"More and more and more people are going to be able to be vaccinated, so if we could just hang in there, do the public health measures that we're talking about, we're going to get this under control, I promise you." – Anthony Fauci, MD, Director, U.S. National Institute of Allergy and Infectious Diseases
COVID-19 has had a devastating impact on the public’s health, social and economic well-being across the globe. Health authorities have taken a variety of measures to slow the spread of the virus, including containment, a highly effective approach best demonstrated in New Zealand, control with masks, a mainstream approach in Taiwan, and control with testing, as demonstrated in South Korea. In some cases, a less popular and controversial approach of herd immunity is practiced in Brazil.
Yet, the latest record-breaking COVID-19 surge has brought the world to reckon with the increasing global case rate, along with the rising unease driven by conflicting information and confusion. This has greatly affected the ability of health authorities to impede the progression of the pandemic or to fully reopen societies. Even now as the first rounds of vaccines are rolling out and have brought a level of relief, there remains a high number of hospitalizations and deaths.
Thus, many nations and localities are taking necessary actions—with the intent of overcoming some of the misinformation and fears—to combat the rising number of cases by modernizing and enhancing the following capabilities:
These four actions, when combined with modern health information and technology solutions, can accelerate improvements in countries and across local jurisdictions to control the spread of the coronavirus and potential future health pandemics. The use of contact tracing apps, in particular, is highlighted given the roll out of COVID-19 vaccines may take months and multiple strategies must be taken to thwart the resurgent waves of COVID-19 infections.
Mobile contact tracing may soon prove elemental to the disease investigation process and preventing further outbreaks. Without the use of these modern tools, along with aggressive testing, health authorities will likely have to deal with perpetual outbreaks that rely on an individual’s ability to recount who they have been around and providing contact details for those people until there are vaccines available and appropriate for broad use among all populations.
Case investigation and contact tracing are fundamental activities that involve working with a patient (symptomatic and asymptomatic) who has been diagnosed with an infectious disease to identify and provide support to people (contacts) who may have been infected through exposure to the patient. This process prevents further transmission of disease by separating people who have (or may have) an infectious disease from people who do not. It is a core disease control measure that has been employed by public health agency personnel for decades. Case investigation and contact tracing are most effective when part of a multifaceted response to an outbreak.
– U.S. Centers for Disease Control and Prevention (CDC)
COVID-19 does not respect any borders and in recent studies, at least 40-50% of people who test positive for COVID-19 have no symptoms. And according to the CDC, “COVID-19 vaccines help our bodies develop immunity to the virus that causes COVID-19 without us having to get the illness. It typically takes a few weeks for the body to produce T-lymphocytes and B-lymphocytes after vaccination. Therefore, it is possible that a person could be infected with the virus that causes COVID-19 just before or just after vaccination and then get sick because the vaccine did not have enough time to provide protection.” So, as jurisdictions grapple with what to do with restaurants and schools when the number of cases reach a certain level and how to ensure the safety of first responders, now more than ever, mobile contact tracing along with the use of masks and expanded testing may offer the best trifecta, in partnership with other preventative measures, for keeping the COVID-19 curve flat.
In addition to taking the available vaccines, health authorities and community leaders should strongly urge and incentivize front line healthcare workers, first responders, and those highly vulnerable to the virus to take lead in leveraging contact tracing applications to quell concurrent lock downs and to bridge the gap in vaccine availability particularly during the winter flu season and holiday season, which could draw greater numbers of people together.
In the West, the consideration of contact tracing has gathered traction among health officials, yet download rates are low, usage rates appear even lower, and apps face safety and other logistical hurdles. According the MIT Review, “…contact tracing, both manual and automated, still isn’t delivering desperately needed results at scale.” Earlier this year, a Pew survey shows that people struggle to trust public health officials with their data, and are not likely to answer their phone when the caller is unknown—e.g., the local health department—among other obstacles. The wide-ranging concerns about privacy have driven multiple lawmakers to introduce legislation that would mandate data security in contact tracing apps.
U.S. policymakers introduced bicameral legislation that would forbid companies from misusing collected data; it also aims to prevent potential misuse by unrelated government agencies. Earlier this year, Sens. Maria Cantwell and Bill Cassidy put forward legislation that requires public health officials to be involved with any exposure notification systems, among other mandates. Moreover, current policy recommendations by the supporters of the Data: Elemental to Health campaign—a multiyear effort to modernize our nation’s public health data infrastructure—emphasize the need for public health and healthcare organizations to continue to garner public trust—serving as a protected neutral place for collecting, analyzing and exchanging the data. Modernizing public health tools should not generate more distrust since mobile tracing is a supplement to ongoing in-person tracing.
