COVID-19 Contact Tracing & Exposure Notification Apps Protected in Bipartisan Bill

by | Jun 7, 2020

A bipartisan group of Senators have introduced a bill dedicated to securing contact tracing and exposure notification apps that will be implemented to manage the spread of COVID-19.

One of three bills introduced, the Exposure Notification Privacy Act is was formulated with a view to regulating contact tracing apps to secure the privacy of Americans. The other two bills did not make it off the floor. The feeling was that a bipartisan bill will have a greater chance of success.

At present, contact tracing and exposure notification technologies are being designed to try and control the spread of COVID-19. Google and Apple have both developed the technology to support contact tracing using mobile phones and low energy Bluetooth. When a user installs a contact tracing app it will record encounters with other people who have also installed the app. When someone is diagnosed with COVID-19, the encounter data in the app is reviewed so all individuals who may have been infected by that person can be informed.

Contact tracing and exposure notification apps have been implemented in other countries and have helped reduce the spread of COVID-19, but there are privacy risks linked with the apps that the new bill aims to tackle.

The Exposure Notification Privacy Act was brought to the house by Sens. Maria Cantwell (D-Washington) and Bill Cassidy (R-Louisiana) and has been co-sponsored by Amy Klobuchar (D-Minnesota). They are hoping that the bill will give Americans control over their personal data and “will place public health officials in the driving seat of exposure notification development.”

The bill requires the implementation of contact tracing and exposure notification apps to be voluntary and for developers of the apps to put in place measures that allocate consumers strong controls over their personal data. The bill restricts the range of data that the apps can collect and places a time limit on how long personal data can be in use.

In order for the apps to achieve their intended aim, they will need to be installed by large numbers of people. For that to take place, Americans will need to be confident that their privacy is secured and their personal data will not be improperly used.

Senator Cantwell said: “Public health needs to be in charge of any notification system so we protect people’s privacy and help them know when there is a warning that they might have been exposed to COVID-19. This bill defends privacy when someone voluntarily joins with others to stop the spread of Covid-19.”

The bill requires exposure notification systems to only permit medically authorized diagnoses to see to it that false reports do not happen. The bill requires personal data gathered through the apps to only be used for the purpose of managing the spread of COVID-19 and personal data is forbidden from being used for commercial purposes. Along with participation being voluntary, the bill will give Americans the right to opt out and have their personal data erased at any point in time.

Strong security controls must be implemented to protect personal data collected through the apps and in the event of a data breach taking place, the bill calls for all affected individuals to be made aware. There will also be strict enforcement measures to ensure consumer rights are secured. Federal and state authorities will be given permission to sanction financial penalties in cases of noncompliance.

Senator Klobuchar said: “As we continue to confront the coronavirus pandemic, Americans should not have to worry about the privacy and security of their personal health data. While contact tracing can play a critical role in helping prevent the spread of the coronavirus, this crucial innovation cannot come at the expense of consumers’ privacy.”

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy