About the privacy and security of your health records
Learn how Apple protects your privacy when you use Health Records to download your data from your healthcare organizations.
Health Records on iPhone allows you to securely download your health records from participating healthcare organizations. This is distinct from health data such as movement activity, weight, or heart rate, that is recorded to your device by third-party apps. Your health records data is downloaded over an encrypted connection directly from the healthcare organization to the Health app on your iPhone. The data does not traverse Apple’s network during this download. After health records have been downloaded to your phone, your data is encrypted in your device’s HealthKit database.
Your HealthKit data, including your health records, remains under your complete control. You can choose to use iCloud to keep your data up to date across your devices, choose to share your data with a third-party app, choose to share your data with Apple under the Improve Health Records program, or choose to back up your data to an iTunes encrypted backup on your computer.
Keeping data up to date across devices using iCloud
By default, iCloud automatically keeps your Health app data, including health records, up to date across your devices. To disable this feature, open iCloud settings and turn off Health. iCloud protects your health records data by encrypting it both in storage and during transmission. If you're using iOS 12 or later and have turned on two-factor authentication for your Apple ID, health records are encrypted using end-to-end encryption through iCloud. This means only you can access this information, and only on devices where you’re signed in to iCloud. No one else, not even Apple, can access end-to-end encrypted information. Learn more about iCloud security and Apple ID privacy.
Sharing data with a third-party app
You may choose to share your health records data with third-party apps you trust. When providing consent, you can decide which data from your health records is shared with the third-party app. You can also decide if new records are automatically shared with the third-party app or if the app must ask each time before accessing new records. By default, the app must ask each time.
Apps that access any data from the Health app through HealthKit, including health records data, are required to have a privacy policy, so be sure to review these policies before providing apps with access to your health and fitness data.
When you choose to share health records data with a third-party app on your device, the data is sent directly from HealthKit to the third-party app—it is not sent to Apple.
Sharing data with Apple through the Improve Health Records feature
You may choose to share certain information from your health records with Apple in order to help Apple develop, improve, and understand the Health Records feature. Your data will not be used for any other purpose. The information provided to Apple could include information in your health records, such as your conditions, medications, vitals, and procedures. Before your information is sent to Apple, it is processed locally on your device to remove data that may personally identify you, such as your name or phone number. While the process is intended to remove all information that may personally identify you, it is possible that Apple may receive identifiable information. If any personally identifiable information is found, it will be promptly deleted.
All information sent to Apple is encrypted while in transit as well as at rest. You can view the data sent to Apple within the last two weeks: In the Health app, go to Health Records > Options > Analytics Data. You can stop sharing this information at any time: In Settings, go to Privacy > Analytics and turn off Improve Health Records.
Information received by Apple is treated in accordance with Apple’s Privacy Policy, which can be found at www.apple.com/privacy.
Backing up health records data
You can use iCloud to store your Health data, including health records, using end-to-end encryption (requires iOS 12 or later and two-factor authentication). Health and health records data is also included in local iTunes backups, if you’ve configured your iTunes backups to be encrypted.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.