Saskatchewan

QR codes can be safe for vaccine certificates, if done correctly: expert

While the privacy issues with QR codes as vaccine certificates have been a 'step back,' they're still a viable option for presenting vaccine information when the time comes, if done right, David Gerhard says.

Important to test system before deployment, David Gerhard says

Anyone with a MySaskHealthRecord account will need to wait until at least next week to access the scannable QR codes. (Matthew Howard/CBC)

When the Saskatchewan government replaces the QR codes to residents' eHealth accounts following their recent privacy breach, some are hoping it will be done with more care. 

The codes were introduced as a quick way to access vaccination records and were touted as the province's chief form of vaccination certification. They were pulled from online health accounts on Friday because of privacy issues — less than a week after being released. 

As many as 19 individuals' information was found to have been displayed in other peoples' codes, according to the province.

David Gerhard, the computer science department head at the University of Regina, said this could become an issue for people who are already hesitant about using a vaccine certificate. 

But he believes that these are technologically the right solution because they're cheap and effective. 

"It's unfortunate that this problem has happened, and computer technology is messy sometimes, sometimes things don't go right, but it's important to make sure that a system like this is properly tested before it's deployed," he said. 

He's also not concerned about using the codes when they're reinstated because the information provided isn't invasive— name, birthday and vaccination information — and he thinks they're important.

David Gerhard, professor of computer science at the University of Regina, said he's not concerned with using QR codes, and believes them to be a viable way to manage vaccine information.

Gerhard said there are a few ways that the province could have implemented these codes, and isn't sure how the problem arose, but suspects that there was a human oversight. 

The province marked early next week for a second rollout of the codes.

Privacy breach a 'step backwards'

Opposition Leader Ryan Meili said this privacy fumble was another example of the province's inability to manage the pandemic.

"This is another step backwards in encouraging people to get vaccinated and to have confidence in this government being able to actually manage things including things like vaccine mandates properly," he said. 

Meili said the province has neglected to strengthen eHealth's privacy capabilities — referencing the privacy breach eHealth had in late 2019 when an Saskatchewan Health Authority employee opened an infected document allowing a virus to enter the system and gather private information. 

That led to at least 547,145 files being exposed to malware or stolen from eHealth, according to the province. 

This most recent privacy breach wouldn't deter Meili from using the same concept — scannable QR codes — to display vaccine information if he was in power. 

But he maintains if the province had introduced these sooner, they could have better prepared the codes by Oct. 1 —the date set for a provincewide proof of vaccination policy. 

For now, people will be able to access their vaccination records and print or download them via their online accounts. Anyone with previous QR codes printed or saved are advised to destroy or delete them.