If a person tests positive for COVID-19 a key part of the case investigation is understanding where that person went while they were infectious. The difficulty is people often find it difficult to remember their precise daily movements during this time. The Digital Diary can be used to keep a private record of where a user has been on their device.
The privacy of the digital diary is paramount, and the Ministry has no interest in compiling a centralised database of the places a person has been. For this reason, the diary is kept locally on the person’s device, and only uploaded if the person chooses to if they test positive for COVID-19 and are requested to by a contact tracer.
Each time the app returns to the foreground entries that have been created more than 60 days ago are automatically deleted, in line with clinical advice on the amount of data that is necessary to support a case investigation.
If a user uses multiple phones a separate diary is kept on each device. As of version 6.1.0, the diary can be exported from one device and imported to another, to enable migration to a new device.
Component model diagram
The user uses the app to record entries in their digital diary. An entry can be created by:
- Scanning a QR code
- Tapping an NFC tag v6.0
- Manually creating a diary entry with details from a previous scanned entry v6.0
- Manually creating a diary entry with location name and time of arrival written in free text
- Opening a link in NZ COVID Tracer v6.1.0
A free-text description can also be added at the time of creation or by editing.
The primary way of adding a diary entry is through scanning a QR code.
QR codes and NFC tags contain a GLN, Location Name, and Address as per the QR code specification. QR code posters can be requested for any New Zealand location for free using the Rapid QR Service.
The GLN is obtained through the creation of an Organisation Part within the NZBN register, operated by the Companies Office in the Ministry of Business, Innovation, and Employment. Organisation Parts are based on NZS ISO/IEC 6523.1.
Support for adding a diary entry through NFC tags was added in version 6.0. The schema is detailed here.
Like scanning in with a QR code:
- The tag contains the name, address, and GLN of the location.
- No information about where you have scanned in leaves your device.
As of release 6.0.0, a user can manually add a diary entry that has a GLN attached from any place that they've visited within the diary retention period or that has been saved. They can also manually add a diary entry that does not have a GLN attached by writing in a location name and time of visit.
As of release 6.1.0, a user can add a diary entry by following a link that contains the information in a QR code.
This enables third-party developers to add a link into their app or website for their customers to add a diary entry, or for users to enable automation to prompt them to add an entry when they arrive at a place they go regularly.
The format of the link should be: https://tracing.covid19.govt.nz/scan?source=url#data=... This should be followed by the same information contained in a QR code poster, e.g. NZCOVIDTRACER:eyJ0eXAiOiJlbnRyeSIsImdsbiI6IlRlc3QiLCJvcG4iOiJUZXN0IiwiYWRyIjoiVGVzdCIsInZlciI6ImMxOToxIn0=
Like scanning in with a QR code:
- The tag contains the name, address, and GLN of the location.
- No information about where you have scanned in leaves your device.
The diary can be accessed from the "My Data" tab or the top right of the "Record a Visit" tab.
Diary entries with a GLN attached
('scanned entries') can be used to receive contact alerts
and are denoted in the diary with this icon.
Diary entries created manually
with no GLN attached ('written entries') are denoted in the diary with this icon.
As of version 6.1.0, a user can export a file containing the contents of their digital diary
by going to the diary screen, tapping on 'options' and then 'export this diary'.
This exports the diary into a JSON file named in the format YYYY-MM-DD.diary, and
prompts the user to save a file into a secure cloud location.
This file can then be imported on to another device by going to the diary screen, tapping on
'options' and then 'import another diary', and selecting the .diary file to be imported.
A user may create a diary entry from a place they have previously scanned in to by selecting it as the location name when they manually create a diary entry.
A user may also save the location of a scanned entry so that it is preferentially displayed when they manually create a diary entry, and they can still manually add scanned entries with the relevant GLN after the original scan been deleted.
If the user tests positive for COVID-19, they will be called by a contact tracer for a case investigation. As part of this call the user can consent to share a copy of their digital diary with the contact tracer to assist with the case investigation.
If the user consents, the contact tracer gives the user a 6-digit one-time-password (OTP) over the phone. This OTP is entered into the app and any entries from the last 60 days are uploaded.
Digital diary flow
- The user is given a one-time-password (generated by NCTS) over the phone by the contact tracer. This is what links the diary upload to the correct case in the NCTS.
- The user submits the OTP, and the app collects any relevant diary entries and uploads them to the API.
- The API strips any entries that are older than 60 days, and then proxies this request to the NCTS via a REST API.
- The NCTS validates that the OTP is valid, if not an error is returned to the user to try again.
- The diary entries are attached to the Case record in NCTS as Contact Locations, which are then able to be reviewed by the contact tracer as during their case investigation.