knowledge | 9 January 2015 |
Apple HealthKit - The Rise of the Mobile Health App and its Data Protection Implications
With the launch of iOS 8 Apple included a new developer framework called HealthKit. The premise of HealthKit is simple: an operating system wide structure which health and fitness apps can use to share data. As part of a suite of new APIs and frameworks, Apple is seeking, through HealthKit, to place itself at the heart of the ecosystem of the increasingly popular health and fitness app market.
To the consumer the most obvious manifestation of the new framework is the Health app, which provides a user with access to aggregated health related data from an iPhone’s own internal sensors and any apps that have implemented the framework. To developers the HealthKit framework promises a simple and easy way to allow their apps to connect with other apps, and therefore sources of health data, to provide a richer experience for users. The apps that will use HealthKit range from the common running and sleep tracking fitness apps, to apps being developed for use in a clinical setting in relation to specific disease management.
The HealthKit Framework and Sensitive Personal Data
- apps may not use end-user data gathered from HealthKit for advertising or other use-based data mining purposes other than improving health, medical, and fitness management, or for the purpose of medical research;
- apps may not share end-user data acquired via HealthKit with third parties without end-user consent, and such data may only be shared with third parties to enable them to provide health and/or fitness services; With the launch of iOS 8 Apple included a new developer framework called HealthKit. The premise of HealthKit is simple: an operating system wide structure which health and fitness apps can use to share data. As part of a suite of new APIs and frameworks, Apple is seeking, through HealthKit, to place itself at the heart of the ecosystem of the increasingly popular health and fitness app market. Apple HealthKit - The Rise of the Mobile Health App and its Data Protection Implications
- apps using the HealthKit framework must indicate integration with the Health app in their marketing text and must clearly identify the HealthKit functionality in the app’s user interface; and
Sensitive Personal Data and Privacy Policies
- details about the company that owns the app and will act as data controller (eg name, address and contact details);
- the types of data that will be gathered by the app (eg pulse, sleep patterns, blood pressure etc) and how it is collected;
- how the app will use the personal data that it collects and details of any third parties that it may share it with, keeping in mind the restrictions put in place by Apple that are described above; and
- whether personal data will be stored or transferred outside of the EEA.
- Details of end-users’ right to be given access to their personal data, and to have any inaccuracies corrected, under the relevant implementation of the EU Data Protection Directive 95/46/EC.
This briefing is for general guidance only and should not be regarded as a substitute for professional advice. Such advice should always be taken before acting on any of the matters discussed.