Does Apple Have Access To Healthkit Data?

Protecting access to user'due south wellness information

HealthKit provides a central repository for wellness and fettle information on iPhone and Apple Lookout. HealthKit also works directly with health and fitness devices, such every bit compatible Bluetooth Low Energy (BLE) heart charge per unit monitors and the motility coprocessor built into many iOS devices. All HealthKit interaction with health and fitness apps, healthcare institutions, and health and fitness devices require permission of the user. This data is stored in the Information Protection form Protected Unless Open. Access to the data is relinquished 10 minutes after the device locks, and data becomes attainable the next time user enters their passcode or uses Face ID or Touch ID to unlock the device.

Collecting and storing health and fitness data

HealthKit too collects and stores management data, such equally admission permissions for apps, names of devices connected to HealthKit, and scheduling information used to launch apps when new data is available. This data is stored in the Data Protection class Protected Until First User Authentication. Temporary journal files shop wellness records that are generated when the device is locked, such as when the user is exercising. These are stored in the Data Protection class Protected Unless Open. When the device is unlocked, the temporary periodical files are imported into the primary wellness databases, then deleted when the merge is completed.

Health data can be stored in iCloud. Terminate-to-terminate encryption for Health data requires iOS 12 or later and two-factor authentication. Otherwise, the user'south data is still encrypted in storage and manual but isn't encrypted end-to-end. Afterward the user turns on 2-gene authentication and updates to iOS 12 or later, the user'due south health data is migrated to end-to-terminate encryption.

If the user backs upwardly their device using the Finder (macOS 10.15 or later) or iTunes (in macOS ten.fourteen or earlier), wellness data is stored only if the backup is encrypted.

Clinical health records

Users can sign in to supported wellness systems within the Health app to obtain a copy of their clinical health records. When connecting a user to a health system, the user authenticates using OAuth 2 client credentials. After connecting, clinical health tape data is downloaded directly from the health institution using a TLS 1.three protected connection. Once downloaded, clinical health records are securely stored alongside other health information.

Wellness information integrity

Data stored in the database includes metadata to track the provenance of each information record. This metadata includes an app identifier that identifies which app stored the record. Additionally, an optional metadata item tin can contain a digitally signed re-create of the record. This is intended to provide data integrity for records generated by a trusted device. The format used for the digital signature is the Cryptographic Message Syntax (CMS) specified in RFC 5652.

Health data access by third-party apps

Access to the HealthKit API is controlled with entitlements, and apps must adapt to restrictions nearly how the data is used. For example, apps aren't allowed to utilise health data for advertising. Apps are likewise required to provide users with a privacy policy that details its utilise of health information.

Access to health data by apps is controlled by the user'south Privacy settings. Users are asked to grant admission when apps request access to health data, like to Contacts, Photos, and other iOS data sources. However, with health data, apps are granted carve up admission for reading and writing data, equally well as separate access for each type of health data. Users can view, and revoke, permissions they've granted for accessing wellness information under Settings > Wellness > Data Access & Devices.

If granted permission to write data, apps tin too read the data they write. If granted permission to read data, apps can read data written by all sources. Even so, apps tin can't make up one's mind access granted to other apps. In addition, apps can't conclusively tell whether they've been granted read access to health data. When an app doesn't accept read access, all queries render no data—the same response that an empty database would return. This is designed to prevent apps from inferring the user's wellness condition by learning which types of data the user is tracking.

Medical ID for users

The Wellness app gives users the option of filling out a Medical ID grade with data that could be of import during a medical emergency. The information is entered or updated manually and isn't synced with the information in the health databases.

The Medical ID data is viewed by tapping the Emergency button on the Lock Screen. The information is stored on the device using the Data Protection class No Protection so that it's accessible without having to enter the device passcode. Medical ID is an optional characteristic that lets users make up one's mind how to rest both condom and privacy concerns. This data is backed up in iCloud Backup in iOS xiii or earlier. In iOS 14, Medical ID is synced betwixt devices using CloudKit and has the aforementioned encryption characteristics as the remainder of health information.

Health sharing

In iOS xv, the Health app gives users the option sharing their Health data with other users. Wellness data is shared between the ii users using cease-to-finish iCloud encryption, and Apple can't admission data that is sent through Health sharing. To use the feature, both the sending and receiving users must be running iOS fifteen or later and have two-gene authentication enabled.

Users can also cull to share their Health data with their healthcare provider using the Share with Provider feature in the Wellness app. Data shared using this feature is made bachelor only to the wellness institutions selected by the user using cease-to-end encryption, and Apple doesn't maintain or accept access to the encryption keys to decrypt, view, or otherwise access the Wellness data shared through the Share with Provider feature. Further details about how the design of this service protects users' Wellness information can be establish in the Security and Privacy section of the Apple Registration Guide for Healthcare Organizations.