The latest on contact tracing apps

With help from Darius Tahir (@dariustahir) and Tim Starks (@timstarks)

Editor’s Note: Morning eHealth is a free version of POLITICO Pro eHealth’s morning newsletter, which is delivered to our subscribers each morning at 6 a.m. The POLITICO Pro platform combines the news you need with tools you can use to take action on the day’s biggest stories.Act on the news with POLITICO Pro.

Quick Fix

More questions than answers for contact tracing apps: Google and Apple say consumer privacy is top-of-mind in their Bluetooth-driven contact tracing API. But privacy concerns aside, European researchers warn that these apps may not be effective.

— Bipartisan push for teletherapy bill: A bipartisan measure aims to plug up gaps in Medicare coverage for virtual care, including speech and physical therapy.

Cyber vulnerabilities bubble up during pandemic: So much so that NSA and DHS are issuing security guidance on video chat platforms including Zoom, which is widely used for telehealth visits.

eHealth tweet of the day: Alex Kantrowitz @Kantrowitz “Sunday is grocery day. Which means Sunday afternoon is dedicated to eating a full week worth of snacks in two hours.”

Welcome to MONDAY at Morning eHealth. After writing about telehealth policy for years, your author finally tried it during quarantine. She found it a little glitchy but overall a good substitute for in-person care, in a pinch. If you’re new to telehealth, what do you think? Tell us at [email protected], and Tweet the team at @dariustahir, @ravindranize, @POLITICOPro and @Morning_eHealth.

Given the unprecedented public health challenge confronting regulatory affairs teams, the AgencyIQ leadership team has decided to pull research and analysis content concerning the virus and its regulatory implications in front of the paywall. It is available here: https://agencyiq.com/covid-19-resource-center/

Driving the Day

WHITE HOUSE WEIGHING PLAN TO REPLACE AZARTrump administration officials are considering replacing HHS secretary Alex Azar, our POLITICO colleagues Adam Cancryn, Nancy Cook and Dan Diamond report — and on the short list of successors are White House coronavirus coordinator Deborah Birx, Medicare chief Seema Verma and deputy HHS Secretary Eric Hargan.

..."Senior officials’ long-standing frustrations with the health chief have mounted during the pressure-packed response to the Covid-19 outbreak, with White House aides angry this week about Azar’s handling of the ouster of vaccine expert Rick Bright,” they write.

President Donald Trump on Sunday denied reports that Azar might be fired, tweeting that the health secretary is “doing an excellent job.”

... But as POLITICO has reported, White House aides have been frustrated with Azar since last year when his feud with CMS’ Verma broke into the open.

FAUCI CALLS TO DOUBLE TESTINGAnother top Trump health official said the U.S. should at least double coronavirus testing in the coming weeks before easing into reopening the economy.

... National Institute of Allergy and Infectious Diseases Director Anthony Fauci said during the National Academy of Sciences annual meeting this weekend that the U.S. now churns through about 1.5 million to 2 million tests a week.

“We probably should get up to twice that as we get into the next several weeks, and I think we will,” he said, noting later that adequate testing should “get those who are infected out of society so that they don’t infect others.”

POLITICO Pro is here to help you navigate these unprecedented times. Check out our new Covid-19 Coverage Roundup, which provides a daily summary of top Covid-19 news coverage from across all 16 federal policy verticals as well as premium content, such as DataPoint graphics. Please sign up at our settings page to receive this unique roundup sent directly to your inbox every weekday afternoon.

THE LATEST ON CONTACT TRACING — Here’s what we’re following on the recent wave of apps designed to track and notify people who may have been exposed to coronavirus:

Apple, Google pledge extra privacy protections: The tech giants announced several new measures to bolster privacy and make it easier to build apps using their Bluetooth signal-tracing API, our POLITICO colleague Vincent Manancourt reports.

The changes seek to address concerns that patients using such apps will open themselves up to surveillance. Apple and Google plan to update the API so that it randomly generates encryption keys, making it harder to guess how they’re derived and use them to track people, Vincent writes. The companies also plan to encrypt Bluetooth metadata and limit exposure time to 30 minutes.

Google and Apple announced their unprecedented partnership, which will let public health groups build apps tracking exposure across Android and iOs devices, earlier this month. The companies have said APIs will be available starting mid-May.

Startups are already spinning out new apps to monitor social distancing. One, called Landing AI, designed a workplace monitoring tool alerting users when they’re within a certain distance of a colleague, MIT Technology Review’s Karen Hao reports.

