Data save quick test integration

[raceface2nd]

I've seen in the code of the quick test frontend and in some discussions that personal data of tested people might be processed.

Following the data saving idea of the CWA I am wondering why this might be planned.

Our company dived deeply into the processes of quick test handling and with the free of charge people's testing I feel that there is no real demand for collecting the personal data before testing.

Suggestion

• Personal data should only processed within a save storage and encrypted with a personal app key within the app on the mobile device.
• when the user wants to have a quick test she/ he requests a unique token generated by some core component. This token is linked to the device and has a life time of max than 24hrs
• the app wraps this token into a QR code
• the user presents the QR code at the test center where it will be scanned into the frontend or some other system which has API access to the quick test backend
• the token within the QR code will then validated by the core component that has created the token and returns a true
• now either the quick test backend or some other documentation system initialized a test run
• when the result is ready the onsite personnel enters the result
• if the result is invalid a new test run will be initialized
• if the result is negative the dataset of the test run will be provided to the backend and then to the result server component
• the result server component pushes the dataset to the users device as well
• if the result is positive the quick test backend files a case at the result server and the core components
• each dataset provided by the quick test component or an external system contains the token, the result, the bfarm id of the test, a serial number of the test (we combined these two data in QR codes we are stickering onto the test cassette) , an id of the test center and a timestamp of the moment the test run has been initialized -> these values should be stored at the test result server and on the device. The app should process these data human readable (if I did not oversaw something at least the CWA components do have access to the data e.g. name and address of the test center which needs to run through an onboarding process as far as I know
• the core component pushes a flag to the users device when it receives the positive result to start the data collection
• the app on the devices alerts the user, informs about the result, asks the user to make an appointment in a test center or at the doctor for a PCR test (many test centers provide the PCR tests as well to support the health care authorities)
• all information about a negative test then can be displayed on users request for presenting at theaters, concerts, gyms, and so on
• after 24hrs later compared to the time stamp of the dataset the dataset is flushed from the users device -> 48hrs like everybody is talking is a too high risk for people as the test is a snapshot of the moment when the sample is taken -> people often ignore that some test producers only guarantee a validity of 6hrs which also depends on the individual situation. But if the individuum has been infected a few days prior to the test the the patient can be an infectious spreader the day after. In any case a false feeling of security over more than 24hrs has to be prevented. Otherwise the infection rates will never descend
• the user is also been asked to provide some personal data like name, address, dob, email and mobile number into the app if not already done.
• if the user has entered the personal data already earlier he is been asked to agree in submission to the local responsible health care authorities (if the user is not in the home area the local and the home area health care might be informed by the CWA system about the case)
• when sormas of the health care confirmed the receive of the data set the data will be flushed in the CWA environment except the token and still stays encrypted on the device
• within this process of submitting the personal data to the health care a new token is generated by the core components
• if the user makes the PCR test at a test center which is connected to the CWA system again a QR code with this token is the unique identifyer for the test
• if possible the laboratory which performs the PCR then assigns the result to this unique token
• the test result server component then drops this result to sormas for providing it to the health care authorities and to the users device
• if the test is positive the health care authorities overtake the case and takes care of the patient

I will attach a draft of this kind of data processing concept which I prepared a while ago within an internal project to process quick test data while mass testing at events.

In my opinion this concept addresses and respects the data saving idea of the CWA and brings the chance to enhance the acceptance at the people as they then see a usage. If testing services at work also provide the test results to the CWA the user can benefit of a testing at work by displaying the neg result to the hair dressers or to the gym the same day. As many of the test centers are swapping to quick test kits now which can take the sample in the front area of the nose the acceptance of testing is rising. The PCR sample has still to be taken from the throath as far as I know.

I strongly believe that with the venue checkin and quick test result adoption 2 very important pieces are added to the puzzle. Together with immunization and responsive behavior even converts might be possible in summer.

This brings me to another point. We do have requests from various concert organizers to support them with hygiene and testing concepts at demonstrator concerts. These organizers are in close contact with the authorities and ministries which support and evaluate these demonstrator events. It would be great if we would have the chance to integrate the CWA with quick test handling and venue checking into our concepts. First event will be the Bundesgartenschau in Erfurt which starts in about 2 weeks. More demonstrator events then are in discussion with the authorities in Saxony and Thuringia like every two weeks until mirth of June. CWA integrated into these events can either provide a perspective to the event industry or facing event industry with validated bad reality information. Independent which case it will be everybody gets very important information.

20210307_360x-Presentation_quick-e.PDF

---

Internal Tracking ID: EXPOSUREAPP-6369

[dsarkar]

@raceface2nd Thanks for the contribution.

