Contact Tracing FAQ


Copyright © 2020. Everbridge, Inc. All rights are reserved. Everbridge, Nixle, IT Alerting, Community Engagement, HipaaBridge, SecureBridge, Smart Orchestration, and Visual Command Center are trademarks of Everbridge, Inc. All other registered or unregistered trademarks and service marks are property of their respective companies and should be treated as such.

Everbridge banner 


Frequently Asked Questions

Question

Response

Why is Everbridge releasing a separate mobile app for Proximity-based Contact Tracing?

For the Proximity-based Contact Tracing capability which utilizes Bluetooth Low Energy (BLE) technology on iOS devices, the only application that the Apple Application Review team has agreed to approve is a standalone application that keeps all other Everbridge Mobile Application functionality separated. Therefore, customers that will benefit from the complete end-to-end Return to Work, Location-based Contact Tracing and Proximity-based Contact Tracing, need to use two Mobile applications. The corporate Everbridge mobile app is called "Everbridge App for iOS (EVBG App iOS)" and the standalone mobile app is called "Everbridge Contact Tracer App for iOS (EVBG CT iOS)".

Do I need two Mobile Apps for Google Android as well?

No. Everbridge Mobile App on Android is a complete application that provides all necessary capabilities including Proximity-based Contact Tracing functionality.

What functionality is supported in the Everbridge Contact Tracer App (EVBG CT iOS) in iOS?

BLE-based Proximity Contact Tracing (CT) capability (key exchange for 6 feet, 15-minute proximity), Symptom Checker, Self-Report, and ability to define Custom Form buttons. Note that for Proximity CT and the Self-Report button to work, BLE Proximity functionality must be enabled in the Organization's settings area.

Does this mean that capabilities of the EVBG CT iOS are NOT available in the EVBG App iOS? 

No. Except for Proximity-based Contact Tracing, the EVBG App iOS supports all other functionality like Symptom Checker, Self-Report, and other Custom Form buttons.

When BLE technology is disabled by organization administrators, a self-report on the EVBG App iOS will not result in BLE key exchange and no Proximity-based exposure events will be triggered.

However, in this scenario, a self-report will trigger a notification to HR or someone with the correct access to initiate "Location-based" Contact Tracing (look at calendar, badge, Wi-Fi, travel, and so forth).

How do my users log into the EVBG CT iOS?

Single Sign-On (SSO) is fully supported and therefore customers can use the same credentials to log into the EVBG CT iOS. Just like the existing EVBG App iOS, the EVBG CT iOS App will also support the Member Portal Login credentials as well.

If both Apps have the Self-Report button, which one works? 

When BLE Proximity Contact Tracing is enabled, the Self-Report button will appear in BOTH  the standalone Contact Tracer iOS app and the Everbridge iOS App. However, the Self-Report button with BLE will only function accordingly when used in the standalone Contact Tracer app (e.g., tracing keys uploaded to the CT service). 

Using the Self-Report button from the EVBG iOS app (even if BLE is enabled) will NOT result in BLE key exchange and no Proximity-based exposure events will be triggered.

If the customer chooses NOT to enable BLE Proximity Contact Tracing, the Self-Report button will also appear in BOTH apps. ALL other custom buttons will work on both apps.

When should I use the Symptom Checker on EVBG App iOS and EVBG CT iOS?

If "push notifications" are being leveraged for standard or polling notifications, ALWAYS use EVBG App iOS. The new standalone EVBG CT iOS does not support any push notification capability. So, whether it is Symptom Checker or any other custom button, use the existing EVBG App iOS if a push notification is needed. Otherwise, the standalone EVBG CT iOS will meet RTW use cases.

Are the Apps directly linked with each other? Can I access EVBG CT iOS with EVBG App iOS and vice versa?

You can open the existing EVBG App iOS directly by clicking a button on the new EVBG CT iOS. However, you cannot launch the new EVBG CT iOS from the existing EVBG App iOS.

I am a customer that has already purchased the Everbridge Return to Work solution. Do I need to encourage my users to download the new EVBG CT iOS app?

