From pilgrim safety to policy

Malaysia's journey in adapting WHO Global Digital Health Certification Network framework for cross-border health information exchange

We live in an increasingly connected world. People travel including across borders for work, leisure, religious travels and to migrate, and our health travels with us. The COVID-19 pandemic emphasized an existing need for cross border availability and verification of health records to support health security and care continuity.

Recognizing these demands, in 2023 WHO launched the Global Digital Health Certification Network (GDHCN). The GDHCN is digital public infrastructure that could support initiatives requiring verification of health documents such as cross verification of prescriptions across borders, the International Patient Summary, and verification of vaccination certificates within and across borders. With the evolving needs of Member States, it has also evolved into a foundational infrastructure for global health data interoperability. The GDHCN is a trusted network based on a robust public key infrastructure encryption system that keeps health information secure, allowing WHO Member States to verify the authenticity of health records and certification across borders without compromising individual privacy. While WHO manages the onboarding and technical governance process of the GDHCN, supporting digital trust between countries, WHO does not have access to or hold individual health data.

Malaysia was one of the first countries to recognize the potential of the GDHCN and emerged as one of the leading countries in its use, beginning in 2024 with a very specific and human context: the annual Hajj pilgrimage. Malaysia’s journey is a narrative of national strategy, policy alignment, digital health leadership, and inclusive transformation. It offers valuable lessons for other countries seeking to adopt the GDHCN and WHO IPS standards as part of robust, patient-centered digital health ecosystems.

Strengthening national health security through digital connectivity

Digital transformation in healthcare has been a long-envisioned goal for Malaysia. The COVID-19 pandemic significantly accelerated digital health adoption in the country. But it also exposed systemic gaps with fragmented records, uneven access to data and difficulties in verifying health status for international travel. The annual Hajj pilgrimage paved a natural context for addressing these issues.

The national health app of Malaysia, MySejahtera, developed and managed by the Ministry of Health Malaysia was initially developed to manage the COVID-19 outbreak, allowing users to perform health self-assessments, monitor their health status and receive updates and information related to COVID-19. Today, MySejahtera serves as the digital front door for accessing public healthcare services. MySejahtera also eased the digitalization of several national health programs like National Immunization Program for children, the National Health Screening Initiative, Self-Assessment tools for mental health, covering areas such as anxiety, depression and suicidal thoughts.

The Hajj is the largest pilgrimage in the world, drawing almost 3 million pilgrims from over 180 countries every year. In 2023, more than 30,000 Malaysians travelled to the Kingdom of Saudi Arabia to perform the Hajj with many travelers being elderly and living with chronic conditions such as diabetes, hypertension and their complications. Ensuring they receive safe and continuous care abroad has always been a priority for the Ministry of Health Malaysia. Beyond Hajj, Malaysian Umrah travel occurs at substantially higher volumes throughout the year, further reinforcing the value of secure, verifiable cross-border health information. Overall, this highlights the operational importance of trusted verification mechanisms for large-scale travel, particularly during time-bound peak periods.

For years, travelers carried paper booklets provided by Lembaga Tabung Haji (the Malaysian Hajj pilgrims fund board) with handwritten notes and medical summaries that were difficult to verify, and the fragility of this system was further exposed during COVID-19. The idea to equip pilgrims with verifiable digital health summaries, accessible by medical officers in Saudi Arabia and globally, was born out of both urgency and vision.

Aligning vision with policy

Malaysia entered formal discussions with WHO on joining the GDHCN for aligning perfectly with its broader reforms of improving data governance, supporting UHC and linking public and private health systems under a common set of standards. The WHO GDHCN offered a standards-based infrastructure for issuing, sharing and verifying digital health certificates. The Ministry of Health Malaysia recognized the opportunity not only to solve the challenge around Hajj but also to lay the groundwork for enabling nationwide interoperability of health records using a nationwide trust network, the Malaysian Digital Health Certification Network.

Working with WHO, the health authorities of the Kingdom of Saudi Arabia and local technology partners, Malaysia set out to generate a WHO-compliant IPS for every pilgrim. The goal was straightforward: secure, consistent, medically meaningful information for each traveler which can be accessed through a quick response (QR) code. This need created what came to be known as the Hajj Health Record for Malaysian Hajj pilgrims, using a Smart Health Certificate QR on the MySejahtera application. 

Three foundational building blocks underpinned the rollout:

  1. MyVAS (Malaysia's National Vaccine Administration System), used across thousands of Malaysian health facilities for pre-Hajj health screenings and vaccination.
  2. MySejahtera (application developed by the Government of Malaysia to assist in managing the COVID-19 outbreaks in the country), enhanced and expanded to act as each pilgrim’s personal health portal.
  3. Interoperability and standards alignment was supported by using HL7 FHIR as the standard to structure the IPS payload, enabling consistent exchange for certificate issuance and verification.

It wasn’t just simple engineering, it involved policy decisions on privacy, alignment with global standards, security protocols, and the design of Malaysia’s trusted “issuer” identity on the GDHCN. The process involved months of mapping clinical data, hosting Malaysia’s issuer metadata on secure endpoints for global verification under the WHO GDHCN, verifying signatures, drafting SOPs and training healthcare workers.