Recognizing the need to support public health authorities in this fight, Google and Apple have developed contact-tracing technology for their smartphones to help stop the spread of COVID-19. As a result, a growing number of governments are now monitoring their citizens’ mobile phone location data to track the spread of COVID-19 as well as to enforce both lockdown and early isolation restrictions in hotspots. However, in many places, it has also sparked serious concerns among health officials as to the accuracy and usefulness of the data reported and begs the question of who does the citizen trust? While in Japan and South Korea, the public is more comfortable with both public and private company use of tracing, in the U.S. and other Western nations the public has been slow in using the apps lessening the amount of sufficient information that could support tracing efforts and reopening of businesses.
To date, most mobile contact tracing relies on a combination of Bluetooth proximity data and GPS geolocation data, Wi-Fi location data, and triangulation using cell tower data. Currently, there are two main methods that mobile apps employ to capture information. Both approaches leverage Bluetooth signals that can identify when two people using the application on their smartphone are in the same vicinity and can in some cases send an alert to other users to warn them of their risk of getting infected.
However, the applications diverge at the point of how the data is stored and utilized. On one hand, there are developers that have created a centralized collection of anonymized data onto a remote server where health authorities can assess the data, carry out informed surveillance, and if the user is beginning to report COVID-19 symptoms, the data can be used to match other contacts (hot-spotting) and to coordinate testing along with the traditional tracing methods. This tactic best supports health authorities’ data needs that are required to carry out disease investigations and case management.
The second model of apps only stores the data on the device being used. This model gives the user complete control of their information and through the device any matches that are made with people who may have contracted the virus. This is the model promoted by Google, Apple, and an international consortium that allows the user of the application to control if and what data is shared with health authorities. By and large, this approach has mainly been utilized to track exposure and is greatly dependent on broad community participation.
Mobile apps may play a key role in the mitigation of COVID-19. Specifically, an individual who has tested positive for COVID-19 (i.e., a confirmed case) and voluntarily elects to use a mobile app to notify others of the confirmed COVID-19 status, albeit in an anonymous manner. Other individuals also may use—on a voluntary basis—the mobile app on their mobile phone. Assuming the individuals have their mobile phones with them and the contact tracing app active, the user will receive an alert if they come into contact with a confirmed COVID-19 case (e.g., within six feet, or two meters, for more than 15 minutes). The alert from the mobile app may state that the individual may wish to be tested for COVID-19 in light of the perceived exposure to the COVID-19 case.
This, of course, assumes that individuals will have the technology (such as a smartphone or other mobile technology) that is compatible with the mobile tracing app. This also assumes that either the COVID-19 case and the individual are either using the same type of mobile app or they are using apps that are interoperable with each other (such as by way of an app programming interface or otherwise). Another concern, too, is whether individuals of all demographics are willing or otherwise able to use the technology, as certain populations such as older populations and/or disabled individuals may possibly be less likely to have smartphones and may be less trusting of technology in general.
Note, while many current contact tracing apps contemplate the use of a smartphone, there are some apps that purportedly do not require smartphones and instead work on native technologies, such as Bluetooth. This also assumes that the respective location-based services technology is enabled (e.g., Bluetooth, GPS, near field communications, and/or Wi-Fi) and that the app is running on the mobile phone. Other location data such as, but not limited to, cellular tower location and IP address geolocation may also be used.
Accordingly, the specificity of location data and other types of personally identifiable data that is collected may vary, depending upon what type of information the mobile app collects and how it is used. For example, GPS location data may render a relatively accurate location. However, the GPS location data is often so accurate that it could potentially be used to track where a user is at virtually any given time, irrespective of whether or not that user may be in proximity of a COVID-19 case or not. Wi-Fi location data may indicate which Wi-Fi hotspots and/or wireless access points are nearby. Thus, GPS location data and Wi-Fi location data may be deemed to be intrusive in regard to the user’s privacy. Such surveillance may potentially infringe upon an individual’s freedom of movement.
