Can You Trust Apple With Your Health Records?
Toggle Dark Mode
Apple has been building a reputation for taking a very hardline stance to user privacy, and while the company still has its occasional setbacks, particularly in what manages to make it onto the App Store, it also pulls no punches when it comes to ensuring that anything that ends up on its devices puts user privacy first and foremost.
While Apple’s strong ethos on protecting the privacy of its users makes for a great competitive point, it’s also crucially important for the company’s focus in areas such as health records. Apple CEO Tim Cook recently highlighted this in an interview with NPR, noting how it is Apple’s stance on privacy that not only gives users confidence in its Health app, but also ensures that Apple can offer services that hospitals and medical professionals are willing and able to participate in.
Apple first introduced its HealthKit framework back in 2014 with the release of iOS 8, which began simply as a framework for keeping track of health and fitness data. A standalone Health app provided the ability to directly enter and view health information such as heart rate measurements, exercise results, and food intake, but third-party apps could also tie into HealthKit to automatically record this data in a single location. Of course, Apple’s own Apple Watch was the first to take advantage of this, allowing heart rate and workout data to be automatically stored alongside all of a user’s other health info.
Apple quickly expanded this into other areas, such as ResearchKit which allowed users to participate in medical research studies, CareKit which helped users and doctors manage medical treatments, and most recently Health Records, which has revolutionized the ability for patients to access their medical records from a growing list of participating medical institutions.
Handling such sensitive data is no minor challenge, however. Not only does Apple need to ensure that its users are comfortable with having this data stored on their iPhone, but there’s a whole slew of complicated and strict regulations involved when it comes to storing anything even remotely related to personal medical information.
Naturally, Apple has had to address all of these rules when it comes to implementing its HealthKit framework and Health Records features, but since most of this is beyond the understanding of the average end user, it’s ultimately Apple’s reputation as a company that is going to give it the edge when it comes to health features on the iPhone.
In the interview with NPR, Cook pointed to the fact that Apple has completely avoided the data mining practices of many other silicon valley companies, and based on that alone, he says he believes that “People will look at this and feel that they can trust Apple” and that this is key for “anyone that you’re working with on your health.”
The reality is that I know for me, I want to do business with people that have my health data, people that I deeply trust.
Tim Cook
Cook also goes on to say that despite the obvious competitive advantage, Apple’s commitment to privacy is much more than simply a marketing ploy, but is rather about creating trust between the company and its customers.
Apple has put a great deal of effort in creating features for the iPhone and the iOS operating system that put user privacy first by ensuring that all data is processed on the iPhone and not by servers in the cloud, and this goes well beyond its health frameworks. For example, when Apple introduced face and object detection in its Photos app in iOS 10, the company was quick to point out that all of the processing and analysis of users’ photos was done entirely on the iPhone. While users could optionally choose to store and sync their photos via iCloud, this was not required to take advantage of the new photo features, and in fact early versions didn’t transfer any facial recognition data via iCloud at all, simply syncing the photos across devices and relying on each device to perform its own analysis locally.
So naturally this same approach extends to Apple’s Health Records, which are stored securely encrypted on a user’s iPhone and not in the cloud. In fact, this may be one of the main reasons why the Health app has not made an appearance on the iPad or Mac platforms — having health records available on multiple devices would require cloud-based sync, which Apple has clearly chosen to avoid doing to be absolutely certain that all health data is stored as securely as possible.
Nothing is more important than keeping the privacy of our patients’ health information.
Dr. Chris Longhurst, CIO at UC San Diego Health
This approach has also clearly paid off in terms of gaining the confidence and trust of both end users and medical professionals. NPR quotes Dr. Chris Longhurst, Chief Information Officer at UC San Diego Health, as saying that it was Apple’s strong privacy values that allowed his team to feel more comfortable in working with Apple, adding that it’s important to them that data does not go into the cloud, but remains only on users’ devices, “encrypted and only accessible with user permission.”
Unfortunately, while Apple takes every effort to ensure that it’s own HealthKit framework is extremely secure, it has fallen down when it comes to policing the health apps that appear on its App Store — earlier this month, a number of third-party health and fitness apps were discovered to be sharing intensely sensitive personal info with developers and Facebook via the social media company’s analytics tools. Apple took rapid action to address these issues, and even Facebook said that collecting such personal data was against the terms for the use of its tools. Apple was also quick to point out that the apps in question aren’t connected to health records, which require explicit user permission to access. Sadly, however, this is a distinction that could be lost on some users, and could result in an erosion of trust for Apple when it comes to handling medical information.
Dr. Longhurst also adds that his organization still advises patients to exercise caution with these tools, adding that “It is important that patients be informed so that they’re not inadvertently sharing information with third parties they would not want to have this information.” UC San Diego Health and other providers have also indicated that they’re open to working with other companies besides Apple, provided those companies can assure them that patent health records will be kept safe, secure, and private, and definitely not used to feed marketing and advertising engines. At this point, Apple remains one of the few big tech companies that can provide such a guarantee.