Walmart Inc. is at the forefront among retailers in adopting technology that easily provides proof of vaccination as a type of "vaccine passport," but mobile apps that contain personal health records have raised concerns about keeping that information private.
With more than 3,800 Walmart and Sam's Club pharmacies nationwide now giving covid-19 vaccinations in 48 states, the Bentonville-based retailer is working with app developers to offer its customers standardized access to their vaccination records and other health data.
Customers can choose to install one of three available apps and create their accounts for free. Then they sign into their Walmart or Sam's Club accounts and agree to share their vaccination histories with the verification app.
The data is displayed on smartphones as a QR code that people can show as proof of vaccination when they travel, attend events or return to work or school. Any customer who doesn't have a smartphone or internet access can get a paper version of the code at a Walmart or Sam's Club pharmacy.
All three apps are available for download now, Walmart said, and they will soon be able to instantly validate Walmart vaccination credentials.
John Furner, president and chief executive officer of Walmart U.S., said in a March 17 news release that the company's goal with these apps "is to give customers vaccinated at Walmart free and secure digital access to their vaccine record to enable them to share that information with third parties seeking to confirm their vaccination status."
Furner said Walmart is the first retailer to work with the two app developers.
One of the apps is Health Pass by CLEAR, a company based in the U.S. The other two, developed by The Commons Project Foundation in Geneva, are CommonPass and, for Android devices, CommonHealth.
Both developers follow the standards of the Vaccination Credential Initiative. This global coalition of public and private organizations aims to coordinate app standards and develop guides for issuing, sharing and validating vaccination records.
Member organizations include tech companies such as Microsoft and Salesforce, along with the Mayo Clinic.
Aware of the public's concerns about the security of health information, the Vaccination Credential Initiative lists privacy as one of its key design principles. The coalition states on its website that apps based on its standards must protect the privacy of individual health data and comply with applicable data privacy regulations.
Still, health care providers that keep electronic health records are vulnerable to data breaches. For instance, The Kroger Co. supermarket chain, which offers the covid-19 vaccine at its pharmacies, topped HIPAA Journal's February 2021 Healthcare Data Breach Report. The health care records of 368,100 Kroger customers were exposed in a ransomware attack on a vendor, according to the report.
The American Medical Association recommends that health care providers educate their patients about app privacy and security. While patients assume their medical data is protected by law on apps just as it is in a hospital or doctor's office, this is not the case, according to the association's website.
There is plenty of debate around whether proof of vaccination should be made mandatory. On the federal level, White House press secretary Jen Psaki said on April 6 that the Biden administration "is not now, nor will it be, supporting a system that requires Americans to carry a credential." This leaves it up to local governments and businesses to make their own decisions.
A number of states, including Arkansas, are considering bills that would ban requiring proof of vaccination for employment, travel, education or other purposes.
The Business Roundtable, a group of chief executive officers of which Walmart CEO Doug McMillon is chairman, suggests its member companies have the flexibility to decide for themselves what is best for the safety of their employees and customers.