The use of Bluetooth and near field communication can likewise provide a mechanism for surveillance. For instance, an app that leverages one or both of these technologies may then be able to determine which other mobile phones or devices a user’s phone/device has been in contact with. Even though these technologies are deemed to be less intrusive than GPS data, Bluetooth, near field communication and Wi-Fi location information may be combined with personally identifiable data such as a unique telephone number (IMEI, MEID, ESN, IMSI) which may identify the individual—this, ultimately, may be quite intrusive as well. It may be possible for the COVID-19 case and the individual user of the mobile app to not be anonymous after all, as a result of the data aggregation.
The following privacy and security questions arise in regard to the contact tracing mobile app:
And about the location data technologies:
In light of these concerns, BLE technology may be the least intrusive, when compared to other types of location data. Accordingly, if a mobile contact tracing app utilizes BLE in an intended manner and does not aggregate with it personally identifiable data (whether from the device and/or asking such information of the user), it seems that privacy concerns are mitigated.
Notwithstanding the foregoing, The National Association of Attorneys General and the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) Project emphasize that it is necessary for location data and all other personally identifiable data to be appropriately safeguarded. Whether data resides on the device or in the cloud, such data should only be retained for a limited (finite) amount of time. In certain jurisdictions, for example, the retention period may be warranted for seven days, 14 days, or 30 days. However, at the end of that time period or at the end of the COVID-19 pandemic as declared by the relevant public health authority, whichever is earlier, the location data and all other personally identifiable information should be purged from the device or other place where the data is stored, such as in the cloud. To be clear, the original data set and any and all copies should be purged. Moreover, to the extent that consent is revoked by the user, such data should be purged.
Nonetheless, no technology is necessarily secure. For example, Wi-Fi, Bluetooth and GPS signals may be intercepted by attackers since they are broadcast over the air. Attackers need to be in relative proximity to the device, though, in order for this to happen. To the extent that encryption protects such data, it is at least theoretically possible to “break” such encryption. Furthermore, location data that is stored on the device could potentially be “leaked.”
To the extent that mobile apps are made available via app stores, the providers of app stores should ideally review the mobile apps for functionality as well as meeting stringent privacy and security requirements. In terms of functionality, the apps should be reasonably reliable in notifying potentially exposed COVID-19 individuals, as well as transparently accounting for how data is used and disclosed by the mobile app.
In light of the foregoing, attention should be paid, too, to the mobile app itself and its respective components. For example, mobile apps may “leak” data to other apps on the phone or to an external source. To this end, mobile apps should be designed with privacy and security in mind. Additionally, mobile apps should ideally be scanned for vulnerabilities and regularly penetration tested. To the extent that vulnerabilities are discovered, mobile app developers should develop patches to address such vulnerabilities and such patches should be relatively easy for a user to deploy and users also need to be aware of the availability of such patch.
Summary of privacy considerations
The use of optional mobile applications with clear and transparent data sharing and privacy laws is also a step toward democratizing the disease surveillance and contact tracing process by empowering patients and the general public with the option to participate in the process of a disease investigation. When empowered and assured of the safety of their data, people are more likely to download and use tracing apps. As citizen participants in combatting the COVID-19 pandemic must also act on the recommended steps to prevent the spread of COVID-19 including testing, limiting contact by self-isolating when exposed to COVID-19 or connecting with a contact tracer at the health department for further guidance and social supports. Public service employers particularly healthcare organizations and first responders (hospitals, clinics, public safety, EMS, etc.) that require testing may also see relief with the use of apps to determine staff scheduling and the deployment of safety protocols when reopening businesses.
The U.S. Centers for Disease Control and Prevention underscores the use of contact apps varies greatly by need. “Some public health authorities may have different contact tracing challenges thus making a one-size-fits-all solution unlikely. As such the CDC had created guidance for selecting digital contact tracing tools.”
In many instances, there is not one central agency overseeing all the tracing efforts across localities or within a country. Instead, efforts are often lead by a culmination of local health authorities, nonprofit organizations, private healthcare entities, and some in some cases an academic institution. For example, in the U.S., one of the biggest programs involves New York state, New Jersey, Connecticut, Johns Hopkins Bloomberg School of Public Health, the Resolve to Save Lives Initiative, and Bloomberg Philanthropies, all of which have committed $10.5 million for a new contact tracing program. In Massachusetts, the Boston-based nonprofit Partners in Health is working with the state health department to boost contact tracing. And the San Francisco public health department has partnered with the University of California, San Francisco, and DIMAGI, a company digitizing workflow and monitoring with the CDC.
While it is too early to evaluate the direct health impacts of mobile apps during COVID-19 outbreaks, the following global examples demonstrate the different ways mobile apps are being used and some of the policy and implementation complications that pose a challenge to developers and health authorities alike.
