As of 4/8/2020 some potential architectures have emerged for CovidCleared as a result of
requirements gathering.
The serology tests that indicate antibodies to the Sars-Cov-2 virus are being tested in various places, find out where you can get tested.
Various key public health figures have come out in support of this testing as an important step in going back to work for millions of people, and of course they want to initially test healthcare workers before the public.
My cohort are transportation workers, specifically Uber and Lyft, but also taxi and bus drivers. Essentially people in a confined environment that may be rtPCR status positive and be unaware of that status due to asymptomatic spread of the virus. They may have quarantined and are now recovered, and thus can be tested using the serology test. Failing to have antibodies indicates the person is uninfected, and thus at risk of being infected at a future date. That risk will go down as the virus stops replicating sufficiently below the rate of R naught of 1 as determined by public health authorities.
So primarily this only works for those that already tested positive and subsequently became immune and are no longer spreading the virus. Bear in mind that people are likely to spread the virus before they manifest symptoms which is why the rtPCR test is useful but insufficient.
So how to document status? There are different opinions on how to make that scale. It has to scale from the individual to the group. Some of these groups are ad hoc, like passengers on a subway.
We are a long ways from herd immunity to the virus, and have been relying on "heard" symptoms such as socially distancing from someone with a dry cough. Of any of the other tools of social distancing. This is effective until actual immunity can be demonstrated, which is the serology test.
Then that exists as a health record. Your doctor has it. You have it. And according to HIPAA, quite a few other people and agencies have it, such as National Security and Law Enforcement.
Ok, well what has Homeland Security being cooking up from a technology perspective to deal with these or similar situations? The quick answer is DID or decentralized identification. Bear in mind I think geographical units should employ X.509v3 attribute and identity certificates, which might be scaled to actual places and businesses. A business can bring up their own identity scheme. All McDonalds for example, Or all Whole Foods. They then can further identify employees, (which they have to do anyway and probably have) in order to pay them and assign jobs. They would also need to have a RFC-5755 attribute certificate which likely no one has yet. These would have to be issued by Certificate Authorities.
The most obvious security response is surveillance. This falls into pre-existing surveillance and surveillance that people are willing to help facilitate themselves.
As opposed to China we don't have Alibaba and Alipay to simply refactor with a QR code to give us a Red, Yellow, Green status at a subway entrance.
In order to meet both privacy and sharing requirements different available technologies must be used to support the process that can be deployed onto a smartphone.
So a QR code is good.
The color scheme is simple, good.
Health questionnaire, probably too much information, just the Covid test status.
Geolocation data? Maybe. This would help with contact tracing, but for the already immune it does not seem necessary. MIT has a store it on your own phone location tracking app.
Body temperature scanned at airports, etc. Why not? Although it's not sufficient it can be a referral if someone is running a fever. A contactless forehead scan before taking an Uber should not be a problem.
So much for the front end, a simple App with supported signs at public places. Or the places where one might become infected.
Now what about the backend?
You have taken the serological test in Mid April and since you contracted the virus and quarantined and recovered, you are now immune. Congratulations. How does this data get on your smartphone.
For the iPhone it can live in your wallet via Apple Health. It is exposed just like a credit card. Of course we don't want you borrowing anyone else's phone to take an Uber or ride the subway, so there must be the corresponding personal digital identifier which you must share. This does not need to be your legal name, etc. However it must uniquely belong to only you.
So the backend must take on the burden of creating a DID through an interface, and persisting that data, (in this case on a blockchain) and then getting it to your smartphone. The transmission of the actual health record is via FHIR, because one has to contact one's healthcare provider, and transfer the record onto your phone in the case of Apple. This already works.
In the Uber use case one would verify your Covid status with your driver and you would verify the driver status. Based on the results one can then accept or reject the proposed ride share. Your risk would be computed based on the public health parameters already established.
See the technical details post on ideas on how to build an infrastructure to support this and suggestions for an application.
No comments:
Post a Comment