4:00 – 4:05 p.m. – Announcements (5 minutes)

No announcements this week!


4:05 – 4:30 – CovIdentify Updates Jessilyn Dunn, Ryan Shaw (15 minutes presentation, 10 minutes discussion)


What it is: A Duke research study – CovIdentify – explores how data collected by smartphones and smartwatches could help determine whether device users have COVID-19. The study asks participants to answer 2-3 questions each day on symptoms and social distancing via an iOS app, SMS, or e-mail for up to 12 months while donating smartphone and smartwatch data.


Why it's relevant: The question of whether wearable devices and smartphones can aid in managing and predicting health outcomes is prevalent now and even before COVID-19. Other Duke projects, like WearDuke, ask it too. This study hopes to help get the early detection of COVID-19. 


Jessilyn Dunn introduces Covidentiify, a project to determine how digital biomarkers can detect COVID-19. Data collected from digital smartwatches including heart rate, sleep monitoring, skin temperature, skin conductance, accelerometry, and location are used to algorithmically determine the onset of illness. The project has been to collect data to create these algorithms.


Changes associated with infection and inflammation include a decrease in sleep regularity, heart rate variability and physical activity, and an increase in resting heart rate and temperature.


Covidentify sought to answer two questions:

1. Who should be quarantined and/or tested and when? An intelligent testing strategy was needed.

2. Who will need specialized care and resources and when?

At beginning of the pandemic, for example, there were not enough ventilators nor tests; so the overarching question was how to allocate resources to save as many lives as possible.


Digital biomarkers were developed for the following:

1.​Susceptibility to infection

2.​Susceptibility to the current Covid-19 infection

3.​Pre-symptomatic/early signs of infection

4.​Level of contagiousness

5.​Differentiation of COVID-19 from flu and the common cold

6.​Illness trajectories


Ryan Shaw, then, spoke about the design of Covidentify. Data was collected either by a symptom survey (not everyone owns a wearable device) or by daily wearable tracking (monitoring activity, sleep, heart rate, SpO2.) Languages included English, Spanish, Mandarin, Korean, Hindi, German, French, and Polish. Ryan showed what the app looks like and how it pulls from Apple health kits. While a diverse population joined the Covidentify project, disproportionately white women followed through resulting in a biased outcome; marketing shifted to focus on unrepresented groups for gender, race, ethnicity, etc. Since those who have wearables were not the needed target, the Covidentify team took another approach and got funding and a discount from Garmin and distributed wearables to underserved markets; sites in Durham and North Carolina, including places where people could go to get COVID-19 testing, diabetes medicines, and food. Partnerships were also created with these Latin19 groups, African American groups, and others that engaged underserved communities.


Jessilyn Dunn outlined the data flow which originates from the website, Garmin, Fitbit, or Redcap and is collected in Microsoft Azure for manipulation. A separate system pulls in Garmin and Fitbit detailed data which is brought in through Prompt. Once the survey data and wearable data were brought into the Azure environment, Ids had to be created for data matching. Scripts are now up and running for sleep and activity biomarkers in Microsoft Azure; results show a decrease in activity and increase in sleep before testing positive for COVID-19.


Ongoing and Future work includes:


1.​Clinical validation

1.​Use Duke EHRs (Electronic Health Records); working on IRB in place.

2.​Partnerships with Duke’s MESSI (Molecular and Epidemiological Study of Suspected Infection) project to test as a screening tool for COVID-19 or flu in family members and caregivers of people who are infected. Do not want to be blinded by another pandemic.

2.​Deployment in high-density housing settings for flu and COVID-19 detection

1.​Nursing homes

2.​College dormitories

3.​Military barracks and ships


Q. David MacAlpine – In looking at the time scale, it looks like there was a considerable lag, more than a month out, where the data shows individuals starting to sleep more before testing positive. Were they in a weakened state or did they have it a while and did not get tested?

A. Jessilyn – the latter; at least 2 weeks before the diagnosis, a decrease in physical steps per day was seen, for example, we do have some exposure questions that will help us better answer this question.


