Digital health passport trials get underway
A digital health pass for travellers to document their COVID-19 test status is currently being trialled at airports.
It is hoped that the CommonPass will allow safer cross border travel by giving both travellers and governments confidence in people's COVID-19 status.
The first trials are taking place on Cathay Pacific Airways and United Airlines with select volunteers on flights between London, New York, Hong Kong and Singapore. Additional airlines with routes across Asia, Africa, the Americas, Europe and the Middle East will follow shortly after.
To use the CommonPass, travellers take a COVID-19 test at a certified lab and upload the results to their mobile phone. They then complete any additional health screening questionnaires required by the destination country.
With test results and questionnaire complete, the CommonPass confirms a traveller’s compliance with the destination country entry requirements, and generates a QR code. This code can then be scanned by airline staff and border officials, and printed for users without mobile devices.
The pass has been developed by The Commons Project Foundation, a Swiss-based non-profit company that focuses on digital services for the common good, and is backed by The World Economic Forum. United States Customs and Border Protection (CBP) and Centers for Disease Control and Prevention (CDC) are observing the trials.
In a statement, The Commons Project said that the CommonPass has been designed to protect personal data in compliance with relevant privacy regulations, including GDPR. However a study recently published in medical journal The Lancet raises several questions around the ethics of a digital passport, including stating that "steps must be taken to avoid the production of fraudulent immunity passports, and careful attention must be given to privacy concerns and information governance."
Dr. Bradley Perkins, Chief Medical Officer of The Commons Project and former Chief Strategy & Innovation Officer at the CDC said: “Without the ability to trust COVID-19 tests – and eventually vaccine records – across international borders, many countries will feel compelled to retain full travel bans and mandatory quarantines for as long as the pandemic persists.”
“With trusted individual health data, countries can implement more nuanced health screening requirements for entry.”
Christoph Wolff, Head of Mobility at the World Economic Forum, added: "Individual national responses will not be sufficient to address this global crisis. Bans, bubbles and quarantines may provide short term protection, but developed and developing nations alike need a long-term, flexible and risk-based approach like CommonPass."
Data de-identification - why it matters in healthcare
Large amounts of healthcare data is generated yet goes unused due to privacy concerns. To address this, data privacy firm TripleBlind has created Blind De-identification, a new approach that allows healthcare organisations to use patient data while eliminating the possibility of the user learning anything about the patient’s identity.
We asked Riddhiman Das, co-founder and CEO to tell us more about data de-identification.
Why is data de-identification important in healthcare?
Blind De-identification allows every attribute of any given dataset to be used, even at an individual level, while being compliant to privacy laws, rules, and regulations by default.
Governments around the world are adopting global data privacy and residency laws like GDPR, which prohibit citizens’ personally identifiable information data from leaving the borders of the country. While great for data protection, data residency laws result in global silos of inaccessible data. TripleBlind allows computations to be done on enterprise-wise global data, while enforcing data residency regulations.
In the US, HIPAA compliance has relied on what is called the Safe Harbor method, which requires removing 18 types of personal patient identifiers like names, email addresses, and medical record numbers. The Safe Harbor method can be too restrictive with the data or can leave too many indirect identifiers, which puts the patient data security at risk. Getting de-identification wrong could make an organisation liable for a costly mistake.
What does TripleBlind's solution do?
With TripleBlind, data is legally de-identified in real time with practically 0% probability of re-identification. Our solution allows analytics on data containing personally identifiable information and protected health information with zero possibility of re-identifying an individual from the dataset. This allows healthcare organisations to access more meaningful data, creating more accurate and less biased results.
For example, a healthcare drug researcher in a rural, predominantly white area, would only have patient data that would reflect their local population. With TripleBlind’s de-identification, they could more easily leverage third-party data from another healthcare facility in a more diverse region, creating a more complete data set that more accurately reflects the larger population. This has the possibility to create more accurate diagnoses and better drug results for more diverse populations.
How can healthcare organisations use this in practice?
TripleBlind is blind to all data and algorithms. That means we never take possession of customer data. We only route traffic between entities, enforce permissions, and provide audit trails. The enterprise’s data remains under their control. TripleBlind does not host, copy or control their data, algorithms or other information assets, ever.
We facilitate a connection to an encrypted version of their information assets. Our technology allows the algorithms and data to interact in an encrypted space that only exists for the duration of the operation. Organisations use their existing infrastructure, so it’s not hardware dependent.