Vaccination for All: Trusted, Easy-to-use Covid-19 Vaccination Card for every American


The MIT Media Lab, PathCheck Foundation and IDEO have designed a COVID-19 vaccination card and protocol, as well as an accompanied digital scanner app, to encourage citizens to get vaccinated. These new tools simplify the user vaccination journey and ensure transparency and trust, from eligibility and dosing to synchronous coordination to health verification reporting of symptoms. 

Our proposed solution will enable more effective monitoring of the individual users’ vaccination status, improve privacy, promote equity, build user trust and diminish fraud. It is meant to complement and augment systems already-developed by CDC and states, including VAMS (Vaccine Administration Management System), VAERS (Vaccine Adverse Event Reporting System), Immunization Information Systems (IIS) and V-SAFE (After Vaccination  Health Checker).


Problem Statement

Notwithstanding the complicated logistics and supply coordination of the COVID-19 vaccine, the effort to vaccinate every eligible U.S. citizen faces challenges related to user experience, education and trust, effective coordination, and monitoring of outcomes.  

The centralized management of vaccination eligibility, prioritization and scheduling is cumbersome, largely because of the lack of clarity on how we decide when and whom we vaccinate. For instance, local health providers and pharmacies are struggling with verifying the identity of those eligible to take the vaccine, so that citizens do not jump the queue. Individuals are often confused as to when and where they should be receiving the first dose; and health authorities are hampered by the need to navigate disconnected health IT systems. A divergent array of approaches across states and counties and a lack of transparency and clear communication with the public and the heath providers adds to the confusion and mistrust of citizens’ in the vaccination process.

And soon enough, the authorities and the providers will be faced with additional challenges, such as coordinating between the first and second dose of vaccine, ensuring the right individuals are scheduled and eligible for a second dose, and administering the right vaccine for a second dose.


Proposed solution

MIT Media Lab’s SafePath three-layered solution intends to 1) increase vaccine uptake by improving people’s vaccination experience, ensuring that they can track and prove their eligibility status/vaccination progress at every stage, 2) enhancing the health providers’ ability to monitor and administer vaccines. Our goal is to enhance efficiency, privacy, equity and trust in the vaccine coordination process. These are the three layers of our proposed solution: 

    1. Encrypted Vaccination Card-based Solution that augments the CDC vaccination card for better efficiency, privacy and equity. It is an easy-to-use paper-based card that ensures end-to-end privacy via encrypted QR codes without the need for a mobile app. 
    2. App-based Solutions -  vaccine app and a complementary QR-code scanner app. Tech-savvy citizens will have access to  a full fledged vaccine app to keep track of their eligibility, receive alerts, maintain a vaccine record, and report symptoms without sharing personally identifiable information. 
    3. Privacy-preserving Analytics Dashboard that enables data-rich monitoring of outcomes for public  health authorities.  The aggregate analytics dashboard triangulates data inputted from either the paper cards or the apps, while preserving users’ privacy via the use of differential privacy and secure multi party computation. 

The limited supply of the vaccine created a drive towards centralization of the vaccine administration and data administration. However, vaccine centralization is a difficult, unsustainable, and unscalable solution. The Encrypted COVID-19 Vaccination Card is based on the premise of a decentralized vaccine coordination, similar to an influenza vaccination protocol, where the vaccine supply information is decoupled from vaccine administration information. In the proposed solution, no personally identifiable information is stored in one centrally aggregated database. 

  • Step 1. Everybody would receive a COVID-19 Vaccination card, called a Coupon (a first QR code) with a unique identifier (pseudo-identifier (PII)). The card could be issued by the CDC and distributed via post or through various venues (such as local health providers or employers). The digital encrypted Coupon number effectively becomes a pseudo identifier, a unique COVID-19 Vaccination number (a sort of “digital signature”). It does not disclose the name and date of birth or personally identifiable information.
  • Step 2. A physician or an employer would decide whether one is eligible for a vaccine. An individual would be issued with a Badge (a second QR code) controlling for eligibility for a first and second dose of vaccine. With those two QR Codes, one should show up at a clinic or a mass vaccination site. 
  • Step 3. After they are inoculated with both doses, citizens will receive a Status QR code that can be used for entry to public venues or facilities. When scanned, the Status QR code would provide a verifier with information regarding whether or not an individual has been vaccinated. 
  • Step 4. If further verification of identity is required, a verifier could make use of a consenting individual’s Passkey (fourth QR code) to decrypt the holder’s name. User vaccination records could be linked by an anonymized upload to a centralized system using a user’s pseudorandom identifier. The user’s Passkey, containing their encryption key that decrypts their PII, would not be uploaded to the CDC without consent. 



The QR codes would be provided in the form of the stickers put on the COVID-19 Vaccination Card. With the suggested method, citizens would have multiple levels of information they can share, beginning with vaccination status in the unencrypted Status QR code, basic personal information (i.e. name) that must be decrypted using the Passkey QR code, and finally, full personal vaccination information encrypted in the Badge.  And finally for data uploads to the CDC or data sharing, the verifiable user credentials will be used for minimum user friction. That would reduce the risk of fraud, and build trust in the system. 


A health provider would then use the QR-code scanner app to scan a vaccine recipient’s Coupon QR code, confirming an individual vaccination scheduling/check-in and preventing the use of a single Coupon by multiple individuals.  The proposed scanner app could be also used by the provider, or an employer, to create Badge and Passkey QR codes / stickers for post-vaccination. This would make use of our previously described algorithm for the secure recording of vaccine information into a Badge code/sticker, encrypted using the encryption key present in the Passkey. After generating the QR codes, the proposed scanner app would not store any information regarding a recipient’s encryption key; that information would only exist within the Passkey QR code/sticker. 

The user-facing vaccine app would mirror the paper-based experience while providing additional functionalities, such as alerts, messaging and symptom reporting.

Finally, the analytics dashboard would allow for privacy-preserving data vaccine aggregation for the authorities to monitor progress, safety and efficacy of vaccination.

The proposed Encrypted COVID-19 Vaccination Card, app-based solutions and analytics dashboard will 1) increase vaccine uptake by the population providing people with easy-to-use privacy preserving solutions, 2) enhance coordination and monitoring by reducing public health agencies’ and providers’ dependence on an integrated IT system, and 3) enable pharma and vaccine producers to monitor moderate side effects that will not be captured in VAERS for adverse reactions.


Additional Material