In the U.S., one of the first states to roll out a mobile app during the early stages of the pandemic was Utah. The state approved the use of the Healthy Together app with the intent of helping the state public health workers access the information they need to understand and contain the pandemic and helping the citizens of Utah reopen.
The early version of Healthy Together only required COVID-19 data to be shared with the state public health officials. Location data is automatically deleted after 30 days and symptom data is automatically de-identified after 30 days. The early version of this app did not use the Apple and Google Bluetooth tracing technology but instead uses location/GPS data with the aim of better understanding transmission zones to give a more effective picture of how COVID-19 spreads. Utah hoped that this data would assist policymakers in arriving at the best possible decisions about how and where to relax and modify restrictions as the community and economy begin to reactivate. The app is strictly opt-in and voluntary. The user can delete it at any time and are assured that the developer will comply with state requirements for data security and encryption. And the user determines what data to share with the health authorities—for example, Bluetooth data, location data, or contact lists.
According news reports, Utah has spent $2.75 million to purchase the app and is paying a monthly maintenance fee of $300,000, which garnered scrutiny from the state legislators about the cost. As of the fall, there were only 89,537 downloads of Healthy Together in Utah, which accounts for only about 2.8% of the state's 3.2 million residents. In an article by the New York Times, Utah officials indicated three critical reasons why the use of location data sharing adoption failed, including:
Given the costs and public perception relating the lack of privacy, Utah is now pivoting to focus on functions such as relaying COVID-19 test results and digital symptom checks at schools and workplaces and now is focused on using Apple and Google Bluetooth tracing technology instead of location/GPS data. The new Healthy Together app also includes resources for users such as information on where to find nearby testing centers, view test results, and learn what to do after you’ve been tested for COVID-19, etc.
Similarly, the state of North Carolina, Department of Health and Human Services launched an app called SlowCOVIDNC. This app uses Bluetooth and requires the user, after opting-in, to receive notifications and SlowCOVIDNC generates an anonymous token for your device. The token is described as a string of random letters which changes every 10-20 minutes and is never linked to your identity or location, but is linked to date in order to protect the user’s privacy. Phones exchange these anonymous tokens every few minutes. And phones record how long they are near each other and the Bluetooth signal strength of their exchanges in order to estimate distance. So far there have been just over 100,000 people across North Carolina have downloaded the app.
Taking a parallel approach to North Carolina, the Colorado Department of Public Health and Environment (CDPHE) launched a new mobile technology in mid-October called the Exposure Notification System is a mobile service developed by teams at Google and Apple. Here again, it is emphasized that the Exposure Notifications System attends to key privacy concerns. The system doesn't track the user’s location nor does it collect or use the location from your device. An increasing number of states including Alabama, Arizona, the District of Columbia, Maryland, Nevada, North Dakota, Virginia and Wyoming are leveraging this tool with growing success. For example, 660,000 Connecticut residents have signed up to receive alerts when they come into contact with someone who tested positive for COVID-19 which represents close to 20% of the state’s population, a critical mass that may flatten the curve in the state.
As similar trend in updates and re-branding of apps in Europe also support continued progress towards reaching what could be considered a critical mass of citizens. In the United Kingdom, the National Health Service (NHS) launched a COVID-19 contact tracing app that is voluntary and leverages Apple and Google platforms to monitor social distancing. The app was designed to trace those who have been in close contact through Bluetooth signals that transmit an anonymous ID. These low-energy Bluetooth signals perform a digital "handshake" when two users come into close contact, but keep that data anonymous. If an individual later reports that they are positive for coronavirus, it will then ping a message to people who have been in close contact with them in the last 28 days based on their anonymous IDs. Users who download the app to their phone can voluntarily opt-in to record details of their symptoms when they start to feel unwell. However, due to recent complaints about bug in the system that caused false alarms, and "phantom alerts" the U.K.'s contact tracing COVID-19 app has been updated to fix these issues. As of fall 2020, more than 19 million, or approximately 40%, of adults with access to a compatible smartphone in the U.K. had downloaded the app.
In Singapore, TraceTogether is an app for community-driven contact tracing, has millions of users. Phones running this app exchange anonymous IDs stored in and encrypted on a phone. If a person tests positive for COVID-19, health authorities ask the person to give access to the TraceTogether data—a list of anonymous IDs that that person’s phone has been close to. Anonymous IDs will help contact tracers contact those at high risk of infection.
