from the patient portal but the problem remains with validation versus self reported.

States like Fla and AZ have banned Covid-19 electronic validation for commerce purposes.