Global Digital Health Certification Network FAQs

 

1. What is the WHO’s Global Digital Health Certification Network? 

The Global Digital Health Certification Network (GDHCN) is an open and interoperable digital public infrastructure that facilitates the verification and secure exchange of Verifiable Digital Health Certificates issued and utilized by GDHCN Participants. The network is operationalized through software infrastructure that enables Member States to verify the authenticity of digital health records through an interoperable trust architecture. The GDHCN follows WHO’s SMART Guidelines and the HL7 FHIR specifications for digital health records which are being increasingly adopted by countries.  

2. Will WHO have access to personal information? 

The WHO is not to have access to underlying personal data, which will continue to be the exclusive domain of GDHCN Participants. The GDHCN is intended to be operated in compliance with recognized principles related to personal data protection. The GDHCN does not enable access by WHO to any content contained within individual Verifiable Digital Health Certificates issued by GDHCN Participants. 

3. What is the purpose of the GDHCN?

The purpose of the GDHCN is to:  

1) Enhance global health security and cooperation by facilitating the utilization and exchange of Verifiable Digital Health Certificates among GDHCN Participants and other stakeholders to:  
a. Empower individuals to access their own Verifiable Digital Health Certificates in a secure and convenient way;  
b. Enable health services of GDHCN Participants to verify Verifiable Digital Health Certificates easily for the use cases defined by the relevant use cases (or Trust Domains) such as  continuity of care or travel across different settings and jurisdictions; and  
c. Help link Verifiable Digital Health Certificates to GDHCN Participants.

2) Help Eligible GDHCN Participants and GDHCN Participants comply with technical specifications and policy and regulatory standards.

3) Identify and maintain open, interoperable specifications for the core infrastructure of a Trust Network, including a Trust Network Gateway, which enables the verification of Verifiable Digital Health Certificates.

4) Identify Trust Domains that can utilize the GDHCN core infrastructure and develop specifications and requirements for each identified Trust Domain.

5) Promote innovation and learning in digital health by sharing best practices and experiences among GDHCN Participants and other stakeholders. 

4. How is the GDHCN Designed? 

The GDHCN is designed as an umbrella network encompassing multiple trust domains. A Trust Domain is defined by a set of: 

  • Use cases and content specifications related to exchange of health documents
  • Trusted services related to issuance, management, verification, revocation of health certificates  
  • Policies that apply across the set of use cases  

and allows participants to operate under a common, well-defined environment and understanding of how health documents will be used.

5. How does the GDHCN work? 

The GDHCN is a Trust Network administered by the GDHCN Secretariat and operationalized through the Trust Network Gateway and comprised of the GDHCN Participants. The GDHCN operationalizes Trust Domains approved by the GDHCN Secretariat.

Participation in the GDHCN means that a participant would voluntarily submit public keys into a directory managed by WHO. These keys are then shared in a trusted manner with other participants. The keys can be used to verify that digitally signed health credentials (e.g., immunization cards, health records) were issued by a recognized authority of a participant. 

6. What is a trust network?

A trust network is a means to authenticate the encryption public keys used by participants within a network to perform encryption services, verify digital signatures, establish secure connections between systems and otherwise make use of encryption public keys. 

7. What is meant by ‘Trust Network Gateway’ in GDHCN?

The Trust Network Gateway refers to the digital infrastructure hosted by WHO that facilitates the operation of the GDHCN. It enables secure exchange and verification of Verifiable Digital Health Certificates issued and utilized by GDHCN Participants. 

8. What is a Public Key Infrastructure in context of GDHCN?

The Public Key Infrastructure refers to a system that is used to create, manage, distribute, use, store and revoke digital certificates. In context of GDHCN, it is used to authenticate encryption public keys used by participants within the network. 

9. Who administers the GDHCN?

The GDHCN is administered by the WHO’s GDHCN Secretariat which oversees its operations including onboarding process of Eligible GDHCN Participants and acts as a trust anchor for Public Key Infrastructure. 

10. What will the GDHCN be used for?

Currently, the GDHCN is utilized only for the Digital Documentation of COVID-19 Certificates (DDCC) Trust Domain, which covers the use cases of COVID-19 Vaccine Certificates and Test Certificates. Participants can propose potential future use cases. 

11. What is meant by ‘Digital Documentation of COVID-19 Certificates (DDCC) Trust Domain’?

Trust Domains are sets of use cases operationalized by the GDHCN and utilized by GDHCN Participants subject to their respective rules, regulations and policies. The Digital Documentation of COVID-19 Certificates (DDCC) Trust Domain refers to a set of use cases operationalized by the GDHCN that covers COVID-19 Vaccine Certificates and Test Certificates for purposes of continuity of care and proof of vaccination. This trust domain, which is the initial use case of the GDHCN, supports the exchange of the EU (European Union) Digital Covid-19 Certificates (EU DCC) as well as other COVID-19 Certificate standards. This allows partners and countries to leverage a unified network for verifying digital COVID-19 certificates for vaccination and test results.

12. What is the Onboarding Process in GDHCN?

The Onboarding Process is a procedure overseen by the GDHCN Secretariat for admitting Eligible GDHCN Participants into the network. It involves verifying the identity of the participant and establishing their connection to the digital infrastructure hosted by WHO. There are two types of onboarding processes for joining the GDHCN DDCC Trust Domain: transitive trust onboarding and full onboarding. Transitive trust onboarding is a simplified process for eligible participants that have already participated in the EU DCC Trust Network. Transitive trust onboarding started in June 2023 and is running through December 2023. 

Full onboarding is a comprehensive process designed for eligible participants that have not participated in the EU DCC and started on September 30, 2023.

13. What are ‘Eligible GDHCN Participants’?

An Eligible GDHCN Participant is one of the following:

  • a WHO Member State or Associate Member, or sub-national unit thereof;
  • a State Party recognized by the International Health Regulations, or sub-national unit thereof;
  • the United Nations (UN) and other intergovernmental organizations in effective relations with WHO;
  • a fund, programme, specialized agency, or related organization within the UN system; or
  • an organization officially delegated by one of the organizations mentioned above that can abide by the GDHCN Terms of Participation and fulfils one or more of the following health service functions:
    • Public Health Agency;
    • Health Professions Education Accreditation Agency;
    • Health Services Licensing Agency; or
    • Public Health Security Agency.

14. Do Member States have to participate in the GDHCN?

No, it is a voluntary system. Member States can voluntarily apply to join the GDHCN Trust Network and participate in one or more Trust Domains. 

15. Can the GDHCN support offline use?

Yes, Member States can “cache” or save this information for “offline” use as they do not need to be online all time. 

16. How does GDHCN contribute to WHO’s global strategy on digital health?

The GDHCN contributes to WHO’s global strategy on digital health 2020-2025 by facilitating secure exchange and verification of digital health certificates, thereby enhancing global health security and cooperation.