Allow manual grouping of DCCs

[SoWhy]

I just got my booster shot but the doctor accidentally only used the first name and not my middle names when creating the certificate. Now I basically got two certificates in my app, one for the first two using my full name and one for the third using only my first name. There should be an option to tell the app that the newly scanned 3rd vaccination (or 2nd vaccination) belongs to the already saved certificate and is not a new person. This would also help when people change their names for other reasons or there is a typo.

---

Internal Tracking ID: EXPOSUREAPP-10871 Internal Tracking ID: EXPOSUREAPP-10935

[Ein-Tim]

This issue affects iOS & Android and should therefore be moved to the documentation repository.

[thomasaugsten]

The recommendation is to correct the certificate to your passport/id data to prevent future issue while border checks or other validations

[SoWhy]

The recommendation is to correct the certificate to your passport/id data to prevent future issue while border checks or other validations

Middle names are not necessarily required and validity will anyway always be confirmed by checking the ID/passport. Additionally, in case of name changes for example, there is no way to correct the certificate since the name was correct when the certificate was created.

The app should not lack common sense features just because another solution might be possible (which is not a given considering the way certificates are issued in Germany)

[thomasaugsten]

For example the name on a flight pass needs to fit with your name in the passport. To use your vaccination certificate in an automatic checkin/validation process the name has also match with your passport. A correct certificate is for the user more valuable than a manual merge tool to hide the issue in the app.

[larswmh]

Hi @SoWhy, thanks for your feature request. We have created an internal ticket and will raise this topic internally. Internal Tracking ID: EXPOSUREAPP-10871

---

Corona-Warn-App Open Source Team

[SoWhy]

For example the name on a flight pass needs to fit with your name in the passport. To use your vaccination certificate in an automatic checkin/validation process the name has also match with your passport. A correct certificate is for the user more valuable than a manual merge tool to hide the issue in the app.

Again, whether it's advisable is not the question here. The software should not contain multiple certificates for the same person, however this happened.

For example, if I got my first shot as Joe Doe and I married before the second shot and my legal name is now Joe Doe-Roe then my first certificate would be correct and cannot be fixed (since at that time my name was indeed Joe Doe) and my second certificate would also be correct and cannot be fixed (since at that time my name was Joe Doe-Roe). I can also verify both certificates with my passport easily because it contains my new and my birth name. Yet, the app would think Joe Doe and Joe Doe-Roe to be two different people.

@larswmh Thanks for the info!

PS: For the record, I did get my certificate fixed and have solved the problem for myself but there are still potential scenarios where such a fix is not feasible or possible as pointed out above.

[dsarkar]

@SoWhy Thanks again for reporting also pointing out the use case of a person changing its name (marriage). We have updated the internal ticket.

[skra72]

I have the same issue.

But instead of a missing middle name or a changed last name the latest certificate is missing my academic title resulting in a new certificate showing up. However, the validity check still shows it is the 3. of 3 vaccinations and that this is valid even that the other two vaccination are shown in the other certificate entry.

Shouldn't it be enough to just match forename, surname and birthday?

[SoWhy]

However, the validity check still shows it is the 3. of 3 vaccinations and that this is valid even that the other two vaccination are shown in the other certificate entry.

The number of vaccinations is encoded in the certificate afaik. It could be 19 of 43 as far as the app knows. You can see this with the other certificates that are still 1 of 2 / 2 of 2 and not 1 of 3 / 2 of 3.

Shouldn't it be enough to just match forename, surname and birthday?

Theoretically, with common names, these three could match for different people, so I would not support "fuzzy" matching

Academic titles are another use scenario I didn't think of, especially, if they were acquired between shots (and thus all certificates were created correctly)

[mlenkeit]

@skra72 could you elaborate if in the previous the certificate, the academic title was included in the first name field or last name field?

[skra72]

@skra72 could you elaborate if in the previous the certificate, the academic title was included in the first name field or last name field?

Looks like the title is part of the last name.

[skra72]

Shouldn't it be enough to just match forename, surname and birthday?

