Colorado COVID-19 Exposure Notifications System boosts contact-tracing efforts

More than 1 million Coloradans have activated the statewide COVID-19 Exposure Notifications System since its launch Oct. 25, according to the Colorado Department of Public Health and Environment.

So far, however, CDPHE reports that just 3,400 people who tested positive for coronavirus have used the system to notify others of a potential exposure. To improve reporting, the state on Nov. 9 began texting a one-time verification code directly to users with confirmed positive test results that have been logged into the state’s information system.

While the app and notification system use the latest technology, they rely on users to take the final and most important step of submitting a positive test result to notify those with whom they’ve been in close contact of a potential exposure, said infectious-disease expert Sheryl Zajdowicz, Ph.D., chair of the Biology Department at Metropolitan State University of Denver.

State officials say any number of people who use the app will help stanch the spread of COVID-19. The 1 million-plus activations represent approximately 17% adoption, according to CDPHE. But the more people who enroll, the better the tracking will be, Zajdowicz said.

“Studies suggest anywhere from 50% to 95% of a population being enrolled would be the most impactful, and 75% of the population being enrolled seems to be an average percentage that would allow for the greatest effect,” she said.

The Colorado Exposure Notifications app, which was developed in a joint effort by Apple and Google, is a voluntary service that can alert users if they have been near someone who has tested positive for COVID-19.

Those who test positive for COVID-19 are provided with an anonymous code that they submit to the app. Others who activated the app and came into contact with the positive case – defined as their smartphone being within 6 feet of an infected person’s smartphone for at least 10 minutes – receive a push notification alerting them of possible exposure.

Test results are shared without personal, identifying information attached, so privacy concerns should not stop Coloradans from using the technology, said Steve Beaty, professor of Mathematical and Computer Sciences at MSU Denver. He has analyzed the app’s code, which was mostly written by Google engineers and published in the public domain.

“It appears to strike a solid balance of security and function,” he said. “Users’ privacy appears protected, so hopefully that increases their willingness to activate the app and share if they have tested positive.”

Smartphones with the app activated exchange anonymized “tokens” – numerical codes that contain no personal or location data – via Bluetooth. The tokens are stored on a public-health server for 14 days and then automatically deleted.

“This app is the first, to my knowledge, where phones exchange information through Bluetooth without pairing,” Beaty said.