You may find it hard to believe, but the pandemic that the world faces today is going to have long-lasting aftermath, and we have to learn how to deal with it. The wisdom has it that those living in constant anticipation of war are the most likely to win it. Unfortunately, the world has not been prepared to face the threat of COVID-19, and now it is the time to ready ourselves for a long-standing battle. As one of the most socially responsible IT companies in Eastern Europe, Ralabs could not have failed to contribute to the ongoing global battle with the menacing virus. Neoteric problems require revolutionary solutions, especially when it comes to developing the best telemedicine software. Ralabs’ research into the best tracing technology to be used to prevent the COVID-19 pandemic from spreading further is a must-read.
The Initiation Point
A non-profit organization from Germany that is working to stop the spread of coronavirus approached us, asking to create Europe’s 1st COVID-19 contact tracing app that could be supported by governments within the framework of preventing the virus from further expansion. Basically, we had to develop a new contact tracing process and implement it successfully in an app that was meant for launch in less than one month in Germany and Switzerland. While the European medical software developers have not made it far in incorporating telemedicine in healthcare and the medical system overload was reaching the boiling point, our engineers, led by the company’s CTO, have risen to the challenge and conducted a swift and yet efficient legal and technical research. The road that we traveled was a bumpy one, and we want to share our story with you.
Contact tracing mobile app is a relatively new milestone in the telemedicine software as its emergence has been rather forced by COVID-19 than motivated by a natural development of telemedicine services. Our ultimate mission was to help doctors, politicians, and society, in general, stop the pandemic or prevent COVID-19 from spreading further.
We understood that the first and foremost challenge that would be thrown at us would be the lack of technologies that have already proven their efficiency in situations like these. What is more, one of our client’s top requirements was developing an architecture to store location data for 10+ million users while simultaneously ensuring the protection of their data at the highest of levels possible.
When you aim at preventing the spread of a pandemic, you have to deal with four pivotal issues during the phase of research.
1. You have to scrutinize the laws that might have a direct impact on the technologies and solutions that you would like to use.
2. Proceed with choosing the protocol that you will use as it will define the very structure of your software.
3. Validate the technologies that have passed the aforementioned legal test and choose one of them and make sure that you know how to incorporate it within the project.
So, let’s start by discussing the way you have to deal with the legal barriers.
Learn the Laws and Obey
When it comes to talking about the laws, all the medical software developers know that they might infringe on your technical freedom. Make sure that you define the localization boundaries at first. Knowing the geographical borders of launching your product will help you define the legislative frames of the development process. Knowing that the marketplace for our app would be Germany and Switzerland, the first thing that we did was checking the OWASP regulations pertaining to the peculiarities of our project.
Next, there are laws guarding people’s privacy at a higher, international level of jurisprudence, and analyzing them might also become a good decision. Analyzing and interpreting databases like OWASP is the right thing to do, but when you build a telehealth app, you have to know that you stick not with recommendations but with actual laws that directly govern what you do.
Europe wanted to protect its people from an unprecedented breach of privacy, which might have led to genuinely dramatic consequences. Woodrow Hartzog, a law and computer science professor, claimed that: “Privacy and data protection are treated as human rights in Europe, where regulations restricting the way businesses collect and store personal data have been in place for years” (Curry, 2020). Pondering over the set of regulations on privacy and data protection, it did not take long before our developers and lawyers worked out that the General Data Protection Regulation (GDPR) will become the primary law regulating our activities over the course of developing the app.
Consent Is Needed: One Way or Another
When the European governments fell into the despair of helplessness in the face of COVID-19, they were ready to let the organizations track their citizens’ movements with the usage of either GPS or BLE. However, at the end of April 2020, the European Parliament has put forward a joint statement on how the process of introducing into practice any telemedicine app that is based on the contact tracing concept must take place. We made sure that our lawyers conducted decent research of the document. The conclusion that we made was obvious and yet important: anonymous identification of the users has capped the list of legal requirements.
Talking about the installation process of any tracing app, the European Data Protection Board has had its say. As a matter of fact, you have to ensure that people’s privacy is going to be treated by your company as important as their health. People cannot be forced to install your app. Hence, the best decision for you is to make sure that they have no doubts regarding the safety of their data if they choose to download it.