Theoretically, with common names, these three could match for different people, so I would not support "fuzzy" matching

True. But it should be very unlikely that two persons with the same name and birthday save their certificates on the same phone.

But wouldn't a more static identifier like the ID card/passport number be an option? At least future certificates could include this to match and distinguish. Of course, it is not feasible to retrofit this to all existing certificates.

Cheers!

[dsarkar]

@skra72 Thanks for the suggestion, we will forward this to the internal ticket!

[dsarkar]

@skra72 Anyway, this would not be a short-time solution, the scheme must then be changed on EU level.

[dsarkar]

Internal Tracking ID: EXPOSUREAPP-10871 Internal Tracking ID: EXPOSUREAPP-10935

[niklaswa]

Also the case when last names are written with ß or ss. For me this is the case and it's therefore also showing two entries unfortunately.

[moabits]

+1 This is an important issue

[ravotd]

This issue is important as people do continue to live trough this pandemic. I can offer how it works at a doctors office in Germany, and what problems would be solved by implementing this issue.

How it works for me as staff at a doctors office doing vaccinations against covid:

• Patients come in, we read their electronic health card
• our system takes in the name saved on this card as their name
• and then we do other stuff (getting consent, checking for acute illness, vaccinating, putting in stuff to get some money for our work from health insurance etc pp).
• After vaccinating, we put into our system a number that we vaccinated this patient against covid-19 with a well-defined vaccine and put in lot nr.
• we tell our system 'generate a QR-code for vaccination' and it generates the QR-code for this app automatically
• and we put in the Abrechnungsziffer for 'generating a covid-vaccination-qr-code using some it system' and hand the patient back their documents.

If the patient had their first shot at a vaccination centre and their name on the first QR-Code doesn't match their name on their health insurance card, we need to change their name in our system first, generate the QR-Code, and change it back again. And can't get any more money for that significantly more labor (while we do have more patients than in previous years and more need to phone with patients) - and covid-vaccinating is work on top for us to begin with (we like to do this work, but it is work nonetheless).

So, if people could say 'these 2 QR-Codes in my app on 2 People with kinda similar names and the same birthday are of the same person', then it would help reduce workload in doctors offices all over the country (I doubt we are way less organized than the other doctors offices).

Also, people do change their names. For various reasons. These people would profit off not having to request a new QR-Code for their vaccination after the name change. I do know personally of people changing their names for these reasons (there might be more!):

• Marrying, typical change would be 'Lisa Meier' -> 'Lisa Schulze'
• Dislike of a name, typical change would be 'Maximilian Tobias Meier' -> 'Tobias Maximilian Meier' (and only the first name being on the health insurance card
• divorce, typical change would be 'Hans Meier-Schulze' -> 'Hans Schulze'
• being transgender, typical change would be 'Lisa Meier' -> 'Hans Meier'

Lastly, there are European languages that are not good represented by ASCII, and people are used to replace some characters with ASCII ones, so this might also be why some people have Covid-vaccination-QR-codes with different names on them.

@thomasaugsten mentioned the name needs to match the name on official papers by 100% on some occasions. People knowing they come into such situations are not prevented by this issue being implemented to get new QR-Codes that match their offical papers by 100% when needed.

So, all in all, I kindly ask to give this issue some priority, not least to take a tiny bit of my and other healthcare workers workload off our shoulders.

[moabits]

To add to @ravotd, the implementation of the status labels (e.g. "2G") on the certificate screen make matters worse. When multiple certificates are not recognized as belonging to the same person, the app does not show the "2G+" label. This may result in discussions with checking persons (see https://github.com/corona-warn-app/cwa-wishlist/issues/763).

[vaubaehn]

The issue will become even more complicated when CovPassCheck will be able to scan multiple DCCs of the same person to validate admission rules (i.e. 2G+) in a matter of weeks.

In this context, I agree with @thomasaugsten that basic data (standardized forename, standardized surname, birthdate) must match to 100% to enable data processing systems to correctly validate certificates. Fuzzy matching or manual matching by the user would make validation impossible. Even when you allowed fuzzy matching in a way, that only at least one part of the forename and one part of the surname together with the birthdate must match, you would have falsey matchings in some edge cases (i.e., twins with some name variation: "Hans-Jürgen Schmidt, 01.01.1970" & "Hans-Heinz Schmidt, 01.01.1970" would be matched to the same person).

