Healthcare Passports – Do they need Blockchain?

From the airline industry to enterprises to friends and family, everyone wants to see things change to where we can spend time with others again.A central aspect is finding a safe and secure way to share your COVID-19 health status – The approach many are discussing is a digital ‘healthcare passport’. A lot of these approaches are promoting blockchain technology as part of ,or central to, their passport solution. 

Primary question: Is blockchain a necessary component to a healthcare passport? 

Short answer: In most of the solutions being put forward today, there is no need for blockchain technology.

As we well know, in the first few months of the COVID-19 pandemic, there was hope that once you had contracted the virus, you would be immune from future infections. There were many news articles about the possibility of mass availability of tests to show whether or not a person possessed the COVID-19 antibodies. 

Numerous initiatives quickly launched offering to provide safe and secure proof of this immunity. These were called immunity passports. Blockchain was part of several of these initiatives, and some claimed that they could be GDPR compliant. Many of them claimed that they would take advantage of blockchain technology as part of the solution to provide evidence of the integrity of the data.

Today there is little in the news about immunity or immunity testing. As a result, there is not much ongoing interest in these projects. But did they need blockchain in the first place? Or was it just another attempt to grab a headline?

There have been several attempts to use blockchain for healthcare passports.

In October, IBM announced its initiative, the Digital Health Pass. The promise of the Digital Health Pass is for organisations to put forward their criteria required for employees to return to the office – or for an airline to decide if passengers are safe to travel. The Digital Health Pass uses  IBM Blockchain Technology – but is it necessary?

In April 2020, Open University unveiled its approach to recording COVID-19 immunity. The solution uses blockchain technology and Tim Berners Lee’s concept of personal data pods (Solid

And there has been a substantial initiative from 60 self-sovereign identity firms including both Evernym and Sovrin amongst others. The collective is working to apply blockchain technology to the challenge of providing access to health data as a part of identity. 

Most recently, there is a significant push from major airlines to provide a COVID test result passport provided by CommonPass to be accepted by multiple countries. This project is probably the best use case where blockchain would be beneficial, and yet ironically, there is no mention of blockchain from any of the announcements.

The biggest issue with most of these initiatives is they are based (with the possible exception of the OpenUniversity initiative) on data being stored centrally or at least in the cloud. There will always be identity data available that will link people’s results with their identities. In most cases, the solutions are operated by a single company, organisation or government – they are all centralised.

The most prominent advantage attributed to blockchain is that data will be immutable. Any data can be verified as being tamper-free from a specific point in time.

For all of the enterprises exploring or investigating blockchain technology, this is quite telling. The primary benefit of blockchain is tamper evidence. 

To be very explicit and clear: Blockchain does not prevent tampering. Blockchain technology does not prevent data theft or access. In these cases, the only thing blockchain can provide is evidence as to whether or not the data has been tampered with / changed.

So what would need to be true for blockchain to be part of a healthcare or immunity passport solution?

But in order to address challenges of governments and big tech, most solutions will just use a database.

For blockchain to add incremental (real)  value and be critical to the success of the project (not just a headline)  would require five things:

  1. There would need to be no central authority – no one would profit from the blockchain infrastructure for the project. A non-profit entity would run it. (And the lack of profit is one of the biggest killers of blockchain projects)
  2. The solution would need to address a minimal and specific set of goals and objectives: To provide evidence of a COVID test result. There would be no identity data anywhere in the blockchain. There would be no ability for the likes of Palantir or any other big data company to mine or analyse data. The concept of de-anonymised data is a fallacy. 
  3. Entities (testing centres, hospitals, etc.) would be validated or certified before being allowed to join the network and given authority to report results. Entity information would be available to anyone for auditing and compliance.
  4. Multiple entities – preferably globally – would operate the network to distribute the data correctly and that updates to the network were consistently verified and validated before being added to the blockchain.
  5. The user experience for consumers, testing centres, airline staff, office security or anyone else querying or adding data must be seamless and straightforward. As few people as possible should ever know that blockchain is part of the solution. The best technology is invisible.

There are privacy advocates who are currently working on a solution where a consumer’s identity is verified by showing only a photo of themselves to the testing centre worker (who checks it against the person sitting in front of them). Once the identity is verified, a unique QR code is scanned, and the test applied. The result of the test is associated with the unique QR code and written to the blockchain. 

To check someone’s health or immunity status, the person shows their photo on their phone and confirms their identity. The verifier then scans the QR code and queries the blockchain and receives an immediate response.

There is no record of the individual. There is no record of the testing centre who submitted the result. There is no identity or entity information stored in the blockchain.

This type of solution satisfies the core problem statement: Provide evidence of health status for an individual without compromising privacy. 

So, yes. Blockchain could be part of a solution for healthcare passports.

And yet, it is unlikely to be widely adopted because it won’t satisfy other requirements of governments – to know identities, to track the spread of disease, to provide an evidence base for audits and more. It won’t be hugely profitable to big tech who want to charge license fees for open source software and who’d definitely want to mine big data to profile people (as they generally put profit for their shareholders ahead of social responsibility)

It is for all of those reasons, the most likely solution for these health passport offerings will be to use a centralized database. They will not really use blockchain at all – except, perhaps, to grab headlines or to attract funding. 

Get in touch with us / Twitter @igetblockchain.

Troy Norcross, Co-Founder Blockchain Rookies

Troy Norcross is an international speaker, educator and strategist on Blockchain as an enabler for transforming business models. Troy has provided blockchain training and strategy support to high street banks across Europe, Asia and India. Troy specialises in enterprise-scale business model transformation projects where Blockchain technology enables business models, strategies and efficiencies, which previously were not considered possible.

Troy is Co-Founder of Blockchain Rookies. He has a 25+ year career covering multiple market verticals including agriculture, aerospace, IT infrastructure, telecoms-media-technology (TMT), digital music, healthcare service innovation, eCommerce and most recently Blockchain business strategy for enterprises, industries and business ecosystems.

Twitter: @troy_norcross