Key implementation challenges went beyond software development. MOH had to deliver within a compressed timeline ahead of the Hajj season, while aligning multiple interdependent processes across clinical workflows, data standards, security requirements and operational rollout:

  1. Interoperability and standards alignment: mapping clinical data from pre-travel screening and vaccination workflows into a WHO-compliant IPS structure, using HL7 FHIR.
  2. Data quality and governance: ensuring completeness, consistency, and clear ownership of data elements across systems to support safe clinical use and trusted verification.
  3. Privacy and security: implementing appropriate safeguards for cross-border verification, including trusted issuance and signature validation.
  4. Operational readiness at scale: ensuring facilities and frontline staff could reliably generate, access, and verify records in real-world settings.

MOH overcame these challenges through an accelerated, iterative implementation approach. This work was undertaken in coordination with the broader GDHCN/Hajj ecosystem, including alignment with the Kingdom of Saudi Arabia and other participating countries (Indonesia and Oman), which included sustained clinical data mapping and rapid alignment to required WHO formats; iterative end-to-end testing (including joint sandbox testing) to validate issuance and verification flows; and establishment of a trusted “issuer” setup under the GDHCN trust framework. In parallel, MOH strengthened implementation readiness through SOP development, targeted training for healthcare workers and practical workflow refinements to support reliable field use and verification at scale.

From piloting to roll out

Malaysia had completed joint WHO–Kingdom of Saudi Arabia sandbox tests, by April 2024, and a month later, more than thirty thousand pilgrims had their IPS generated and securely stored on MySejahtera.

The tests involved issuing test IPS payloads, publishing/validating Malaysia’s issuer metadata and verifying QR code scans using GDHCN-compliant verifier applications. Travelers could view their health summary and generate a secure QR code within the app. Malaysian health officers received training to support usage in the field, while the medical officers of the Kingdom of Saudi Arabia used GDHCN compliant reader apps to scan QR codes and instantly retrieve validated medical summaries.

This process helped teams align on IPS content requirements and resolve practical issues such as data mapping consistency, verification of flow reliability and operational scanning procedures.

The real test came on the field. During the 2024 Hajj season Malaysian medical teams in the Kingdom of Saudi Arabia managed over 56,000 outpatient cases and 1,200 inpatient admissions, with close to 100 IPS scans recorded, aiding in clinical decisions in urgent situations.

Beyond these operational results, the roll out also generated practical lessons for future scale-up. A key lesson learned was that successful implementation required more than technical readiness. Early phases would have benefited from stronger provider-facing engagement, including clear communication on the purpose and clinical use of the IPS/QR workflow, simple job aids role-based training to build awareness and confidence among front line teams and participating facilities. In practice, pairing the technical roll out with structured change management and practical operational support helped reinforce consistent use in real-world settings, especially during peak periods.

Notably, the key highlight was the shift in confidence from both patients and health workers. Pilgrims who normally relied on ad-hoc summaries expressed reassurance that their data could be accessed instantly in emergencies. The Ministry of Health Malaysia acknowledged the initiative, highlighting its value in emergency care and as a model for future cross-border health security. 

Scaling the vision from pilgrims to citizens

Success during the Hajj gave Malaysia a trust-based, standards-aligned digital health exchange that could work at scale and across borders.

The digital health division in the Ministry of Health Malaysia began engaging private hospitals, insurers and tech providers to explore a national trust framework - the Malaysia Digital Health Certification Network (MDHCN).

In April 2025, Ministry of Health Malaysia convened a national workshop on the Malaysia Patient Summary, a localized evolution of the WHO IPS. It aimed to enable secure, structured data sharing across public and private health sectors, ensuring continuity of care for all Malaysians.

Three key highlights that stood out:

  • Digital health works when it starts with human needs and cultural realities.
  • Interoperability is achievable when countries commit to open standards instead of siloed systems.
  • Trust, whether it is technical, institutional and of the public, is the foundation for progress in adopting and scaling up use of digital health.

Lessons learned:

  • Change management matters as much as technology. Start early with provider engagement, role-based training, and simple job aids.
  • Trust and governance must be operationalized. Define issuer/verifier roles, validate signatures, use SOPs and data-quality controls.
  • Standards enable scale, but mapping takes time. Agree early on IPS content, then map and test data carefully for reliability and clinical usefulness.
  • Keep the workflow simple for front line teams. Focus on the key steps (generate, scan, interpret) and plan for exceptions (connectivity, scan failures, missing data).

Success story for other Member States

This project was successfully presented at the World Health Assembly in 2024. Malaysia’s journey offers a realistic road map for other countries considering GDHCN or IPS adoption:

  1. Start with a real-world problem. Identify a high-impact use case, especially one involving mobility or cross-border care.
  2. Engage with WHO on the IPS and FHIR specifications and align early with WHO standards.
  3. Build on existing national platforms instead of building everything from scratch. Leverage digital health assets like patient portals and clinic management systems.
  4. Foster multilateral collaboration. Involve international health authorities, agencies, and communities.
  5. Strengthen legal and ethical frameworks, especially around implementation of data protection, consent and digital identity safeguards.
  6. Invest in people, not just technology.Training and capacity building are as critical as technical readiness.
  7. Think beyond the pilot. Use the initial success as a stepping-stone to build national-scale digital trust networks.

Malaysia’s work with WHO to implement the GDHCN and IPS into its national health architecture demonstrates what can happen when a country combines tradition, public trust and digital innovation. What began as an effort to protect pilgrims during their most sacred journey established a blueprint for digital health cooperation and became a model for cross-border health collaboration.

Malaysia has credibly showed that digital health does not have to be abstract or intimidating. When built with purpose and respect for people’s lived experiences, it becomes a tool that strengthens national sovereignty, improves patient safety, and prepares countries for a world where health no longer stops at the border.