IMHO, the best effect may be achieved when there is a mandatory feedback-loop between data entering person (health worker, pharmacist etc) and recepient of the DCC whether entered data are correct AND correspond to formerly issued certificates. To support this feedback-loop,

• the issuing portal or other software used to enter the data should contain a hint to the health worker that it is required to let the user check that entered data is correct AND is in line with formerly issued certificates, and
• when other software is used (doctor's office), that there must be an easy possibility to alter the data (names) by the health worker to align the certificate to be issued with the formerly issued certificates, and
• the user should quickly be informed by the data entering person, that in case of name changes (marriage) or problems with matching due to differences between issued certificates, a new certificate can be re-issued in a pharmacy.

@ravotd I have the highest respect for your daily work loads, but could something like this work for you - after reading the health insurance card or before pressing on the button "generate QR code" to tell the user what names will be used for the certificate and alter it in the rare cases where it's necessary?

@timokoenig @molk-ibm Do you know if there is already such a support for a feedback-loop in the issuing portal/other connected applications to verify entered data between user/health worker? Or do you see other ways to improve the situation?

[vaubaehn]

@niklaswa wrote:

Also the case when last names are written with ß or ss. For me this is the case and it's therefore also showing two entries unfortunately.

At least this could be improved, as certificates should be matched by standardized names - and an algorithm that follows the ICAO rules should replace "ß" with "ss" automatically...

@niklaswa do you have the problem with vaccination certificates (issuance portal; responsibility IBM (or TSI???)) or with test certificates (RAT portal/Quality Assurance; responsibility TSI)?

[skra72]

Why not use the tax id or the health insurance id? That should give a reliable match regardless of the name.

[vaubaehn]

@skra72 Not possible because of data privacy - on EU level.

[timokoenig]

@ravotd I have the highest respect for your daily work loads, but could something like this work for you - after reading the health insurance card or before pressing on the button "generate QR code" to tell the user what names will be used for the certificate and alter it in the rare cases where it's necessary?

In the end the name needs to be identical with the ID card because that will be used to identify the user when checking the certificate. A quick comparison when creating a new certificate would be the first step to mitigate name issues. @vaubaehn the points that you mentioned would be a great improvement but I don't think there is any of that in place. I don't know much about the portal or other connected applications but maybe @oliver-steinbrecher or @thinkberg can help here

[skra72]

@skra72 Not possible because of data privacy - on EU level.

@vaubaehn ok. but how to solve the problem then if someone changes the surname because of marriage between two vaccinations?

[timokoenig]

@skra72 Not possible because of data privacy - on EU level.

@vaubaehn ok. but how to solve the problem then if someone changes the surname because of marriage between two vaccinations?

I would say that the person would need to reissue the first certificate

[vaubaehn]

@skra72

but how to solve the problem then if someone changes the surname because of marriage between two vaccinations?

This would need a visit to a pharmacy, to get necessary (former) certificates re-issued. Depending on admission rules (2G+) it might only be necessary for an older booster certificate (because the test certificate will be issued with the new name), or an older vaccination certificate when there is no booster yet. Did I miss one relevant use case? For booking tickets (concerts, flights...) it may be necessary for the latest certificate with old name (to match the certificate with ID data)

[oliver-steinbrecher]

Name matching is a topic and there have been many internal discussion in the CovPass Team. The major problem is that the master data included in medical systems is mainly based on the electronic health card. This card differs from the ID card with respect to the data structure. Currently the issuing process in medical offices is automated. Changing this to a manual process which picks up the ID card is not easy.

[niklaswa]

@niklaswa do you have the problem with vaccination certificates (issuance portal; responsibility IBM (or TSI???)) or with test certificates (RAT portal/Quality Assurance; responsibility TSI)?

My first two vaccination certificates I got from the pharmacy (issued via the name on my ID card, written with ß + my middle name [which is another problem]), the third certificate (booster) I got via the vaccination center in Frankfurt (issued via my health insurance card, written with ss and without my middle name...).