Determining if the standalone EVBG CT iOS is needed depends on the following:

  1. If Proximity-based CT feature is enabled, users will need to download the new EVBG CT iOS. (End users should be directed to download the new EVBG CT iOS in addition to the existing EVBG App iOS.)
  2. There is no change for those users who are using Android platform.

Does the EVBG CT iOS also have the Safety Connection-related buttons like SOS, Check-In, Emergency Call, Safe Corridor, Location?

No. Those buttons will not be available on the new EVBG CT iOS; only on the EVBG App iOS.

What is the expected battery drain with BLE running in BG mode?

Based on our extensive tests, EVBG Contact Tracer functionality in both iOS and Android resulted between 3% to 5% battery usage per day. However, for the iOS Contact Tracer app specifically, enabling "Enhanced Contact Proximity Tracing", which relies on device location services to remain active, may use an average of 40% battery in an 8-hour period. Battery consumption may be more or less than 40% over 8 hours depending on device type, OS version, and battery health. This is consistent with battery performance associated with Apple's own "Exposure Notification" functionality.

What is the accuracy of the BLE Contact Tracing App?

On both iOS and Android, the accuracy of the CT feature is 6 feet and 15 minutes. These thresholds are not configurable. Please note that the 6 feet / 15-minute thresholds are derived from the BLE signal strength connection between two devices and both thresholds may vary slightly depending on a number of factors including obstacles between the devices, device models, and OS versions.

Why does the iOS Contact Tracer app require wakeup notifications?

Wakeup notifications allow the app to return to an active state so the operating system can continue leveraging BLE proximity functionality. The app has been built to function in the background, but there are scenarios where we are not able to override Apple's operating system, which puts apps that are not in use in a "suspended" state.

What do the various iOS wakeup notification time intervals represent?

These intervals determine how often the app sends wakeup notifications - the more frequent the notifications, the greater the likelihood exposures will be captured.

Do users need to tap on the notifications for the iOS app to begin gathering proximity data?

Yes, in order to ensure the app continues to capture the proximity between devices, users must tap on the notification and force the app into an active state.
 

Is there a separate Professional Service (PS) or implementation charge as a result of the new mobile app?

No. If your product solution includes Symptom Checker, Wellness Check, and Contact Tracing, no new charges are needed. If your product solution does NOT include the PS package for Contact Tracing, then a purchase is required.

Is there deep linking capability across the two apps? That is, clicking one button on an app lands you on the exact button on the second app.

No. That is being considered for a future release.

Can the new EVBG CT iOS warn a user if the app is being killed?

Yes. The App works in the background mode; however, if a user kills the application, the contact tracer will not work. The app provides a pop-up message to the user in case the application is being killed inadvertently.

What type of information is collected through the Everbridge Mobile App related to Contact Tracing use cases?

The information collected via the Everbridge Contact Tracing solution is completely configurable. There are two primary "events" that occur to provide visibility into customers' organizational risk level as well as functionality to allow for proactive COVID-19 Symptom Checking.

  • Self-Report Event: Initiated when an end-user proactively indicates via the Everbridge Mobile App that he/she has COVID-19
  • Exposure Event: Initiated when a Self-Reporter comes in Bluetooth proximity to a non-infected end-user
  • Symptom Checking: A customizable form to help contacts proactively determine if they are eligible to return to work/campus


Self Report Events
An administrator can collect the following information after a Self-Report is detected:

  • Time/Date of the Self-Report
  • Contact First Name/Last Name
  • Contact Delivery Path Information
  • An end-user's COVID-19 status via the results of a configurable form
  • An end-user's location at the time of Self-Report (configurable by administrators)
  • Anonymous configuration: You can choose to allow Self-Reporters to remain anonymous. If Self-Reporters are allowed to remain anonymous, no contact data will be passed to Organization users during a Self-Report event. Contact Tracing reporting will obscure all contact data and no follow-up will be possible.


Exposure Events
Administrators can collect the following information after an Exposure Event is detected:

  • Time/Date of the Exposure Event
  • Contact First Name/Last Name
  • Contact Delivery Path Information
  • Anonymous configuration: Exposure events cannot be collected anonymously.


