APHL partners with Apple, Google and Microsoft on national COVID-19 Exposure Notification server

Detailed in a blog post Friday, the project aims to develop a more comprehensive and cohesive exposure notification solution for the U.S.

Instead of storing user contact tracing keys — critical, time-sensitive information — on multiple, unlinked servers run by state agencies, APHL offers to securely compile and make that information available on a national server. Storing keys of affected users on a single database eliminates duplication and can enable notifications across state borders, the group said. Further, states and territorial agencies that integrate with APHL's proposed server would be able to more rapidly build out exposure notification apps.

The system implements Apple and Google's Exposure Notification API, which uses random device identifiers — keys — to generate temporary IDs that are sent between devices via close proximity Bluetooth communications. By swapping keys, apps integrating the Apple-Google system can track and notify users when they are exposed to others who test positive for coronavirus.

With security at the fore, the solution does not store data on central servers run by Apple or Google, but instead silos anonymized Bluetooth beacons on user devices until participants elect to share the information with an outside party. If and when a user is diagnosed with COVID-19, they can opt to upload a 14-day list of recent anonymized contacts to a distribution server, which matches beacon IDs and sends out notifications alerting those individuals that they came in close contact with a carrier of the virus. Doctors can also peruse the data, if such access is granted.

Those protections extend to the APHL initiative.

While not specifically outlined in today's announcement, APHL would likely take over the role of providing a contact distribution server, in this case for the entirety of America. Microsoft is partnering on the project to provide the national cloud-based key server based on an open source design created by Google Cloud.

"We're honored to partner with Apple, Google and Microsoft to make this groundbreaking technology accessible to state and territorial public health agencies," said Bill Whitmar, president of APHL and director of the Missouri State Public Health Laboratory. "Apps using this technology will rapidly inform users of a potential exposure to COVID-19 and provide them information they can use to protect themselves and their families."

APHL has extensive experience in connecting public health laboratories, entities and government agencies. The group's Public Health Laboratory Interoperability Project launched in 2006 as one of the first systems to allow for the exchange of standardized data between public health entities. That was followed by APHL Informatics Messaging Services, which has evolved from a one-way conveyance of critical health data to a cloud-based platform that "transports, translates, validates and hosts data for federal, state and local public health agencies," according to the post.

Exposure notification technology shows promise, though adoption needs to reach critical mass in any given population before it becomes an effective tool in staunching the coronavirus tide. So far, only a handful of countries have launched apps that integrate the API. No U.S. states have followed suit, though three — Alabama, North Dakota and South Carolina — have signaled intent to do so amid a resurgence in cases across the country.