Q. John Board – Do Apple watches give better data than Fitbits?

A. Jessily - Apple watches perform better on heart rate estimation, but Covidentify looked at variances within an individual’s data so it does not matter; also, only 6 devices were measured head-to-head and new devices are always coming out so it’s hard to say.


Q. Kris Hamilton – How was your experience with Azure in Microsoft Team? 

A. Jessilyn – It’s been a challenge; not because of lack of support on Microsoft’s end but because we had a lot of balls in the air; if we had more runway to plan this, it would have been better. Charley and others have been helping students, but the Azure data stores are very different than clusters we were used to; Microsoft pushes toward the best solution, and optimizing every component made this harder.




4:30 – 4:55 – Media Trust Project David Hoffman, Richard Biever (15-minute presentation, 10-minute discussion)


What it is: A research team from the Technology Policy Lab at the Sanford School of Public Policy and the Office of Information Technology are collaborating on a project with The Media Trust, a cybersecurity company, to analyze the amounts and types of third-party content delivered to synthetic profiles created to look like Duke faculty and students. This third-party content includes ads, analytics, social widgets, and more.


Why it’s relevant: Third-party code served over internet websites can create substantial cybersecurity risks. The research results seek to identify the prevalence and any associated patterns in the delivery of this third-party content, which may demonstrate a need for public policy mechanisms to address the risks.


The presentation started with David Hoffman by giving an overview of the work being done by OIT and in collaboration with the Sanford school. The project is called the Privacy and Democracy Third Party Code Scanning. The project aims to look at the implications of access to large amounts of personal data about people that might be used by foreign governments to destabilize democracies. The main talking point of this presentation was to talk about one data set that the group is examining which is third-party code scanning. As David Hoffman put it, “The overall thing that we're trying to look to is an idea that once third party code gets on people's machines that can be used to siphon off quite a bit of data and use it to profile individuals and then potentially impact voting behavior or attention to disinformation and misinformation online. 


Q: Tracy asked for some clarification as to what third-party code is?

A: Third-party code is not just advertising you see on websites. Many services pre-create several spaces on their website where they allow third-party services to serve code. For example, the Facebook like button. Or it can be an area where they are allowing somebody else to serve content out of that space on the page. The most prominent use of it is advertising and then how the online advertising networks then allow entities to quickly be able to populate that space with their code. 


Richard Biever chimed in and mentioned that there are two aspects to this. One is privacy and the other is the security piece. This is more prevalent during covid times. One-way attackers have decided that one of the ways that they can target people is through the browser by injecting either ads or privacy stealing or malicious code into the websites that we commonly visit. 


Kenneth Rogerson also chimed in and said that the main scope is to see what is happening and then how to apply that to Duke. 


The presentation continued with Richard talking about how the integration with the media trust works and how it ties with STINGAR. The interesting thing about this software is that you can configure profiles. For example, a duke student or duke faculty profile. This profile goes out to the internet and visits websites as a normal user would. But while the profile is out visiting websites it is also collecting for the reactions coming back in which turns into useful information. In a sense, it's acting as a proxy for what a normal user would do from the duke network reaching out. STINGAR is looking at probes and attacks from the outside coming in and attempting to categorize those. When looking at the data with the data trust team, they started looking at applications of it, said Richard. One application of it can be how to incorporate it into our DNS system and block hosts if they appear malicious. Another application of the data is to think about how to integrate it with the end protection tools like crowdstrike to help users not to visit malicious sites or parts of sites that might be malicious. This data can also be used to enrich what’s happening on the network through the intrusion detection pieces. The last thing that Richard mentioned is that the team installed the software of raspberry pis and then set up the device on some of the team member households. What this did is that it showed many differences in the data collected from the consumer experience vs the duke network experience. All this is interesting stuff said, Richard. 


Q: Keith Stouder asked, any add-ons or extension tools in the browser will curtail the data that’s being collected and how it’s being used? 

A: are you saying that it would get in the way of us collecting the data? Are you saying that the threats that we might be seeing as the third-party code wouldn’t be happening for the normal end users because they will be deploying other tools to stop it?

