In this photo illustration, Excelsior Pass app which...

Source: SOPA Images / Getty

The Biden administration and private tech companies are working to develop a standard way of handling COVID-19 related health documents. A “vaccine passport” will be a common way for American to prove they’ve been protected against the virus as the country tries to reopen. But what are the privacy concerns with the entire process?

Fortalice Solutions CEO Theresa Payton breaks down the risks associated with a universal app that will carry your personal data, including immunization records and updated COVID-19 test results.

“There are a couple of things about this that concern me,” said Payton.  “Anytime we adopt new technology like this and it has your healthcare information and it’s on your phone, I’m always concerned about what rights to privacy you’re giving up.”

The new Excelsior Pass is being tested in New York and is expected to be introduced to the rest of the country after the beta phase.  The idea behind the technology is that businesses and venues can scan and validate that someone has tested negative for COVID-19 or is fully vaccinated before allowing someone entry, reducing the chances of spreading the virus.

“If you have this pass on your phone, and it’s part of an app, that means the app is actually tracking who your contacts are or where you’re going,” Payton continued. “I have a lot more questions than I do answers.”

The COVID-19 Vaccination Pass is expected to be valid for 30 days after the pass is retrieved. After the pass expires, you can retrieve a new pass for the website provided by the specific agency designated by the federal government. But outside of the process of obtaining a pass, very little is known about how the personal data will be stored.

Yes, the pass does expire but that stack of personal information will live on a server for an undefined time period.

Listen to Theresa Payton’s expertise on the COVID passport below. Follow the former White House CIO on Twitter @TrackerPayton