Symptom Checking
Organization contacts can proactively complete Symptom Checking forms to determine if they are eligible to return to work/campus. These forms are completely customizable and with the Everbridge Smart Orchestration add-on, form responses can determine which organizational users are notified and inform contacts if they are eligible to return.

  • Anonymous configuration: Symptom Checking forms can be configured to allow for anonymity. End users who complete the form will have no PII (Personal Identifiable Information) shared with organizational administrators.

Which Mobile platforms does the Everbridge Contact Tracing solution support?

The Everbridge Contact Tracing solution supports both iOS and Android platforms.

How does an employer or student consent to the application?

An Everbridge Mobile App user consents to the Everbridge Privacy Notice once the app has been downloaded and the user attempts to log in. The Everbridge Mobile App will subsequently request access to three additional Mobile Services depending on which Everbridge features you are leveraging:

  • Location Services: Requested to allow for location-based Safety features. It is also used to improve proximity accuracy.
  • Push Notifications: Requested to allow the app to send timely notifications to end-users via the Everbridge Mobile App
  • Bluetooth: Requested to allow for anonymous proximity-based key exchange to support Contact Tracing efforts

The app-level permissions listed above can be disabled at any time by end-users. Although by doing so, key functionality of the Everbridge Mobile App will be disabled.

What privacy notice is provided to application users?

The Everbridge Privacy Notice is displayed to end-users at the time they log into their organization via the Everbridge Mobile App.

How is the information collected through the application processed?

All data sent to and from the mobile clients are via HTTPS. The Everbridge Mobile App uses standard OS encryption. The proximity contact tracing feature of key management is applicable to the EVBG CT iOS only. On Android, the same app will provide complete functionality.

Information collected from the Everbridge Mobile App is pushed to the Contact Tracing (CT) back-end Database (DB) via Member APIs which act as a proxy. The information in the CT back-end DB is then used for matching infected keys to generate exposure events.

The information in the CT back-end is also pushed to the Manager Portal via Reporting APIs to generate quick reports. The CT back-end DB only stores Contact IDs of the end users. The CT back-end sends Contact IDs, Self-Report and Exposure Event IDs, Incident IDs, Incident variables/values to the Manager Portal along with other reporting information.

The data from form buttons is used when launching incidents where applicable and stored as part of Incident collections.

Is Everbridge leveraging the Google/Apple Contact Tracing (GACT) framework to determine device-to-device exposure events?

No, Everbridge has developed its own proprietary Bluetooth Low Energy (BLE) framework to determine device-to-device exposure events.

How often are unique keys generated at the device level?

Once per day

How often are tracing keys uploaded to the CT service?

Only when a Self-Report occurs

How long are keys stored on the user's device?

14 days

Will Everbridge support 14 days' worth of infected keys following a Self-Report?

Yes

How often are infected tracing keys downloaded to devices for exposure matching?

  • Past exposure: 2-8 hours
  • Current/Future exposure: N/A

What is the time span between the uploaded self-report infected key process and the end-user getting an exposure alert?

  • Past exposure: 2-8 hours
  • Current/Future exposure: 24 hours

How often are exposure notifications generated (if configured by the administrators)?

  • Past exposure: 2-8 hours
  • Current/Future exposure: 24 hours

Once an exposure event occurs, how long until an Incident Template is launched?

5-10 minutes

What Bluetooth Low Energy (BLE) thresholds is Everbridge using to define an Exposure Event?

Both distance and duration BLE thresholds must be met to trigger an Exposure Event.

  • Distance: 6 feet
  • Duration: 15 minutes


Please note that the 6 feet / 15-minute thresholds are derived from the BLE signal strength connection between two devices and both thresholds may vary slightly depending on a number of factors including obstacles between the devices, device models, and OS versions.

How is Everbridge supporting clients with global operations given different privacy laws?

Everbridge is offering configuration in terms of what information is requested from users who are (1) Self-Reporting and (2) providing information through symptom-checking functionality. This configurability is meant to provide you with flexible tools to meet regional privacy laws. For instance, the forms that end-users fill out during both Self-Reporting and Symptom Checking scenarios are completely customizable and offer options to have end-users remain completely anonymous.

