Best practices for COVID-19 digital contact tracing: Privacy, ethics, and cooperation

Featured image

Share this article

Best Practices for COVID-19 Digital Contact Tracing: Privacy, Ethics, and Cooperation - Paubox

It is almost certain that digital contact tracing technology (DCTT) will become part of the COVID-19 response in the United States; in fact, the CDC has already weighed in on the topic.

Johns Hopkins University recently organized an expert group led by the Berman Institute of Bioethics in collaboration with the Center for Health Security to examine the ethics, law, policy, and public health implications of using digital technologies to augment manual contact tracing efforts.

Overall, the group urges a stepwise approach that prioritizes aligning new technology with public health needs and values.

You can access the full report here.  Below we will summarize the high-level findings.

Main points

Johns Hopkins’ full set of recommendations are intended to: (1) support effective and informed adoption of DCTT; (2) encourage designing flexible technologies that maximize public health while respecting privacy; (3) establish meaningful user consent; (4) promote using DCTT in an equitable and fair manner; and (5) foster transparent governance and oversight.

High-level takeaways include the following:

  • DCTT must evolve depending upon local conditions, new evidence, and changing preferences and priorities.
  • New technology should protect privacy, providing layers of additional capabilities that users may choose to activate.
  • Public health professionals and researchers need access to de-identified data to support disease research.
  • The benefits and burdens of using DCTT should affect everyone equally; new tools must not propagate social inequalities.

Categories of DCTT

Digital contact tracing technologies and platforms fall into three broad categories:

The middle-ground approach may end up providing the most adaptable and robust public health response.  Users decide how to engage with middle-ground DCTT products and how much to share with public health authorities; this allows them to decide what trade-offs they are willing to make between privacy and supporting the fight against COVID-19.

How DCTT works with manual contact tracing

DCTT can augment traditional contact tracing efforts, either by working independently alongside manual contact tracing, or by being integrated to make manual tracing faster, more thorough, and more efficient.

If DCTT works alongside manual contact tracing, individuals would download proximity tracing or exposure notification apps, receive alerts if they’ve had potential contact with another user who has COVID-19, and voluntarily self-quarantine without having contact with public health authorities or providing them with data.

It is possible that this would help to break chains of transmission and reduce the spread of coronavirus, although this has not yet been proven. It is also possible that such exposure notifications will result in high rates of false positives.

Alternatively, if DCTT is integrated into manual contact tracing efforts, people who are potential contacts of someone with COVID-19 are directly connected to public health departments.

It is uncertain whether providing public health officials with volumes of information from DCTT will actually be useful; the data is only useful if there is sufficient staff to follow up on it.  In addition, there is a risk of low-quality data flooding the system, leading to investigating false positives.

To what extent data from DCTT will benefit contact tracing efforts is unknown, pointing again to the importance of collecting more evidence about DCTT.

How Paubox can help

There are many different directions that DCTT can take; the field is still in the early stages of development, and no doubt there will be many products with different capabilities and functions.  One thing they all have in common however is the need to communicate with users.

With Americans receiving an average of 2,000 robocalls per second, this poses a problem for contact tracing efforts when people don’t answer the phone if they don’t recognize the number.

Our Paubox Email API is a great option for sending transactional emails at scale by quickly integrating our secure, HIPAA compliant solution into various applications.

In fact, a number of our customers are already using the Paubox Email API to communicate with patients about COVID-19, such as ZiphyCare whose lifesaving app sends emails containing protected health information (PHI) to patients, or Radix Health which sends email alerts prior to appointments, asking patients to reschedule if they have any COVID-19 symptoms.

SEE ALSO: How Healthcare Providers Are Reacting to COVID-19

With our HITRUST CSF certified product, patients receive HIPAA compliant emails directly to their inboxes—no passwords or portals required.  Easy to implement with clear documentation, a developer’s experience is as seamless as the email recipient’s.

We recently spoke about some of the ways that customers can use the Paubox Email API to deliver COVID-19 test results and help with contact tracing at our virtual conference, Paubox SECURE @ Home.  To view a recording of the session, which includes a demo, click here.


The primary goal of DCTT is to reduce COVID-19 transmission, but we do not yet know whether DCTT is effective, nor whether it will cause more harm than good.  This does not, however, mean that people should stop creating new tools, simply that we need more data on their effectiveness.

Product developers should monitor for any unintended consequences that might impact public health goals, personal privacy, or social inequality, and address them as necessary.

Try the Paubox Email API for FREE today.
Author Photo

About the author

Chloe Bowen

Read more by Chloe Bowen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022