Keith answered with the latter, so maybe you block or any of the extensions that limit data capture from the browser and if that is part of the project or if that’s being considered and the efficacy of it. 

David said, not many people run those extensions but even, so it doesn’t make the data set less powerful for my purposes from a policy perspective. The second piece to this is that many of these tools allow this type of code which in turn collects a lot of data that are outside of the browser controls. 


Q: Keith asked, did you find that there were browsers that were more susceptible to the added code versus others?

A: From my understanding and from based on the data we have seen is that all browsers are susceptible to this. There are talks about making some modifications where that may not be the case. There is a lot of change that’s happening in the online advertising industry and how the browsers are going to do this. The assumption is that this code is trusted because it's coming from the domain that is supposed to be trusted. 


David continued to talk about what they have found in the past 7 months since the program started. David showed a slide of the different undesired code categories the data contains from coronavirus scams, browser add-on/plugins, heuristics, phishing attacks, fake software downloads, and impressions/click fraud. David also talked about abandoned domains that get bought to which then malicious code is injected. 


Ken Rogerson said, Duke does a good job at blocking and teaching us about a lot of what we call malicious things out there, and this project is another level where we are learning more so what we can help more. 





Q: MIT has a project called solid led by Tim Berners-Lee tries to control over user data back to the users themselves, which would fundamentally change the digital ad landscape, do you think that's ever going to gain traction given the dominance of the big platforms?

A: David said no. I wish it would. I think Tim's idea is good. I think the dominance of the platforms would make this very hard for it to be successful.


Richard said that he sees this going two ways. One aspect is the policy piece regarding what is the right level of regulation, who is being regulated and how are they being regulated. The data itself can drive policy change by pointing out the scope of the problem. On the other side what this shows is the efficacy or the need for, what can be called “user control”. But perhaps something at the browser level or the machine level that is helping the end-user to do the filtering or to protect them from situations like this.


To conclude the presentation, David said that he believes that there will have to be some obligations on the websites themselves and the ad networks to have to run tools to filter for some of these threats. 


4:55 – 5:20 – Duke Health Technology Solutions (DHTS) Organizational Updates ShamylaLando, Kris Hamilton (15-minute presentation, 10-minute discussion)


What it is: Changes to the organizational structure of DHTS will advance the missions across Duke Health and collaboratively engage the entire Duke Health community.


Why it's relevant: This presentation will provide updates to the Duke Health organizational structure, strategic themes, and the collaborations across Duke University and beyond. Since the Schools of Medicine and Nursing receive much of their ongoing support through DHTS, such organizational changes impact those schools directly, and others indirectly when faculty from other schools collaborate with Medicine and Nursing faculty.


Shayla Lando, Chief Technology Officer, and Kris Hamilton, Director, Architecture Design & Solutions Engineering speak about changes that are being undertaken for Duke Health technology solutions.


The health care landscape is changing so 5 major themes are being addressed:

1.​Data-driven service delivery

2.​Network modernization


4.​Defense-in-depth security

5.​Application modernization

While examining these themes, the goal is to include transparency, engagement, collaboration, and a structured framework for execution.


An important question is: How to be a more service-based organization? This includes when to deliver service, the metrics around service, how to connect to the customer, and what is the right portfolio for the customer. The goal is to shift to become a service-based organization.


4 functional areas:

1.​Advise and engage – customer council.

2.​Plan – architectural discipline – engage at the design stage.

3.​Build – quality service delivery - enterprise building block services.

4.​Service excellence – seamless experience – make sure customer has the right set of services; there is a middle path between good process and efficiency.


On the horizon:

1. cloud platform team – Mick Digrazia;

2. enterprise BBS (building block services); cloud service offerings (storage as service, container as service, etc.)

3. Cloud center of excellence

4. Grant Platform as service, analytics platform as service, Ansible; cloud service has built-in benefits such as high availability.


