Tech to Combat COVID-19

What is the Technology

The Data Privacy Lab partnered with Harvard University Health Services (HUHS) and Harvard University Information Technology to develop and assess two different systems –the HUHS Contact Tracing Option on MyDataCan and the TraceFi System– for use during the pandemic.

The HUHS Contact Tracing Option on MyDataCan

MyDataCan is an apps platform that offers you affiliated apps and web services to live a better life. Apps and services on MyDataCan put your personal information into private storage for you on MyDataCan. This information is available under your control to view, use, delete or share, as you deem appropriate. It is your information, under your control.

During the pandemic, MyDataCan includes an option for you to help keep yourself and the Harvard community safe and healthy by opting to share the last 14 days of your location information with a contact tracer from Harvard University Health Services on a need-to-know basis. Participation is optional and you can stop using the HUHS Contact Tracing option on MyDataCan at any time and still use the apps and services on MyDataCan without sharing any information with contact tracers. If you participate in the contact tracing option on MyDataCan, information is only shared with a human contact tracer if relevant and needed during the interview of a specific person who tested positive to COVID-19. The contact tracer can only retrieve the last 14 days of location information on the positive tested person and their proximate contacts. The retrieved data is covered under medical and public health confidentiality. If you do not elect to participate in the contact tracing option on MyDataCan, no information about you forwards from MyDataCan.

The HUHS Contact Tracing Option on MyDataCan offers the Harvard community many advantages. First, you don’t have to use a single approved app all the time to be COVID aware. Instead, MyDataCan makes an assortment of affiliated apps available. Some of the apps are related to COVID but most are not. When you choose to participate in contact tracing, and then elect to use any, some or all the apps on MyDataCan, you help everyone stay safe and healthy. The more time you spend using any of the apps or services, if you are participating in the contact tracing option, the better for the community. Second, there is no central repository of data available. Individual users make personal data sharing decisions on MyDataCan. Human contact tracers only receive the minimal information needed and only from those individual users who have agreed to participate. Individuals have control over their personal information on MyDataCan and can delete or privatize their information as they choose. Finally, the HUHS Contact Tracing Option allows human contact tracers to determine whether proximate contacts with a person who tested positive to COVID-19 likely led to infection. Anonymous contact tracing apps (e.g., the Apple Google GAEN apps) bypass this critical decision-making role of human contact tracers, and as a result, tend to introduce a large number of false reports that could panic or falsely alarm the community. MyDataCan puts you in control of your data and the HUHS Contact Tracing gives you the additional opportunity to share some of your information to know whether you were infected or infected others.

Data in MyDataCan is stored at Harvard’s highest online security level (Level 4). Any accesses to data beyond the person’s personal use are reviewed monthly and reported to the University Electronic Communications Policy Oversight Committee which makes public summaries. Data older than 14 days is only available in the person’s private storage for the person’s own use. A person can "privatize" information (a form of double encryption) so that those who manage the platform cannot even view their information. After the pandemic, the public health operation will end but people will be able to continue to benefit from MyDataCan’s apps, services and data sharing paradigm.

If you are on or near the campus, human contact tracers at HUHS will conduct interviews with a postive tested person to determine who else may be infected. Those interviews commence, even if you do not participate in MyDataCan or if you do participate in MyDataCan but do not elect the HUHS Contact Tracing Option. Recent studies show that without a geographical log, positive tested people recall about half of their proximate contacts. Participation in the HUHS Contact Tracing Option provides just-in-time information to human contact tracers to make sure those who opted into the program are additionally covered in cases where the positive tested person does not recall the interaction with you or may not know your identity.

