On April 19, everyone in the United States aged 16 and older becomes eligible for a COVID-19 vaccine appointment. After you get jabbed, you’ll receive a comically old-school 3-inch by 4-inch paper card as proof of your immunization status. You can protect that piece of cardstock by sticking it into an inexpensive badge holder* (Amazon sells a pack of 10 with a resealable zipper for $10), but that doesn’t ward off the possibility of misplacing or outright losing it.
You should have a digital copy as backup. And make it a good one: It should be clear, sharp, and easy to read. You may need it as proof of vaccination or as a way to recall appointment details when trying to replace a lost card. And because your vaccination card displays sensitive personal information that can be used for identity theft, a digital version should also be kept secure.
To achieve that, here’s what you should (and shouldn’t!) do.
*Note: Experts currently don’t recommend laminating your physical card just yet, as you may need to add annotations of future booster shots down the road.
Do: Use a good app
Smartphone photos work perfectly fine for digitizing your vaccination card. To get a good snap, take it in a well-lit area on a flat surface, preferably set against a plain, dark background. (It will make it easier to get a clean crop without cutting off too much of the edges.)
Your phone’s default camera app will work fine for taking the photograph, but to get automatic cropping, lens distortion correction, plus color and exposure correction, download and use a dedicated scanning app. Scanning apps provide the added advantage of saving files as PDFs as well. We like Adobe Scan (Android, iOS; login required) or Evernote Scannable (iOS).
You may, of course also take photos with a camera or a scanner, for greater control over how the file is stored. Free programs like GIMP (Win, MacOS) or Paint.net (Windows) can handle the image corrections necessary for a bright, clear picture.
Do: Back up this digital copy
Like paper cards, digital files can become lost. (Usually through accidental deletion.) Make a backup of your backup to save yourself potential headaches down the road.
Now, most people will simply email themselves a copy of the file to achieve this—but we recommend instead uploading the photos to a cloud service or saving them locally to your computer. Cloud storage from the big services (Google, Apple, Dropbox, Microsoft) use encryption both at rest and in transit, while local storage gives you full control over the data (including the ability to encrypt it). In contrast, email providers don’t universally encrypt email and email attachments.
If the photos on your smartphone automatically upload to a cloud storage service, you should be covered. But it doesn’t hurt to, say, also upload these particular files to Google Drive even if Google Photos has auto backups turned on. It’s easier to delete photos accidentally through the latter app. The same concept applies if you’re on an Apple device—upload to a folder in Files, even if your Camera Roll uses iCloud backups.
Don’t: Share with third-party services (yet)
Wait on uploading your scanned card to websites or apps clamoring to serve as digital vaccine record vault services. We don’t know yet how exactly vaccine cards will be used to verify immunization status, nor how quickly health care providers and the government will coordinate on creating digital vaccination databases. Given how often data breaches occur, keep this kind of personal info to yourself until it’s clear exactly what government agencies (including those that govern travel) and businesses will require for proof of vaccination, and in what format.
Do: Tighten up your accounts
If your smartphone photos automatically back up to the cloud, make sure that account is secured with a strong password at minimum. We also highly recommend enabling two-factor authentication as a second layer of login protection. It takes less than ten minutes to add both to a Google or Apple account (or any major service you use for photo backup), and keeping track of them is easy if you use a password manager (some of which have built-in 2FA token generators).
Why add on such complexity for one photo? You’re storing sensitive personal identifying information on a server. Should anyone get access to the file, they’ll only need seconds to blast it over the wider internet. That applies to your other cloud-saved files, too.
Do: Enable encryption on your phone
In addition to tightening up your accounts, the security of your phone matters as well—regardless of whether your photos back up to the cloud. Encrypting your phone’s storage protects you if you lose the device or it gets stolen.
To turn on encryption, you typically must create passcode or password for your phone. You can add a biometric method of unlocking the phone to make the security feature less of a hassle. If you already use a passcode or password on your phone, you can verify your encryption settings by going into Settings and navigating to Security > Advanced in most Android phones, and FaceID & Passcode (or TouchID & Passcode) for iPhones.