CDC, NASA seek apps to monitor employee vaccinations

CDC is looking for a vaccine passport-type service to authenticate COVID-19 vaccine data on its employees and to supply proof of recent tests for traveling agency employees, while NASA is looking for a smartphone app that would not only allow its 18,000 employees to display their vaccination status when entering a NASA facility, but also help the space agency efficiently survey, report and analyze data on the immunization status of its workforce.

vaccine passport on mobile phone (Robert Avgustin/

Federal agencies are looking to vendors for ideas on managing the implementation of the Biden administration's executive order requiring COVID-19 vaccinations for federal employees and contractors.

Under the executive order, agencies must require documentation from employees of their immunization record that includes the date of vaccine administration and the name of the health care organization providing the vaccine, according to an FAQ on That documentation can be a paper or digital record that displays the required information. 

While agencies must collect information necessary to verify that an employee is fully vaccinated, they may develop their own processes, systems, tools or applications for data collection and maintenance -- provided they allow employees to update their vaccination status and related information, per the FAQ.

The Centers for Disease Control and Prevention posted a sources sought notice on Monday seeking information from vendors about a providing electronic verification of COVID-19 vaccinations and testing for its workforce of about 25,000 employees.

CDC is looking for what is commonly described as "vaccine passport," although that term appears nowhere in the contracting documents, to verify employee vaccinations and to monitor testing on the approximately 5,000 CDC employees who travel internationally for work every year. Many of these travelers will need to provide authenticated vaccine and testing data upon arrival in certain countries.

The agency wants information on whether a vendor can integrate data from CDC personnel systems and support back-end connections with data from pharmacy chains, state immunization systems and non-public health systems as well as information on whether a vendor's product is recognized and used in the U.S. and abroad. CDC is also interested in whether a vendor will accept a U.S. government travel card for payment in transactions.

NASA is looking to mobile tech for its vaccine passport. The space agency issued a presolicitation on Sept. 21 for technologies and software that could be downloaded to a smartphone that will allow employees to display their vaccination status before entering a NASA facility. The solution must also give agency officials a way to quickly report analytics on the number of employees vaccinated, while simultaneously maintaining the privacy and security of employee data. 

Users must be able to manually input data as well as upload a photo of a proof-of-vaccination document and any booster shots. The solution must also allow for results from rapid antigen tests, including the time/date of the test and result, and alert app users to a positive test result and when a completed test is more than seven days old.

To maintain the security and privacy to the data, the app should verify the employee's identity either through biometrics or a scan of a driver’s license or other government-issued ID. Uploaded data must be encrypted and converted into a QR code or a color-coded indicator so vaccine status can be easily checked upon entering a NASA facility. 

The solution should include a reader or a downloadable smartphone application that can read the QR code in order to identify if an employee meets the criteria.

Aggregated data must be exportable to allow for reports analyzing overall employee vaccination rates, NASA said.

The request for information asks potential vendors if their solution can meet federal data requirements for storing COVID testing data, such as the Federal Information Security Modernization Act for overall cybersecurity and the Federal Risk and Authorization Management Program for cloud-service security controls.

Responses to the NASA RFI were due Sept. 24. CDC is seeking responses from vendors by Oct. 5.

Portions of this article were originally published in GCN.