The answer, unfortunately, isn’t as straightforward as you might think.
The Covid-19 pandemic disrupted basically every aspect of “normal” life. But while things like restaurants closing and mask-wearing were obvious changes, one less obvious shift started happening behind the scenes. We’re talking about data. And, specifically, what happens to Covid-19 vaccine and testing information.
Like so many things during the pandemic, the collection, storage, and protection of this highly sensitive data isn’t very well organized. Here’s what we found out about what happens to Covid-19 testing and vaccination information — and how people can keep themselves safe both “in real life” and online.
Where is the information about my Covid vaccination stored?
The biggest question most people have about Covid data is where their vaccine information is stored. And the answer, unfortunately, isn’t as straightforward as you might think.
“If you lived in the UK, the NHS has an integrated, consolidated database of all of these results,” Charles Walton, Senior Vice President and General Manager of Identity at Avast, says. “If you live in the US, there’s not anything like that.”
Like many systems in the US, storage of vaccine information varies from state-to-state. There are 37 immunization information systems (IIS) nationwide, based on either the state or the region. They were originally designed for the Center for Disease Control (CDC) to store information about vaccines like the mumps and the measles and Walton says they’re part of a “archaic, old system.”
When the Covid-19 pandemic started, officials started scrambling to figure out where the eventual vaccine info would be kept. The conclusion was that the institution that administered the vaccine — be it the local pharmacy, physician, or even a city or town site — would keep the record and pass it on to the IIS.
“It’s all over, in the US,” Walton says. “It’s in a lot of places, but none that are really easy for people.”
In addition the IIS, the institution that provided your vaccine will also have your information. And if you choose to get a digital copy of your vaccination record — like in Apple Wallet, for example — then that company will have your information as well.
When I’m tested for Covid, where does my information go?
When it comes to protecting personal data, the best rule of thumb is to keep the group of institutions that have access to your information small and tight. But that’s not realistic for most people, who are just trying to live through this pandemic.
Covid testing is even more dispersed than vaccinations, with everything from at-home self tests to municipal sites to personal physicians to pharmacies to private companies conducting tests across the country. While this wide variety of testing sites is important for slowing down the spread of the virus, it also means that people are likely to get tested at multiple spots over the course of the pandemic.
That means people’s test results and other personal information — including insurance, in many cases — is probably in a lot of databases. While any company, health care provider, or institution that handles medical information legally has to comply with HIPAA, Walton says, there are HIPAA violations every day. And if you follow online security at all, you know that data breaches are increasingly common.
So… Not great. If you’re worried about your personal information being exposed, keep an eye on any Covid testing-related breaches. (It’s good practice to pay attention to data breaches in general, for what it’s worth.) If it turns out that your data is exposed in some way, then it’s time to keep an eye on all of your financial accounts and to lock down your credit, so no credit cards or loans can be taken out in your name.
Moving forward, consider sticking to one testing site or company, if that’s an option for you. But if it isn’t an option? Please don’t stress it too much. The most important thing right now is that everyone stays healthy.