Finally, you have to make sure that your app is universally legal. We live in a globalized world, and any product offered to people must comply with local and global laws. Therefore, learning what the HIPPA regulations and security provisions have to say about the privacy of a patient’s data shall become a good choice for you. It is a United States’ law, and it indeed holds many useful points in terms of personal data protection. Sure enough, fighting a pandemic is a noble mission, but it still has to comply with the law. If you want to read more, namely, about the process of our legal research, check our whitepaper about the GeoHealth app.
Once the legal turmoil comes to an end, proceed with working out the protocol that you will use as the backbone of your project. Here comes a bit of obvious information which you still might find useful. We are fighting COVID-19, and our app has been created specifically for these purposes. Therefore, there is no surprise that the number of protocols that we have been choosing from was quite limited.
We researched the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) and DP-3T. Bearing in mind that a bilateral mission of preventing the spread of COVID-19 and preserving people’s privacy lay on our hands, our developers have defined the technical and legal limitations that we have been forced to work within. A long and tedious discussion followed regarding the protocol to be used in the app and finally an agreement was reached.
Our choice of the protocol was directly dependent on whether the information gathered would be processed by a centralized server or by individual clients in the network. We had to give our client the technological freedom to switch from one option to another while the app will be already in use, given that the technical requirements might shift from one ‘patient’ to another. We have chosen the PEPP-PT protocol because it was developed specifically for purposes like this. Of course, it is not flawless, and there are many things that we would have changed about it. Still, it was our best option.
Technologies: A Natural Selection
There was a choice for us to make, and given the hardware limitations of mobile devices and the infrastructure cost planning, the number of technologies that we could use to complete our mobile app was reduced to two. Efficient mobile tracing is only possible with GPS or Bluetooth, and our task was to define the best of them and start implementing the project as soon as possible.
GPS and Its Expected Failure
- It is compatible with both iOS and Android platforms.
- It does not require the involvement of additional technologies, such as Wi-Fi, 3/4/5G, etc.
Opting for BLE
- A beacon transmitter uses the BLE technology in order to send signals to other gadgets situated within its range. In plain words, beacons transmit information between smart devices, thus easing the process of location-based interaction and searching.
- Regardless of how impressive the technological abilities of a beacon are, it is outstandingly simple. The device consists of a CPU, battery, and a radio transmitter.
- Its working principle boils down to the looped broadcasting of an identifier that is being automatically picked up by the gadgets nearby; the aforementioned identifier is nothing but a unique ID number being recognized by a smartphone as a particular beacon.
- The beacons can be programmed to carry out various functions, and that is why it is quite manageable and flexible when it comes to dealing with privacy-related issues.
Why Building Such an App is Biting More than You Can Chew?
Yes, we did it! We delivered our client the product that he asked for and we managed to achieve the results that we aimed at. Talking from an idealistic point of view, building a successful contact tracing app in 2020 is still mission impossible. People are still afraid to use such apps because they think that it might be some kind of a surveillance program implemented. That is, you know that your product will be perceived by people with a bit of bias even before you launch it.
A possible breach of their personal information is what keeps people at bay when it comes to downloading an app that is meant to stop a pandemic from further expansion but might require a bit of data in order to proceed with the mission. The technologies at hand do not meet technical and privacy requirements as both Bluetooth and GPS have a lot of flaws in their essence. Still, we should also bear in mind that we can have an impact on how long the pandemic is going to last and whether we would be able to store people’s data in a due manner. Yes, the mission seemed impossible, but there was a challenge, and we met with decency.
All Things Considered
If you want to build a successful contact tracing app that can aid the health care authorities and governments in stopping the COVID-19 pandemic, you have to get ready for substantial research. Eventually, we have managed to develop a mobile app for epidemic prevention that was released on App Store and Play Store within the deadline provided by the client. Still, we made it clear for ourselves that while embarking on such a challenge, you will have to learn a tripartite volume of legal, technical, and what is more, social rules that you will have to follow. It all depends on how much grit you have to deal with this task. When the research phase was finalized, we embarked upon development. If you want to read more about this project, make sure to look at our case study about the GeoHealth app, as there you will find information about all the stages of the app’s development.
List of References
Curry, A. (2020). Will contact-tracing apps infringe on data privacy? Germany may soon find out. Retrieved 21 May 2020, from https://news.northeastern.edu/2020/04/30/mobile-apps-may-help-track-the-spread-of-covid-19-but-at-what-cost-to-data-privacy/
Greenberg, A. (2020). India’s Covid-19 Contact Tracing App Could Leak Patient Locations. Retrieved 22 May 2020, from https://www.wired.com/story/india-covid-19-contract-tracing-app-patient-location-privacy/