Platform Architecture for Covid-19 Digital Passports

As iNews reports, Scotland is massively behind other countries on the implementation of digital vaccination passports.

Where many have fully digitized documents Scotland is still relying on a paper-based certificate.

Gordon Dewar, the boss of Edinburgh Airport, said asking travelers to rely on a piece of paper to prove they have had both jabs was “ridiculous” and “embarrassing”.

What is most puzzling and frustrating about this laggard status is that Scotland is actually entirely equipped with the domain expertise and vendor capabilities to easily implement a fully digital passport.

Platform Architecture

The core principle of Government as a Platform is that a common foundation makes possible multiple different services that share this capability, to avoid reinventing the wheel for repeated functions like authentication and data sharing.

With these building blocks in place developers are then freed to concentrate on building the apps that more quickly deliver real business value.

Vaccination Passports

A great example of the need for this rapid approach is ‘Covid Vaccination Passports’. Clearly there has been a requirement for a quick response to critical public health needs, and one that utilizes existing government systems so that there is a complete integrity of the data produced.

MIT asks if you will have to carry this on your phone, where it might function like an actual passport, being shown as you arrive at airports, and could also act like a work authorization at your job, or a pass to get into restaurants, bars, and shopping malls.

Highlighting the type of issues that need addressed such as a booming black market in fake test results that is diminishing trust in printed records and driving demand for cheat-proof digital documents, they define the medical and technology challenges and nature of this opportunity:

“There are a lot of players in the field, including IBMthe Commons Project, and the Covid Credentials Initiative.

They’re coming at the problem from different angles but are ultimately chasing the same goal: let people share required information about their health, while protecting other private information. Yet it’s still too early to rely on any of these for a fast and widespread solution.”

Many governments, as well as airlines and other businesses are trialing or in talks to build “health pass” apps, which let users ask participating labs and health systems to send authenticated test results and other data straight to the app, bypassing verification concerns.

Scotland’s Opportunity – A Digital Healthcare Ecosystem

To begin zeroing in on the specific opportunity for Scotland, we can first identify the core technology challenge:

Connecting any systems across borders means navigating a patchwork of languages, databases, and privacy laws.

This highlights the work of Scotland’s NDS team, who are building the ‘National Digital Platform‘, the technical architecture which ensures that key things are only done in one way across Scotland such as how people are identified and where clinical data is stored.

As they explain here, their National Clinical Data Store (NCDS) is storing vaccinations data and being made accessible to healthcare staff, via their VMT app.

“Under the bonnet, the VMT sends copies of the records of immunisations to the NCDS. For those that may be interested, this is achieved using a “FHIR API” based on the UK FHIR Core Immunisation Profile. A FHIR API is essentially an industry standard way of sharing digital health data. The NCDS can then securely share citizens’ immunisation history records to other services, again using a FHIR API.”

As we’ll explore in the upcoming and future webinars, Scotland’s opportunity is to build upon this core innovation through a collaborating community, a Digital Healthcare Ecosystem, to flesh it out in multiple directions including ways to expand user uptake and to enable new scenarios for how users interact with and update data.

This is particularly relevant when we consider the broader context of Scotland’s overall digital agenda. In their just released digital strategy, the Scottish Government describes a key objective of:

“Adopt a common approach to online identity where personal data is controlled by the individual.”

This highlights a couple of key vendor solutions:

  • Appii – Appii has developed their Health Passport, a service that verifies your identify through a selfie photo, is populated through recording your test result at one of their partner sites (eg. Lloyds Pharmacy) and provides a digital certification.
  • – is a specialist in general data sharing services and have developed a number of apps that build on this capability, including a Covid-19 solution.

What all of this highlights is the importance of the platform approach. A Covid certification service is just one of the many apps governments need to deploy, and each and every one will feature repeated requirements to verify the identity of users and share data across multiple systems.

Furthermore this should feed an innovation ecosystem, where for example the NDS National Clinical Data Store is a data set securely exposed to third party developers so that they can create new apps that leverage the data in new ways, for scenarios like Covid 19 as just one of many that will be required on an ongoing basis. Vendors like Appii and would be ideal for this type of accelerated app innovation.

Related Articles


Your email address will not be published. Required fields are marked *