Here is the CMT Uptime check phrase

ESC Best Practices for Pandemic Apps at US Universities

Symptom Checking, Contact Tracing, Quarantine Compliance, and Exposure Monitoring  

version 1.0 — August 25, 2020

Universities are now designing and deploying new mobile phone apps as part of their pandemic response for symptom checking, contact tracing, quarantine compliance, and exposure monitoring. In this document, we provide a brief high-level overview of the best practices for the design of this software.

People expect that it is reasonable and safe to share different kinds of information with different people: e.g., a friend vs. a doctor, supervisor, employer, or police officer. Universities have a unique and difficult institutional role during the pandemic. They may simultaneously act as the same person’s educator, surrogate parent, social calendar, landlord, restaurant, Internet service provider, employer, health-care provider, public health agency, and local law enforcement agency. 

Universities often serve diverse populations with different needs and these populations work and live in a very wide range of contexts from scientific “wet” labs to athletic stadiums. Using an app deployed by a university may be required for faculty, staff, and students, and this could affect the user’s freedom, privacy, safety, livelihood, and health. 

It is important to carefully consider the design choices made for each app and compare these decisions against what is well-known by experts about the design of software in similar situations.

Best Practices:

  1. Data should be anonymized. More specifically, health and location data should be disassociated from identity, e.g., a user name. If an association between identity and health/location is unavoidable for support of contact tracing, health/location data should still be collected and stored separately with extra precautions for protecting the link.
  2. Incorporate privacy-preserving technologies to protect the privacy of individual users and secure information related to them.
  3. Data collection should be decentralized to reduce the potential for misuse or leakage.
  4. Data collection should be for a specific and clearly articulated purpose and necessary for that purpose. Data use should be limited to that purpose.
  5. Specify how data will be used and clearly communicate this to users (e.g., “Only public health officials will have access to your data.”) This should include to whom and for what purposes the data will be released, and whether there is a governing body overseeing release.
  6. Where appropriate, include an explicit statement about uses or access that are NOT allowed. (e.g., “This information will not be shared with your supervisor.”)
  7. Data collected for research should still promise benefits that outweigh the risks of data collection, obtain informed consent, and undergo IRB oversight
  8. Discard data after a stated time period that is explicitly announced.
  9. Data should not be reproduced or transferred into another system (e.g., via screenshots, verifications of completion sent by email, or records input into a shared document) by the app or by its users.
  10. Develop applications that meet international digital accessibility standards and are compatible with built-in phone and tablet accessibility features by following Android and iOS guidance.
  11. To minimize security, privacy, compatibility, and accessibility problems, consider not deploying a native app at all; instead use a Web app, Web page, or (for symptom checking) a printed list of questions posted publicly.
  12. For contact tracing, use proximity data (i.e. Bluetooth) instead of tracking location.
  13. If available, a state-sponsored app should be used that works with the Bluetooth-based COVID-19 Exposure Notification API developed by Apple and Google before building an institution-specific solution.
  14. Each app should be deployed as part of a multifaceted strategy in tandem with clear and compassionate guidance and education, efforts to combat misinformation, and resources of care that include frequent testing.
  15. To promote data quality, build trust, and avoid coercion, the ongoing collection of health information should be done on an opt-in basis, not as a requirement of employment, enrollment, or access to infrastructure and resources.

Contact Us

This is a living document and will evolve as this situation evolves. We welcome your feedback and suggestions for additional resources at [email protected].

Cite This Document

Center for Ethics, Society, & Computing. (2020). ESC Best Practices for Pandemic Apps at US Universities. Retrieved from:

Further Reading

This document is part of the Emergency ESC initiative.

Sign up for email announcements to learn more.