If data is transferred outside of EMEA, what controls are in place to meet data privacy laws?

The CT back-end data for European (EU) customers will be stored in an EU cluster. All existing Everbridge data privacy laws and access controls apply when handling the EU customer data.

What are the Everbridge retention schedules?

The Everbridge data retention policy is 18 months. Keys are stored on the mobile client for 14 days. Neither of these are currently configurable.

What protocols are in place to account for data subject requests (for example, to access and to delete)?

Mobile users can remove their account from the Everbridge Mobile App and/or delete/uninstall the app from their device.

In general, existing Mobile, Manager Portal, REST API user authentications apply. JWT token authentication is used between the proxy Member API and CT back-end, as well as the CT back-end and Manager Portal for reporting.

Once Bluetooth is enabled on an end-user's device, will their device become discoverable on another user's device?

No, the user's device will not become a discoverable device to other users.

Can an administrator "self-report" for a user?

An Everbridge administrator can create a custom contact attribute to capture a contact's COVID-19 status and update this at any time. With the Everbridge Smart Orchestration add-on, responses to daily wellness checks can dynamically update this custom attribute based on survey results.

However, only a Self-Report event via the Everbridge Mobile App will initiate device-to-device exposure events. As stated earlier in this document, on iOS, this means that the user has the EVBG CT iOS app.

Once someone self-reports, how far back can we see exposure events?

Once a user self-reports, an Everbridge administrator will see all exposure events caused by the self-reporter in the previous 14 days.

Can I run a report and see who downloaded the app?

Yes, detailed reports can be run from the Everbridge Manager Portal to determine which contacts have downloaded the app.

Can I run a report and see Exposure and Self-Report events?

Yes, a new "Quick Report" for each event will be introduced to the Everbridge Manager Portal to capture aggregate trending data related to both Exposure and Self-Report events.

Can I run a report and see who has Bluetooth enabled?

No, this will not be supported.

When are end-users prompted to allow Bluetooth Permissions on their devices?

The end-user will be prompted to enable Bluetooth once running the app the first time following Bluetooth Low Energy (BLE) enablement by the organization.

There will be no automated notifications asking users to re-enable BLE if they have disabled it.

Are Exposure events time and date stamped?

Yes, Exposure events will be shown in reports and include time/date stamps.

Can I retrieve contact data from Self-Reporters who are anonymous? No, Everbridge Support cannot deanonymize data from Self-Reporters once the organization has configured the system to support anonymous mode. If contact data is necessary for Self-Reporters, the platform should be configured in non-anonymous mode.

Do users need to tap on the notifications for the iOS app to begin gathering proximity date?

If the "Enable Enhanced Proximity Tracing" feature is not enabled, then you need to tap on the "wakeup" notification in order to ensure the app continues to capture the proximity between devices.

If the "Enable Enhanced Proximity Tracing" feature is enabled and the "location services" is set to "Always allow", then you no longer need to tap the "wakeup" notification to keep the app active. The app becomes active every time the app lights up, e.g., using iMessage, receiving alerts from other services.

Why does the iOS Contact Tracer app ask to "Allow to use Location" when I "Enable Enhanced Proximity Tracing"?

We provide each user the option to improve proximity accuracy by enabling the iBeacon solution. Our solution leverages core location services through iBeacon to keep the app awake while the Contact Tracer app is in the background mode and even if your device is locked. Having the app awake longer in the background means we are able to capture/accumulate proximity exposures at a more accurate level.

What is iBeacon?

iBeacon is a technology developed by Apple that uses Bluetooth Low Energy proximity sensing. It is used by many apps to send custom or personalized marketing alerts. Everbridge is only using iBeacon to keep the app active in the background.

Does Everbridge collect, store my location data when I set my location services to "Always" allow to enhance proximity tracing from the iOS Contact Tracer app?

No, Everbridge does not capture, store, or use any location data. Location services is only used for iBeacon purposes.

The iBeacon feature is also optional to the user and can be disabled at any time from the Settings screen. Disabling iBeacon also disables the location settings for the iOS Contact Tracer app.

Was this article helpful?
0 out of 0 found this helpful

Article Feedback

Please sign in to leave a comment.