Shamyla introduces Kris Hamilton, director of architecture design, to talk about cloud strategy (including Microsoft Azure and AWS) which is also application strategy. Kris says Duke Health is strengthening its cloud postures. Examples include RADx-UP and a grant platform, GPaaS. Duke Health partnered with Microsoft to win a grant and set out to build a cloud with stringent security, but this stifled developers who could no longer do quickly to market. So, Duke Health switched to a native imprint to open ecosystems and moved to Microsoft Azure. Another goal is to align closer to the research communities.


Q. David MacAlpine – I like the goal of delivering world-class service but who is the customer? David feels his research lab is not the primary customer. 

1.​Kris – We want to be customer-focused. Kris worked for DCRI previously. The goal is to be a partner; you can be a voice and stakeholder going forward. We want your voice.

2.​Shamyla - has instructed the team to reach out to the research community. We want to figure out what is the right way and the right services to deliver. 

Q. Tracy – how do you make sure there is a collaboration between the health systems and campus?

1.​Shamyla – There is some collaboration on forums but there is more work to do. Mary McKee is speaking with Duke Health on identity management.

Tracy - 

1.​Yes, this is something we must work on although we have a common network; we are looking for forklift upgrades but often it is the unanticipated use cases that tangle us up.

2.​Shamyla – We are looking at what is the current service portfolio and who is the customer for each offering and what is the catalog maturity level as well. We want the right services in the catalog, but it is a long journey.

3.​Kris Hamilton – was a researcher in the past life and is hoping to partner with researchers to the degree that it is fruitful.

4.​John Board – This is good for parts of the research base but there are parts of the infrastructure whereby the time you nail it down, it has already moved on. Well cataloged pegs do not always fit the current holes.

5.​Shamyla – agrees that they are always snowflakes on the research side.



5:20 - 5:30 p.m. – Common Solutions Group Tracy Futhey, John Board, Charley Kneifel, Mark McCahill (10 minutes)


What it is: The Common Solutions Group (CSG) works by inviting a small set of research universities to participate regularly in meetings and project work. These universities are the CSG members; they are characterized by strategic technical vision, strong leadership, and the ability and willingness to adopt common solutions on their campuses.


Why it’s relevant: CSG meetings comprise leading technical and senior administrative staff from its members, and they are organized to encourage detailed, interactive discussions of strategic technical and policy issues affecting research-university IT across time. We would like to share our experiences from the most recent meeting this month.


John Board mentioned that one of the discussions centered around the consolidation of departments/teams. 


Another topic of discussion was when things go back to “normal” what things will stick and what things we have learned to do during COVID that will remain with us. One of those things is working from home and the questions surrounding that are how do we work from home? What does the workday look like? And questions of the matter. John said that several schools and including Duke think the IT organizations are being looked upon to kind of prototype and model different ways that might apply to larger areas and the campus as well for what is the breakdown between people coming to an office 9-5. As well as what it looks like hiring people outside of the Triangle that works from home and people that want to do a hybrid work approach. So far there hasn’t been a consensus about this topic said, John. 


Hybrid teaching and teaching online and in-person were recognized. Many people have concerns with the difficulty of addressing hybrid (online+in person) aspect of it. One thing John noted is that people talked about preserving elements of that going forward because it gives flexibility, but that flexibility comes at a cost since both modes suffer somewhat. 


Mark mentioned desktop support at a distance. Conversations centered around how to support people without doing 1-1 on person support. there was also a product called beyond trust that

faculty would initiate a support request to get virtual 1-1 support.


Charley talked enjoying the discussion centered around diversity, having a diverse population, and what is the best way to think about engagement in the hiring process. Some takeaways there were about the unknowing bias that people bring to the hiring process. One way to and regarding the best way to realign one's thoughts on how to give people opportunities in ways that they hadn’t had before.


The last part of the discussion was centered around data capture at duke at the beginning of the covid pandemic and the sole purpose of the data to be used during the pandemic. Questions were then brought up regarding the retention of this data and how some universities wanted to use the data for research purposes. The discussion then transitioned into the nefarious acts that some entities might engage in if the data gets in the wrong hands. One example that was brought up was the marriage pact questionnaire that some students engaged in, some of whom may have believed it was a sanctioned project by Duke, whereas it was really a 3rd party completely unconnected to Duke.