[SnejPro]

What about an optional feature? E.g. fuzzy or manual matching but with the option to disable it.

[GoosMcGuile]

My problem is that I have two vaccination certificates, because in the first one my name was written completely in capital letters and in the one of the booster vaccination only the initial letter. Wouldn't it make sense to merge both certificates at least in such a case?

[SoWhy]

Another thing to consider: Since the app now also contains test certificates, those are often issued without middle names and there is no way to get those fixed, so I for example now have a test certificate with a different name. Consequently, the new 2G, 2G+, 3G detection doesn't work since the app does not register the test for the same person that had the vaccination

[skra72]

Regarding privacy: wouldn't it work out to use some unique identifier (passport ID, health insirance ID or whatever stays constant) in an encrypted form so no one can read the real personal identifier from the certificate?

[SnejPro]

Regarding privacy: wouldn't it work out to use some unique identifier (passport ID, health insirance ID or whatever stays constant) in an encrypted form so no one can read the real personal identifier from the certificate?

No as they are not included in the certificates.

[ndegendogo]

IMHO, the best effect may be achieved when there is a mandatory feedback-loop between data entering person (health worker, pharmacist etc) and recepient of the DCC whether entered data are correct AND correspond to formerly issued certificates. To support this feedback-loop,

• the issuing portal or other software used to enter the data should contain a hint to the health worker that it is required to let the user check that entered data is correct AND is in line with formerly issued certificates, and
• when other software is used (doctor's office), that there must be an easy possibility to alter the data (names) by the health worker to align the certificate to be issued with the formerly issued certificates, and [...]

@vaubaehn

The crucial point here is the alignment with previous certificates if possible.

When I got my booster shot, another person was with me where exactly this happened. Said person has an academic title. His first two certificates were issued by our pharmacy, and the title is included. For the booster shot we were at our company's doctor. They checked the data on the registration form throughoutly, and matched the data with his ID papers. They even asked about the academic title, but we didn't know if it should be included or not; and neither did they. And neither of us had the idea to check his other certificates.

He got the shot, then the QR code. They urged us to import it immediately into cwa or covpass, and give them feedback if it doesn't work as expected, so they can correct data and re-issue if needed. And, yes, it was imported into cwa, and we left happily. Only back at home we noticed that it is weird, why are the first two certificates merged but not the booster, and we investigated and found out the reason (missing academic title in the booster cert).

As a user, you just don't know how it is supposed to look like, so you easily don't catch such subtle differences, even if you double-check...

[vaubaehn]

Hi @ndegendogo , thanks for your report! Imho, it underlines, how important it is, that there is a feedback-loop between health worker and recipient of the certificate. However, it also states, that a pure feedback-loop is not enough. Health workers as well as recipients currently need to know about possible problems with matching certificates in advance before issuing the certificate, and recepients better need to know, for which future application their certificates should match:

• should certificates match for booking a flight/transport or tickets for a concert? Then (first-/middle-/sur-)names/titles should exactly match like they're provided on their ID document for all necessary certificates! If your health insurance card is used and it contains different data than your ID and you got your vaccination/recovery certificate from a doctor's office, then your data need to be corrected or the certificate re-issued (via a pharmacy)! [DCC ticketing]
• should certificates match for entering a venue according to admission rules (2G+, 2G...) 'only', and for the gatekeeper controlling your ID it's obvious that you are the legitimate person, even title/middlenames differ from the certificate, then it's enough that necessary certificates are aligned by names/birthdates, no matter if they exactly correspond to ID. [admission rules]

Question is, how can the public and health workers be informed best, what to anticipate/take into account regarding matching of certificates before issuing them? A feedback-loop triggered by the electronical system (issuance portal, GEMATIK-interface, 3rd-party-interfaces) was helpful, but not enough obviously.

What we shouldn't forget: this matching problem is only crucial, where it needs 2 certificates to prove your immunization status. In all other cases, grouping of certificates inside the wallet app is 'only' a cosmetic problem, imho.

Edits: correcting the auto-correction mess from my mobile's keyboard...

