Can Apple's HealthKit deliver security?

It's a promise it needs to keep
By Government Health IT Staff
10:07 AM
Tablet and stethoscope

Apple is expected to launch HealthKit on Tuesday along with a new iPhone and a much anticipated wearable device, called iWatch. But while the company is working hard to show that privacy rules for its new health platform offer adequate protections, recent high-profile security breaches call its efforts into question.

The company foreshadowed a forthcoming mobile application and platform that consolidates health data and records tracked by various other health apps into one location. The platform, called HealthKit, and a user-facing app, Health, will be bundled into Apple's iOS8 software, which powers iPhones and iPads.

And Apple has issued restrictions on use of health data — signifying a marked contrast in the common practice of apps and device makers selling or sharing users’ data, often without the consumer’s knowledge. 

“In the latest update to Apple’s iOS developer program license agreement, Apple said developers must ‘not sell an end-user’s health information collected through the HealthKit API to advertising platforms, data brokers or information resellers,’” according to an article in The Financial Times (registration required).

[See also: Apple's new release features Mayo app.]

Developers seeking access to HealthKit's API must agree to rules, including a requirement to link to a privacy policy. The FT reported that HealthKit apps may not use the API or any information obtained through it “for any purpose other than providing health and/or fitness services.”

“Apple faces this increasingly tricky balance of ensuring they are carefully regulating the data developers have access to, with developers’ desire to create ever more innovative apps and services,” Geoff Blaber, an analyst at CCS Insight, said in the Financial Times article. “Apple has always closely controlled what comes through the App Store, far more so than Google.”

[See also: What's in store for Apple's HealthKit?.]

Still, questions remain over whether Apple can actually succeed at achieving stringent security standards. The recent, high-profile security breaches in Apple’s iCloud storage platform, which some have said have been well-known for more  than a year, exhibit Apple’s challenges.

Last week, Apple CEO Tim Cook said the company will take additional steps to keep hackers out of user accounts, but denied that a lax attitude toward security had allowed intruders to post on the Internet naked photos of celebrities.

"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," Cook told The Wall Street Journal Friday. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."

If Apple really delivers on its promise to protect patient data from being shared or sold, that move has the potential to shape the industry and essentially force other app and devices makers to follow suit. But Apple will have to apply just such a commitment to HealthKIt if it is to gain the user community’s full trust.