Earlier this year, the app was shown to be marginally useful—the app did not work properly when in the background on Apple’s iPhones because of the way Apple restricts the use of Bluetooth but now that Singapore has adopted the Google-Apple framework the download rates and accuracy of the data has improved. Additionally, it should be emphasized that apps like TraceTogether can still prove useful when used in combination with traditional tracing and other data sources.
The Singaporean government has taken the lessons from its initial deployment of the app and has updated it to enhance its travel protocols. According to GovTech Singapore, the app uses the registration of passport numbers for travelers and users can use an identification number barcode displayed in the app instead of their identity cards to check-in or out of the country’s SafeEntry system, which in some locations is mandatory. As of early June 2020, SafeEntry has been implemented at more than 16,000 sites island-wide including healthcare facilities, nursing homes, schools, etc. By the end of 2020, the use of the app will be mandatory at all public venues in Singapore, including restaurants, workplaces, schools and shopping malls.
Given the variety in the mobile apps that have been developed, it is important that the data shared is consistent and supports the needs of public health and other first responders in a community. HIMSS encourages coordination amongst local to global government officials, and health authorities to address existing policy barriers that may prevent the use of internet-based tools and mobile technologies for contact tracing and public health surveillance by establishing clearly written policies and procedures for the appropriate use of internet-based tools and mobile technologies, including standards to ensure confidentiality and compliance with federal, state and local laws. And while many of the apps exercise personal privacy provisions, low utilization of the apps in many countries has uncovered public concern about how their health information is used.
The issue of low utilization is complicated by the recent appropriation of the term contact tracing to apply to law enforcement investigations, which is raising serious concerns from contact tracers who fear this will make it even harder to convince the public to cooperate with their work. It has also slowed the utilization by the public given growing suspicion that the apps may be used to target those engaging in protests for police reforms across the globe. For example, in the U.S., the use of the terminology contact tracing by law enforcement in Minnesota, where police have reportedly used it to track protesters, has sparked fear among those participating that it will expose them or their loved ones to immigration and customs enforcement or criminalization, thus limiting their use of the tools.
Legislators in the U.S. recognizing the need to address the privacy concerns have drafted bipartisan legislation, the Exposure Notification Privacy Act, which seeks to ensure that people couldn't be forced to use the technology. It also would make sure that the data isn't used for advertising or commercial purposes and that people can delete their data. The bill would require that notification systems only rely on "an authorized diagnosis" that came from medical organizations. However, while the bill steps into a void left by federal agencies in the U.S., many of the proposed rules are actually already part of the policies enacted by Apple and Google. These policies provide the underlying privacy framework for a growing number of contact tracing apps and often align with the reportable disease conditions laws at the national and state-level health authorities that are currently granted access to Apple and Google’s technology but are not allowed to use it if they make the download of such a program mandatory.
In a recent interview with MIT Technology Review, Jeffrey Kahn, director of the Johns Hopkins Berman Institute of Bioethics, said that Apple and Google have already been effectively setting national policy through their decisions. These organizations have developed the protocols for a fundamental public health service given the gaps in local- and national-level legislation related to emergency response, public health surveillance and containment strategies. This is an area for which HIMSS has begun to compile policy recommendations for digital health response to the COVID-19 pandemic and for future infectious outbreaks.
The use of optional mobile apps with clear and transparent data sharing and privacy laws is also a step toward democratizing the surveillance and contact tracing process by empowering patients and the general public with the option to participate in the process of a disease investigation. When empowered and assured of the safety of their data, people are more likely to download and use the apps. Citizen participation in combatting the COVID-19 pandemic must also act on the recommended steps to prevent the spread of COVID-19 including testing, limiting contact by self-isolating when exposed to COVID-19 or connecting with a contact tracer at the health department for further guidance and social support. Public service employers, particularly healthcare organizations and first responders (hospitals, clinics, public safety, EMS, etc.), that require testing may also see relief with the use of apps to determine staff scheduling and the deployment of safety protocols when reopening businesses.
All-in-all, HIMSS maintains that governments at all levels should to immediately consider deploying mobile or digital contact tracing apps that can help expedite outbreak management and response including hot-spotting; that also support reopening of business; and that support the development of vital information at the community level, including:
Consulted or Recommended Sources
HIMSS calls on government, businesses, civil society leaders and elected officials to recognize the important role and value of health information and technology during a health emergency and to work across industries to leverage sound health data, tools of informatics and innovative solutions outlined in our Global Policy Call to Action.