THE VIEW FROM EUROPEContact-tracing apps may have limited impact on the virus’ spread and could give users a false sense of security, POLITICO’s Janosch Delcker reports.

“Technology is never a silver bullet and it’s particularly not a silver bullet in this circumstance,” Carly Kind, director of AI research center Ada Lovelace Institute, told POLITICO. “But it’s often being framed as a silver bullet — and that’s part of the problem.”

Kind’s warning comes as European governments including Germany and Malta are rolling out contact-tracing apps. There’s been much debate among Europe’s privacy regulators, but less about whether these apps can actually meaningfully stop the pandemic.

... The London-based Ada Lovelace Institute warned of a lack of evidence that apps can help curb coronavirus’ spread, and urged the U.K. government to shelve plans to deploy one.

“Using a track-and-tracing app might be something that helps, but it’s not — as a lot of people now think — a catchall solution that allows you to lift all the restrictions and we’re done,” said Frank Dignum, a professor of socially-aware artificial intelligence at Umeå University in Sweden.

RELIEF FOR THERAPISTS? — Reps. Cindy Axne, Troy Balderson and French Hill last week introduced the Emergency COVID-19 Telehealth Response Act to ensure Medicare reimbursement for clinical social workers, occupational therapists, audiologists, speech pathologists and physical therapists. While CMS has expanded the types of virtual services Medicare pays for during the pandemic, not all practitioners are covered — forcing them either to avoid virtual treatment or deliver it without any payment guarantees.

Such measures could help patients who are currently “forced to choose between taking the precautions of staying home and getting the care they need,” Axne said in a news release.

Also on telehealth, RSA President Rohit Ghai told Pro Cyber’s Tim Starks last week that the world needs to start preparing now for the cyber risks of a post-coronavirus world.

“If during the pandemic we’ve allowed a lot of our workers to access data from their home environments, is that going to be the new normal going forward?” he said to Tim. “As such, how should our data governance need to evolve? There’s going to be a lot of that kind of activity.”

Virtual care is another frontier, Ghai said. “We have regulations in place today that are too tied to the existing way that workers provide health care,” he said. “We need more flexible models in terms of how health care is going to be provided in the future.”

One example of that needed flexibility in action, according to Ghai: HHS leniency on enforcing health privacy rules for those seeking in good faith to provide telehealth.

NOT YOUR USUAL VIDEOCONFERENCE APP VULNERABILITY — Hackers could have used a compromised subdomain and an “evil GIF” to scrape data from a Microsoft Teams account and even perhaps take over an organization’s roster of Teams accounts, CyberArk disclosed last week. Microsoft Teams has special offerings for health care professionals, which include connections to health records systems. Microsoft made an immediate fix then issued a patch last week to address the issue after CyberArk called the vulnerability to the company’s attention.

“Even if an attacker doesn’t gather much information from a Teams’ account, they could use the account to traverse throughout an organization (just like a worm). Eventually, the attacker could access all the data from your organization Teams accounts — gathering confidential information, competitive data, secrets, passwords, private information, business plans, etc.,” CyberArk wrote.

SPEAKING OF SOFTWARE SECURITY — The NSA and DHS collaborated to issue security guidance on videoconferencing platforms and other collaborative tools, with the NSA out of the gate first on Friday. The agency urges users to evaluate software based on factors such as whether it uses end-to-end encryption or multi-factor authentication. “The intent of this document is not meant to be exhaustive or based on formal testing, but rather be responsive to a growing demand amongst the federal government to allow its workforce to operate remotely using personal devices when deemed to be in the best interests of the health and welfare of its workforce and the nation,” the NSA guidance said.

WHO ARE YOU? The World Health Organization said last week it has endured a fivefold increase in cyberattacks since the start of the Covid-19 pandemic, but that leaked credentials pose no harm to existing systems because the data wasn’t recent. Still, WHO said it was moving the affected systems to a more secure authentication system. “Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic,” said Bernardo Mariano, WHO’s chief information officer. “We are grateful for the alerts we receive from Member States and the private sector.”

What We're Reading

— FT’s Hannah Murphy and Patrick McGee report on apps that could track employees’ movements during the pandemic.
— Telehealth for pets is on the rise, CNBC’s Sully Barrett writes.
— The pandemic is exposing deep disparities in New York’s health system as wealthy hospitals draw on cash reserves and publicly funded ones scramble, NYT’s Michael Schwirtz writes.