The TraceFi System

Trace-Fi doesn’t use apps or require the person to do anything on their phone. It uses sensors to listen to the presence of mobile Wi-Fi devices. TraceFi runs on custom-built sensors placed in the physical environment with overt signage. As mobile devices emit signals, the sensor array measures the strength of Wi-Fi signals that emit from nearby Wi-Fi devices to estimate whether two devices are "collocated". The Centers for Disease Control and Prevention considers two people "collocated" if they are within 6ft of each other for 15 minutes or more and considers the two people as "close contacts." CDC advises contact tracers to review any event in which a person is collocated with someone who tests positive to COVID-19 to determine the likelihood that the other person became infected. TraceFi is considered to be the only technology that can use Wi-Fi to accurately determine whether two mobile devices are collocated in accordance to the CDC specification. Other technologies and apps that use bluetooth, GPS or even "Wi-Fi" do not measure collocation but instead provide crude estimates of distance that may relate to being in the same room or building.

TraceFi uses its own sensor array and does not use access points on Harvard’s Wi-Fi. An important aspect of TraceFi is the ability to opt-out. A person can opt-out of TraceFi and the sensors will not capture information from the person’s devices and the person’s devices can continue to use Harvard’s Wi-Fi. (The earliest version of TraceFi used in a limited pilot in two science labs worked differently.)

When a person tests positive to COVID-19, a human contact tracer at Harvard University Health Services can retrieve the last 14 days of the positive tested person’s appearances in areas covered by TraceFi sensor arrays. The human contact tracer can retrieve occurrences of the positive tested person in the covered area along with information on people who were collocated with the positive tested person. The contact tracer will review the events with the person to determine whether the other people were likely infected and contact them accordingly. The retrieved data is covered under medical and public health confidentiality.

TraceFi only maintains the last 14 days of information with no backups or copies made. TraceFi maintains Harvard’s highest online security level (Level 4) standards. In addition, all accesses to TraceFi data is reviewed monthly and reported to the University Electronic Communications Policy Oversight Committee which makes public summaries.

TraceFi is not currently used on campus. Before it would become active in a specific room or building on campus, community communications would occur. If TraceFi becomes active, signage will be prominently posted at entrance ways that will include opt-out instructions and an explicit end date. The termination date may be subject to review but will not be any longer than the end of the pandemic. At the conclusion, TraceFi sensors will be removed and any remaining captured data destroyed. (This is the same process followed by the limited pilot that ran in the Science Labs using the earliest version of TraceFi.)

Comparison and Relationship

The HUHS Contact Tracing Option on MyDataCan and the TraceFi System offer different ways to help the human contact tracers at Harvard University Health Services keep the community safe. Here is a quick comparison.

  • TraceFi provides collocations and close contacts, while apps on MyDataCan, with the exception of the NOVID app, can only compute proximate contacts. Collocations happen when the devices are within 6ft or less for 15 minutes or more and is the specific criteria that the Centers for Disease Control and Prevention designates as being important events for contact tracing review. Proximate contacts refer to the devices being in the same room or building; these may or may not be close contacts.

     

  • TraceFi can only work in locations where its sensor array is installed. Apps on MyDataCan can work anywhere in the world on devices that have Internet service but the HUHS Contact Tracing option is only relevant to those on or near the Harvard campus.

     

  • The person has to download and use an app affiliated with MyDataCan. The person does not have to do anything to use TraceFi.

     

  • MyDataCan is opt-in. TraceFi is opt-out.

     

  • A person can elect to get a copy of any TraceFi information captured about their devices. A copy of the person’s TraceFi information copies to their private storage on MyDataCan. The person can then view, delete or share the information as desired. In addition, a log of any access to a person’s TraceFi data can also forward to a person’s personal storage on MyDataCan so the person can provide personal oversight over the use of the person’s TraceFi information.

     

  • When a human contact tracer at Harvard University Health Services interviews a person who tested positive to COVID-19, the human contact tracer can retrieve on-campus collocations from the person’s TraceFi information. The human contact tracer can also retrieve on-campus and off-campus proximate contacts from the last 14 days of the person’s location information shared using the HUHS Contact Tracing Option on MyDataCan.