Health Records on Your iPhone — Is it Safe?

Apple’s just announced that their Health Records feature, which has been scaling up rapidly in the U.S., is now coming to Canada and the U.K. as well.

I had the chance to chat briefly with Kevin Lynch, yes, that Kevin Lynch, Apple’s VP of software about it, and just had to interrupt my previously scheduled programming and make this quick video sharing some thoughts. Because I love tech and I especially love tech that connects us and makes our lives better. And that’s exactly what Health Records does.

Ok, so. Pause. Rewind. Play. Years ago, while working on the Apple Watch, even early on, Apple realized they’d be generating a tremendous amount of health data, so they created the Health app to store it and HealthKit as a way for it to work with other apps, accessories, and systems.

It’s all private and secure, encrypted on-device, and if you back it up, it’s encrypted in transit and at-rest, basically zero-knowledge and fail-secure in exactly the way you want your personal, private health data to be handled.

But, more recently, Apple also realized that they could use that privacy and security to actually help with the convenience and experience of accessing health records as well.

That’s thanks to to the standardized APIs, application programing interfaces, called FHIR — F H I R or Fast Healthcare Interoperability Resources, which supports data types like allergies, conditions, immunizations, lab results, medications, procedures, and vitals.

Just like in the U.S., it’s starting with a handful of early adopters, but in the U.S. they’ve already scaled to the hundreds and it’s not hard, like at all, to see the same happening in Canada and other places.

A healthcare center just has to go to Apple’s portal and sign up, and obviously their IT, their information technology department has to make sure their system is supplying the FHIR data, and just work everything out with Apple, but then it’s seamless.

Apple doesn’t intermediate any of the data. You go to the Health app, search for your provider, connect using OAuth 2.0, which is the web standard, it’s what you use to sign into Twitter and Insta and for Sign in with Apple, just everything, and that lets you sign in once and get a secure token that keeps you logged in, and then it’s entirely between you and your healthcare center. The data goes from their records to your iPhone, point final.

And once you’re connected, if any additional healthcare data about you gets added, new test results, anything, that goes securely to from the center to your Health app as well, and you get a local notification. Again, Apple’s just completely out of the loop.

That makes it easier for the healthcare center to get you your data and easier for you to access it. So it’s just a win/win for everyone. But even more for you…

Apple’s Health App also lets you connect to multiple healthcare data sets, so if you’ve got old data from where you used to live and the medical center you used to go to, or if you’re currently going to multiple places for general and speciality work, you can see all of it in a way that’s just not possible through the individual health portals. So, like… Super win.

Apple also put a lot of work into the interface. They don’t show medical imaging, so you won’t see your x-rays or anything like that, but they do take the raw FHIR data and parse it and presented it in a way that’s easy for someone like you and me, someone who doesn’t work in a medical lab, to understand. And that includes things like using more common, human-friendly labels for the data. Though, if you’re more medically minded, you can tap into results and see clinical terms, even the raw FHIR labels for everything.

And I love that, I just love interface complexity scaled by depth of engagement. It makes things super accessible to everyone but also keeps the deeper details available for the people who really want to dig into them.

Balancing privacy with convenience, security with functionality is always tricky, and Apple is definitely keeping more towards the privacy and security side with Health data.

For example, usually you can just consent to sharing Health data with an app or accessory, like your steps or whatever, and once that connection is made, it just persists.

With Health data, though, you can still make that connection, but you can also choose whether you want new data shared automatically or on a case-by-case basis if and when you choose to. So, for example, if a new lab result comes in, you can choose to have to authorize that being shared every time. Which is terrific, because inform and consent all the things.

Especially right now where, depending on where you live and what your current circumstances are, it might be difficult to go to public places, especially medical centers, especially if all you need is data, and being able to get that data, that information, at home, anywhere, without having to expose yourself when it’s not absolutely necessary, is just an incredible benefit if not outright relief.

And, I like to think, information is just always empowering. Especially health information, especially in conjunction with your health care professionals.

And that’s why it’s just so great to see this rolling out in Canada now with hopefully many more Canadian healthcare centers to come.