• Privacy Preserving Interoperable
    Contact Tracing & Exposure Analysis
    using Blockchain

    PPICT-EAB recommends privacy preserving methodologies for concucting large scale contact tracing and exposure analysis of citizens and enabling an interoperable citizen health-card.


Privacy-Preserving and Interoperable Contact Tracing And Exposure Analysis Using Blockchain or PPICT-EAB recommends privacy preserving methodologies for conducting large scale contact tracing and exposure analysis of citizens and enabling an interoperable citizen health-card.

The methodologies are designed to help the people and their government agencies, health departments etc to conduct automated contact tracing and exposure analysis for a large population without compromising the data privacy of citizens. Using the methodologies defined in the PPICT-EAB whitepaper, agencies can build pandemic management systems to curb the spread of the pandemic.

PPICT-EAB recommends application architecture which is compliant with GDPR and provides additional algorithms for privacy preserving contact tracing as well as exposure analysis. The section below highlights the key concepts recommended by PPICT-EAB for Contact tracing, Exposure Analysis, and Interoperability.

Privacy Preserving Contact Tracing

People who come in close contact with a person who has tested positive for the coronavirus, are at a high risk of becoming infected themselves, and of potentially further infecting others. Hence, it is of paramount importance to monitor these contacts after they have been exposed to an infected person. This will ensure that they get the right care and treatment if they have contracted the infection. This method of identifying the people who have come in contact with a potential COVID-19 case is known as contact tracing. It is an extremely powerful tool that is being used to curb the spread of the virus.

To automate contact tracing, the majority of the population needs to install the contact tracing application. The application of a user would broadcast random codes (a.k.a chirps) to nearby Bluetooth devices. The nearby Bluetooth devices capture these chirps and log them into the application. Likewise, all smartphones under close proximity share chirp between each other. Chirps do not reveal the identity of the users in order to protect their privacy. When a person is tested positive for COVID-19, government agencies can request the user to upload the broadcast chirps from their mobile application. Every app would periodically check with this database of broadcast chirps to identify a potential match. If a match is found, it means the person has come to close contact with a patient.

Privacy Preserving Exposure Analysis

Studies say that coronavirus may continue to stay on surfaces for a couple of hours or up to many days. There is a large chance for coronavirus to persist in surfaces of facilities present in a hot zone. Because of this, a person who goes to a hot zone has a larger probability of being infected with COVID-19. For example, if a person who has tested positive for COVID-19 goes to a restaurant and touches the door handle, the virus can be transmitted to these surfaces and could persist on such a surface for hours. Meanwhile, someone else could visit the same restaurant and come in contact with any of these surfaces to be exposed to the virus. It is extremely important for governments to act in a proactive manner by making calculations according to these exposures and subsequently identify micro hotspots and alert users to stay away from such hotspots.

PPICT-EA suggests a privacy-preserving exposure analysis using user location data from GPS. Through this approach, the user's GPS data is not transmitted to the server-side. Instead, the user application pulls the batches of hot zone information from the server to perform a decentralized exposure analysis.


Even if a country successfully suppresses the spread of COVID-19 by enforcing lockdown, they have to wait until other countries do the same, to completely open borders. Otherwise, one COVID19 affected person arriving from a different country could evoke the second wave of disease spread throughout the country. And this is a problem. Interoperability of contact tracing and exposure analysis data between different countries is a necessity to curb the pandemic.

PPICT-EAB recommends a methodology that uses Blockchain technology to enable interoperability of health data between different countries. Interoperable health-data enables countries to be confident that none of the people coming into the country is affected by COVID-19. Citizens from different countries, or a consortium of countries, will have a health card that indicates the health risk level (infection of COVID-19) assigned to them via their local health departments, based on contact tracing, exposure analysis and other tests. People with ‘NO RISK’ health cards could only be allowed to travel overseas.

Adopting PPICT-EAB

Governments, National agencies, Enterprises can adopt PPICT-EAB for building pandemic management systems. The documendation of PPICT-EAB methodologies is available here. The protocol supports automated and privacy-preserving contact tracing and exposure analysis and blockchain based interoperable citizen health status database.

Contribute to PPICT-EAB

We invite subject matter experts to contribute to PPICT-EAB by recommending ideas, ideas for optimising the protocols, constructive critisicsms and other ideas that can improve the recommended methods.