Skip links

Vaccine Passports: Our Reflections on the Future of Personal Data in Healthcare

There’s already heavy debate underway on the risks and benefits of vaccine passports, with many countries seriously considering it and some countries already implementing it. If you’re not already familiar, the implementation of ‘vaccine passports’ would mean that when crossing a national border, you would have to show proof of COVID-19 vaccine inoculation. As PM Trudeau correctly pointed out many travel destinations already have vaccine-related requirements. The pressure on government entities to reopen the economy has completely altered the attitudes towards third-party access to personal & private inoculation records. The clear benefit of a vaccine passport policy is to allow more relaxed travel and economic restrictions while still limiting the spread of the virus – however, there are many risks associated with this solution.  Whether or not you are a proponent for this particular solution, the fact that the discussion itself is happening indicates something about the change of our industry – there is an insurmountable demand for personal private medical data to be accessible by larger entities to help them make decisions. That pressure has increased enough to change attitudes. Because medical data is so personal, laws and restrictions on access to this data have been incredibly strict in the past. However, as with many other industries, COVID-19 is really pushing forward acceptable uses of technology. As a medical technology start-up, NERv is on the frontier of big data in healthcare, as we’re constantly working to figure out ways to make surgeries safer using better information. To us, big data in medicine is a powerful force and an important part of the future of healthcare. However, we also recognize it as a double-edged sword and that without the proper safeguards for patients and practitioners the consequences can be serious. Because many aspects of data in healthcare are completely uncharted, US and Canadian law doesn’t cover all the ethical grey areas and so discussion is warranted to help empower healthcare providers and protect patients.

What are the risks and benefits associated with collecting identifiable personal medical information?


  1. Discrimination and Segregation As many professionals and politicians have pointed out in the example of vaccine passports, access to personal medical data can be used by decision-makers to institute a policy to create a distinction between people based on circumstances that are out of their control. No matter how well-intentioned, providing freedom to a group of individuals can be translated into denying access to anyone not in that group. But it’s not just travelling – entities could restrict employment opportunities, pricing tiers, memberships or anything that they feel should be justifiably different for specific health status. 
  2. Data is not information Decision-makers, under pressure, tend to grasp the most objective basis for making critical decisions and instituting policy – and numbers don’t lie. However, the underlying assumptions behind medical reports are absolutely critical in our industry and the standards to which we hold conclusions are extremely high. As we collect data faster and make it more readily available to those who need it, the risk of understating assumptions and making bad decisions based on weak conclusions increases, especially among non-medical professionals. In the case of vaccine passports, this becomes clear – a vaccine doesn’t guarantee immunity and hasn’t yet been proven to halt transmission.
  3. Malicious Third Parties As with any technology application, the barriers to data become lowered and the incentives increase as the volume and value of the information that is collected, stored, and communicated increases. Parties who want access to sensitive personal information in order to defraud or to cause direct harm may find it easier or more enticing to try to game the system to their benefit. Because personal medical information can be more sensitive than other information the damages that can be caused through malicious third parties can be severe, especially if personal data becomes identifiable.


  1. Better Care The first and main objective of the collection and analysis of patient data is to provide them better care. Giving physicians and other experts more information about a patient or their environment can potentially help detect, treat, and prevent problems. It can also facilitate diagnoses and treatments with more accuracy and timeliness. For example, with vaccine passports, decision-makers can help prevent the spread of disease by identifying risk. At NERv, we enable doctors to identify complications in ways that they couldn’t previously with real-time information.
  2. Lower Cost By reducing the number of people needed to collect and process data, medical institutions can treat more people on the same budget. More advanced and reliable analytics can also aid practitioners in identifying minor problems before they become prohibitively expensive. For patients, providing healthcare professionals with necessary information can become easier and done remotely, expanding the reach of existing health practices.
  3. Empower Medical Research If the collection of medical data is broad, high-quality, and continual, then it reduces the need to create dedicated studies for building a conclusion. By expanding the volume of analysis that can be conducted on secondary data, conclusions can be reached faster, on smaller budgets and be peer-reviewed more easily.
  4. Prediction and Modelling While the collection of robust data is necessary for reaching reliable conclusions, the collection of unreliable data can still be valuable to flag trends for further investigation. With more data, pattern recognition software can be used to identify the presence of an illness, a new disease, a potential treatment, or immunity that couldn’t have otherwise been recognized. Without arbitrary data collection, reliance on anecdotal trends will be the primary driver towards new hypotheses.
  5. Incentivization Medical data isn’t just valuable to medical professionals, but it’s also valuable to the patients themselves. By simply making it easier for patients to access their own health metrics, they can track progress, change behaviour, and improve their own health. Preventative healthcare has been proven to be the most desirable and most cost-effective health strategy and medical data collection can drive this field of medicine.

What safeguards need to be in place to protect patients and other stakeholders?

The best way to drive change and advancement in medicine is by developing standards and safeguards first. Reducing or eliminating the risks presented by data collection can break down the barriers to progress and allow stakeholders to establish trust in the system.
  1. Invest in Cybersecurity and Internal Control Protocols The pioneers in big data need to set the tone for the level of investment necessary to protect incredibly valuable information, larger data aggregation needs to go above and beyond the standard HIPAA policies. These entities can’t just be the industry leaders in biotech, but they also need to be the industry leaders in cybersecurity. Preventing an attack is critical because damages could expand beyond stakeholders and cripple the public’s faith in the system. Just like the Chernobyl and Fukushima events were catastrophic to investment and advancement of nuclear energy, cyber-attacks or internal vulnerabilities can halt or negate the advancements in medical data.
  2. Who has access to my info? Improving transparency and patient access to data collection and storage can provide peace of mind, but more importantly, it can allow users to act as their own safeguards in security and health. By providing detailed information such as
  • which organizations accessed the data
  • what information they have
  • what they use it for 
  • allowing them to opt-out 
will empower them to protect themselves. It will also force organizations to hold themselves to higher standards or risk losing their ability to collect and use information. Transparency standards in personal activity data like social media, browsing and purchases cannot set the tone for the way the data is used and shared in medicine.
  1. Establishing Annual Audits HHS currently conducts audits only when triggered and only in the United States. Instead of relying on government entities to legislate changes to protect people, the future of big data will require a dedicated oversight entity to create and adapt acceptable standards and practices for data. In the long term, independent third parties licensed by this international oversight entity will be necessary to maintain high standards and keep up with changes. Biotechnology changes too quickly for governments to keep up and the different rule-sets in different regions would present barriers to smaller players. By having medical data users regularly audited by an independent auditor regularly, the incentive to build strong safeguards becomes internalized or else they risk losing access. 


The main underlying risks of data usage may be reduced, but will never be completely eliminated. Because patients stand to pay the price when something goes wrong, it’s important for our industry to cooperatively represent their interests in every new use case of their data. As the healthcare industry continues to innovate, the use of personal private medical data by larger organizations will inevitably increase. However, many larger stakeholders will make the decision to use that data because of improved attitudes and increased pressure, instead of evaluating the risks and benefits. It’s critical for industry leaders to start the dialogue now, about the use of data, globally acceptable practices and patient rights. By establishing a framework now we can prevent healthcare from heading in the wrong direction and help facilitate faster advancements in innovation.

Stay connected with the latest updates

Subscribe to hear more about this topic and others