[SnejPro]

I think giving advises to public health workers is a bad solution.

First of all there so many different organization that offer tests or vaccination. Second they use different software. All of them with their own limitations and configurations.

I think it's almost impossible to get everyone involved to enter the data according to the same system. Until all health workers who issue certificates have internalised this and all software solutions have been adapted accordingly, the pandemic will be over.

Therefore, the best solution would be to allow the user of the app to group certificates manually. One could restrict this so that at least the date of birth has to match. There should be no deviations here.

[vaubaehn]

Therefore, the best solution would be to allow the user of the app to group certificates manually. One could restrict this so that at least the date of birth has to match. There should be no deviations here.

When users are allowed to group certificates manually, it won't be possible anymore to prove immunization status that needs two (or more) certificates, when checking digitally in an automated way, i.e. with CovPassCheck or with validation service (DCC ticketing), because the certificates have different contents in their identifiers.

Edit: serial scanning of multiple certificates will soon be available for CovPassCheck.

[SnejPro]

When users are allowed to group certificates manually, it won't be possible anymore to prove immunization status that needs two (or more) certificates, when checking digitally in an automated way, i.e. with CovPassCheck or with validation service (DCC ticketing), because the certificates have different contents in their identifiers.

Edit: serial scanning of multiple certificates will soon be available for CovPassCheck.

But isn't grouping only a appearance feature and does not affect the certificates itself?

[vaubaehn]

@niklaswa do you have the problem with vaccination certificates (issuance portal; responsibility IBM (or TSI???)) or with test certificates (RAT portal/Quality Assurance; responsibility TSI)?

My first two vaccination certificates I got from the pharmacy (issued via the name on my ID card, written with ß + my middle name [which is another problem]), the third certificate (booster) I got via the vaccination center in Frankfurt (issued via my health insurance card, written with ss and without my middle name...).

@niklaswa So, then there are different sources of errors:

• ß vs. ss, and
• middlenames vs. no middlenames.

Regarding ß vs. ss, at least Corona-Warn-App is identifying connected certificates by their standardized names. For the standardized names, ß is translated to ss following the ICAO algorithm. Now it depends, how the standardized name is generated for the vaccination certificate. Is it entered manually (like for RAT in test centers using TSI' s RAT portal; very prone for error), or is it generated automatically? If it's generated automatically, then ß in non-standardized name field vs. ss in non-standardized name field is no problem, because both standardized fields contain 'SS' (in capital letters). @oliver-steinbrecher , do you know how the standardized name is generated currently (issuance portal or others)?

Regarding the differing presence of middlenames, that is the problem that will prevent matching in any case.

[vaubaehn]

When users are allowed to group certificates manually, it won't be possible anymore to prove immunization status that needs two (or more) certificates, when checking digitally in an automated way, i.e. with CovPassCheck or with validation service (DCC ticketing), because the certificates have different contents in their identifiers. Edit: serial scanning of multiple certificates will soon be available for CovPassCheck.

But isn't grouping only a appearance feature and does not affect the certificates itself?

Currently yes, but not for long anymore: You know that admission rules like 2G+ sometimes need two certificates to be presented: vaccination 2/2 + test certificate. Upcoming release of CovPassCheck will allow serial scanning of multiple certificates per user - and these need to be matched by their identifiers (name/birthdate). Also, when for DCC ticketing two certificates will be necessary (e.g, to book a flight) these certificates need to be matched correctly. DCC ticketing seems to be in final audits currently.

I don't know if other cases exist, where it will be necessary to line up a sequence of certificates to prove a certain immunization status (e.g., vaccinated-vaccinated-recovered = boostered), so we should take care of correct matching right from the beginning.

[vaubaehn]

My problem is that I have two vaccination certificates, because in the first one my name was written completely in capital letters and in the one of the booster vaccination only the initial letter. Wouldn't it make sense to merge both certificates at least in such a case?

@GoosMcGuile This shouldn't happen: like written above, certificates are matched via their standardized names, and these are all in capital letters. So there is either another yet unrecognized difference, or... The standardized names need to be entered manually?! In case yes, that could be improved for sure...

