A bit hard to catch up, if the purpose is great, we have to keep in mind that these data could be gold for some companies and are a heavy risk for the people - imagine a social security number is used to impersonate you, or falsly identify someone to accuse this person of contaminating people, that could lead to a lot of damages.
- which data are really needed for the purpose?
- how to avoid direct / easy identification of the persons? (no use of medical ID or security social number)
- how to protect the database (segregation of data, security measures)
A possibility is to gather anonymized data for the researchs (age range, heart rate, temperature, with how many people do I live…), and that personal data are stored in local by the concerned person (like identification, exact age, GPS tracking, identity of people I met), which could be useful in specific cases (inform quickly potential exposed persons of a contamination).