The Cardea open source community project at Linux Foundation Public Health will take on employee and student health verification, along with drug testing, in the first stage of its post-Covid development roadmap

The focus of the Cardea Project has been on building a complete, open source, privacy-preserving solution for sharing health data, specifically Covid tests and vaccinations. With the completion and successful implementation of this system — and with Covid receding from public concern — the Cardea developer community is now turning to other health data use cases. While Cardea was optimized for Covid data, its underlying architecture is built for sharing any kind of health data where privacy is paramount.

The new development roadmap starts with the use cases that are the easiest to develop with the existing codebase: Employee and higher education health requirements.

Many different occupations, along with colleges and universities, have health certification requirements, such as proof of immunization and TB tests. Cardea provides an easy way to render these proofs as privacy-preserving and tamper-proof digital credentials that allow for consent-based sharing of specific data and for that data to expire (which is necessary where annual testing is required).

The workflow for an employee health test credential would be as follows:

  1. A laboratory or health center establishes a patient’s identity with normal identity assurance checks.
  2. The patient is tested and then evaluated as per the test procedure.
  3. The patient requests and receives their health credential containing the test result.
  4. The patient securely connects to their employer and their employer requests their lab result.
  5. The patient authorizes the sharing of the lab result and their software sends the lab test result credential.
  6. Their employer verifies the lab result and, if it meets their health requirements, issues a “cleared to work” credential.

In this scenario, two credentials are created, the first so that the lab result can be shared and authenticated by the employer, the second so that the employee can repeatedly prove their clearance to work without having to redisclose their health information to additional parties.

In the above workflow, we can replace “employee” with “student” and “employer” with “school system” or “university” in order to manage vaccination requirements. This would simplify and provide a more convenient solution for parents or adult students than the current paper-based system of tracking vaccinations. It would also provide schools and colleges with an accurate, tamper-free verifiable record. The privacy-preserving features of using a verifiable credential mean that exemptions could be verified without the student having to disclose any personal health data.

We can also manage employee drug testing in a privacy-preserving way using this workflow, although it requires an additional consent process which will be fully defined after the student and employee workflows are complete.

To learn more about how Cardea can deliver open-source, privacy-preserving solutions for sharing validated health data, please contact us through the LFPH Cardea Slack Channel, or join one of our community group meetings. You can also read more about how the underlying technology works in the Cardea white paper.