[vaubaehn]

Another thing to consider: Since the app now also contains test certificates, those are often issued without middle names and there is no way to get those fixed, so I for example now have a test certificate with a different name. Consequently, the new 2G, 2G+, 3G detection doesn't work since the app does not register the test for the same person that had the vaccination

@SoWhy Probably with some effort there can be solutions:

• when you're usually taking Rapid Antigen tests, then you might either create a RAT profile in CWA that can be scanned in the test center and (not) contain middlenames at your wish, or you ask the staff in the test center to set/leave out middlenames how you need it.
• when you're taking PCR in the doctor's office, then you'll probably need to hand out your health insurance card. In this case, it may make sense to get your vaccination certificates re-issued in a pharmacy in line with your health insurance card data.

In the end, this work with re-issuing will only need to be done once.

[ndegendogo]

ß vs. ss

... and all sorts of umlauts and accents on letters are a source for misalignment

[ndegendogo]

when you're taking PCR in the doctor's office, then you'll probably need to hand out your health insurance card

Well ... I know somebody where the name matches on all his documents, including his health insurance card ... with the exception of his birth certificate and his passport / ID card 🙈

And my mother has her second (middle) name as main name (Rufname). On all her documents she uses only that name. With the exception of the fiscal authorities, they use her first name only. 🙈 On her passport, both names are given (and the middle name is underlined).

[ndegendogo]

...its not so easy ...

[vaubaehn]

ß vs. ss

... and all sorts of umlauts and accents on letters are a source for misalignment

This is why we need automated ICAO transformation everywhere, be it

• RAT (quicktest) portal (@ascheibal !) or
• issuance portal (and other applications) for vaccination/recovery DCCs (@oliver-steinbrecher ).

[ravotd]

Certificates not matching the Personalausweis is only in some kinda rare cases a problem. If you go to a local event (or the barber or such), the person checking your certificate will most likely approve if there is some hickup with non-ascii-letters, missing middle names, missing second family name (there are people living in Germany with two family names separated by a space), Changing ones name might turn problematic at these 'common certificate checkings', but even doable with an accompanying document. For high-profile certificate checkings, it might be needed to have certificates 100% match the name on the Personalausweis (maybe someone working at an airport reads and can chime in how this is handled).

I would propose a feature to group certificates on persons with the same date of birth (maybe some sanity-check like 'have at least 2 weeks between any two vaccinations') - and the option to turn this grouping off temporary. In grouped view the name shown should be the one of the latest certificate so that name changes before that certificate got issued are considered.

Then, people can use the grouped view for their daily life and for mitigating issues with different certificates and name changes and stuff. And if people need to travel or such, they can get matching certificates from a pharmacy or the doctor who vaccinated them and use the ungrouped view.

If the CovCheck App checks all certificates for one person, this grouping would not effect the CovCheck App in any way but making it a bit more common for the first few certificates not to match the name of the last certificate 100%.

Asking each person issuing the certificates to match them 100% with the Personalausweis won't work because (as @SnejPro mentioned) there are quite a few Praxisverwaltungssysteme, the pharmacys use some webinterface (I think, don't know exactly) and people working in healthcare are human and thus prone to errors.

The issue I see underrepresented here is people changing their name between two shots, that does happen.

[vaubaehn]

@oliver-steinbrecher @molk-ibm Are there any (parts of) data always same for ID AND health insurance card? We still have >30 alphanumerical chars for the UVCI field left... If we hashed this overlapping data and inserted it into the UVCI, we had an identifier that could be used for matching. What do you think?

[ravotd]

As far as I know, health insurance card only holds name (but not standardized if all middle names are present, not even for one health insurance company), date of birth, gender, adress, number of health insurance company, customer number of health insurance, and status. Status is one of {Mitglied, Familienangehöriger, Rentner}. But there are people being vaccinated who didn't present a health insurance card also. These persons are being entered manually into the Praxisverwaltungssystem - and it's even less standardized how their name is being entered. The most of these persons are privately insured patients, but some other groups too (like soldiers, police officers etc pp...). So, no, there is no common UID for health insurance and Personalausweis.