Effective as of July 1, 2021
MO/Notify allows users to send and receive notifications of a potential high-risk exposure to COVID-19, in a privacy-preserving manner. The notifications will include instructions on next steps to take.
The exposure notifications are intended to complement the conventional contact tracing efforts undertaken by local public health authorities involving contact by a caseworker.
How it Works
The mobile devices of users share anonymous keys (randomly generated strings of numbers) via Bluetooth. The only data used to accomplish notifications are the anonymous keys, Bluetooth signal strength (proximity), and date and duration of exposure. Washington University does not link these data to a user’s identity or location. Each user’s keys change frequently to further protect their identity. These data are stored only on the user’s own device and are never shared unless and until the user has a positive COVID-19 diagnosis and elects to share this information within the system. The data are stored for a period of 14 days and then automatically deleted. Once deleted the data cannot be restored.
A user who tests positive for COVID-19 may choose to notify other MO/Notify users who have been near the user. To trigger such notification, the COVID-19 positive user must enter a valid verification code provided by Washington University.
Several times a day, the app downloads a list of all the anonymous keys associated with positive COVID-19 cases that have elected to share their keys. The user’s device checks these keys against the list of keys it has encountered in the past 14 days. If there is a match, and the date, duration, and proximity align with Washington University’s risk model to indicate a possible exposure to the virus, the user will receive an exposure notification.
The notification will inform the user of the date of exposure and instructions on what to do next.
User Consent & Choices
Using the System
MO/Notify has the potential to help stop the spread of the infection and its use is highly encouraged, but it is completely voluntary.
Users may turn the system on or off at any time, or uninstall the app on an Android device. The system does not collect, track or store users’ location or GPS information.
Disabling Exposure Notifications
Users may disable MO/Notify at any time by uninstalling the app (Android), turning off the feature (iOS), turning off the mobile device, or turning off the Bluetooth function. If the user uninstalls or deactivates MO/Notify all anonymous keys described above that are currently stored on the device will be immediately deleted.
Generating Exposure Notifications to Other Users
Providing notification to other users is also completely voluntary. If a user tests positive for COVID-19, and chooses to notify others, the user must enter a positive test verification code to release the anonymous keys stored on the mobile device. The user will also be asked to enter a date of symptom onset, if applicable. If available, symptom onset date is used in the risk model to narrow down what other users should receive an exposure notification. Finally, the user is prompted to consent to alert others. When anonymous keys are released, the notifications that may be generated do not disclose the COVID-19 positive user’s identity, location, or phone number.
The exposure notification includes the date of the exposure, but the COVID-19 positive user’s identity is not shared. Sharing the exposure date is important to ensure the right precautions (such as self-quarantine) are taken for an appropriate amount of time based on the exposure date. It is possible that someone who receives an exposure notice could guess the identity of the COVID-19 positive individual, for example, if a recipient was in proximity to a small number of people on the date of the exposure.
A verification code is required to share a positive test result in the system. This ensures that only verified positive test results are used to generate exposure notifications. Verification codes may only be generated by Washington University.
Sharing of Information
The following categories of de-identified data may be processed and collected by MO/Notify:
- Installing and deleting the app (Android only)
- Enabling and disabling exposure notifications
- Receiving an exposure notification
- Entering a verification code to send anonymous keys
- Anonymous keys that have been voluntarily shared
The data may be used to monitor system usage, as well as for performance evaluation and statistical or scientific research purposes. Washington University will not use this information to identify any system user.