---

Corona-Warn-App Open Source Team Internal Tracking ID: EXPOSUREAPP-6369

[dsarkar]

@raceface2nd Your suggestions are looked at internally. Best wishes, DS

---

Corona-Warn-App Open Source Team

[raceface2nd]

@dsarkar I forgot to point one thing out in my description. In our concept we had the idea that after scanning the QR code the user data should be presented like a digital business card to give the test center agent the chance to double check with an id that person and app user are identical. This prevents 2 points

1. It can be assured that the sample is not been taken from Bärbel with the smartphone from her best friend Julia.
2. Personal data and a half anonymized medical record are strictly uncoupled and never stored in the same infrastructure except after positive testing they will be combined for a short period of time until successful delivery at sormas. This would have solved for us in our environment many GDPR issues coming with medical Patient data. This is e.g. stronger encryption requirements and requirements to archive these data up to 30 years. Not having control over when to provide my personal data to a provider after some relevant changes of medical laws in the past 4 years would occur in not making such test and providing the data to the CWA. I know many people not well informed of how the CWA ecosystem works which are not willing to install the app as they are thinking they have to provide data and will be tracked by state. If these data are stored encrypted on the device and they can control when they provide the data they might be more open to using the app. In positive testing case it might be thinkable of not letting them checkin anywhere or getting another test until they agreed in providing their data through the ecosystem to the healthcare authorities. There are already apps which do it like this. This can also be done like after a positive test in my description in the venue checkin component. Those who filled out the papers last year with Mickey Mouse or other names will definitely not use the CWA when their data are dropped when checkin. This should be done if there is a positive case in a specific cohort. I am convinced that leaving the path not collecting the user's data (which it is in a way when pre entering the data to process them through the QR code like it has has been prepared latest by this merge , is prepared here here  and discussed in the document "Integration von Schnelltests für Partner mit Software-Lösungen - Information für Partner" issued by 12.04.2021. I strongly believe the CWA has realistic potential of being widely used by people with the checkin and quick test integration which will bring huge benefit to the people as well as to the general fight to this pandemic. But processing the data how it is in make has the potential to be showstopper or "Rohrkrepierer" before people had a chance to pull benefit. It might be okay if people provide their data to the test center when they pay by themselves for their test. But it is also in this case not necessary to force the people providing their data when having a government payd test which is negative. There are other options to check if the smartphone belongs to the tested person. One is as described above. In our platform for documenting the tests in companies we only need the employee number. As not that many people know their employee number we optional can receive name data and b.o.d.. But these values are optional and the employer is informed by us that the employee has to be asked prior overtaking these data into our platform. Only the employee number is a value which the employer is free to share according to GDPR. We are storing the test data and the employee data in different components which only can be accessed via API call. And each API call is verified against authentication provider component (FusionAuth) without any exception. Therefore the frontend component provides JWT which is generated by authentication provider. This is only an advice based on my personal opinion. If the team working on these features likes to discuss this further please feel free to contact me for a more intensive discussion real world without filling the repo like I do 😐.

[raceface2nd]

@dsarkar @maugst would either one of you mind to contact me somehow this week? (email is in my profile and landline on my company's website)

It's CWA related but would not fit in any of those repositories but has something to do with the business sector my company is place and the usage of CWA.

[Ein-Tim]

I think the best way to get in touch with the right people would be to write a mail to corona-warn-app.opensource@sap.com, which is also mentioned in https://www.coronawarn.app/de/blog/2021-03-31-corona-warn-app-test-integration/.

@dsarkar Is "only" a community manager & @maugst isn't active at all.

[raceface2nd]

It felt a bit that dsarkar might have a closer connection and maugsts profile says SAP.

Should I delete this comment then?

[Ein-Tim]

No, leave it. Maybe @dsarkar could clarify what the preferred way to get in touch with them is.

[ndegendogo]

@Ein-Tim

@dsarkar Is "only" a community manager

why "only"? His role is to communicate with us and to act as a bridge between us community and the developers And he is really very active: day and night and even on the wekends.

@maugst isn't active at all.

well - my perception is that he has some coordinating role, like a project manager. And even when you don't see activity counted in PR, I assume that he is also very active 🙃🙃

@raceface2nd still Tim's suggestions are good. Either wait for a response here or try the email given.

[Ein-Tim]

@ndegendogo

Thats why I wrote only with "", he's IHMO one of the most important people in this project, he talks to the devs, etc. So this wasn't meant in any "bad" way or so. With "only" I only meant that he isn't a developer.

I'm quite sure that @maugst also does something, but since we don't know what I wrote that he's not active, at least here on GitHub.

But I'm quite sure we're understanding each other here 🙂

[raceface2nd]

@Ein-Tim @ndegendogo

The email address mentioned brought me to a person I am already in contact with but does not bring me further. Maybe someone who might has some connections read what I dropped the last days and is open to talk to me and decide as a kind of filter if it is useful to bring me further or not. I will see.