Ed Holzwarth, Ariana Stokes

How will Apple HealthKit and Google Fit affect health apps? An illustrated guide

Apple HealthKit, the new health data-sharing platform for iOS 8, is a standard interface for iOS apps and devices to share health data with other iOS apps. Google Fit, the new cloud-based fitness data-sharing platform, provides apps with a standard format for fitness data, along with a central place – the cloud – to store and access the data. Apple iOS 8 HealthKit and Google Fit are both launching this fall, and the health app industry is eager to find out how these platforms will affect the health app ecosystem. What problems do these platforms attempt to solve, and how do the solutions compare?

Problem 1: Lack of Standardized Data

lack-of-standardized-data It’s hard for apps to pass data between each other without a standard system for doing so. Without a standardized format, storage mechanism, and communication interface for sharing health data, apps and devices that wish to pass data between each other must invent their own custom formats and interfaces. All these different systems make it impractical to implement sharing between large numbers of apps and devices.

apple-healthkit

HealthKit, an interface for the iOS apps and devices on a user’s iPhone to pass health data between each other, solves the Standardized Data problem for iOS apps. But the problem still exists for sharing health data outside of iOS, including with applications on the web, Android and even Apple’s own Mac, because HealthKit only works on iOS devices.

google-fit

Google Fit, a cloud-based interface for apps on any Internet-connected platform to pass fitness data between each other, solves the Standardized Data problem for fitness apps – i.e., non-medical apps for diet, exercise, sleep and weight tracking. A Google Fit app can share fitness data with the user’s other Google Fit apps on any platform, including iOS, Android and web, as long as the app is connected to the Internet and signed into a Google account. Google Fit data is stored in the user’s Google account. The catch with Google Fit is that it provides no way to pass medical data, such as blood pressure or blood glucose, between apps and therefore is not suitable for medical applications.

Problem 2: Lack of Universal System for Sharing Between People

healthcare-provider

Users who wish to share data with other people need a way to manage the people with whom they are sharing. Without a universal system (i.e. a system everyone uses) to manage sharing between people, developers of apps that share data with people must choose from hundreds of options for systems that manage sharing between people, each with various pros and cons, or they must invent their own custom system. All these different systems make it impractical to implement sharing between large numbers of people.

google-fit-apple-healthkit-connect-apps

Neither HealthKit nor Google Fit provides a system for sharing between people – both are designed for a single user to share data between his or her own apps. Apple and Google have left the problem of Sharing Between People for others to solve. Despite a few mistaken reports to the contrary, HealthKit itself is not connected to iCloud or any other cloud service. In fact, Apple warned developers in iOS 8 review guidelines that “apps using the HealthKit framework that store users’ health information in iCloud will be rejected.” The standard iOS device backup system, which allows users to back up their device to iTunes or iCloud, will allow users to backup their HealthKit health data. But HealthKit data will not sync across iOS devices or be accessible from anywhere other than an iOS device – unless, of course, someone creates an app for that, which undoubtedly many will. For example, Epic Systems and Mayo Clinic have said they will use HealthKit to enable patients of the Mayo Clinic to share their health data stored in HealthKit with their doctor via the Epic MyChart app. Similarly, eClinicalWorks recently announced plans to connect its Healow app to HealthKit. Startups such as Pattern Health Technologies, whose apps enable users with chronic health conditions to track and share health data such as blood pressure and blood glucose, plan to integrate with HealthKit, expanding the apps’ interoperability with tracking devices and health data-sharing platforms. (Note: Little Green Software is an investor in Pattern Health Technologies). Google Fit does store the user’s fitness data in the cloud and will allow developers to easily create apps that sync data across the user’s own devices, as long as the data is non-medical. However, Google Fit provides no way for users to share health data with other people – Sharing Between People is left up to app developers just as it is with HealthKit. HealthKit and Google Fit are both designed for a user who is collecting his or her own health and fitness data – neither system is designed for use by a clinician, coach or care provider who wants to record data on behalf of someone else. As evidence of this, HealthKit assumes that any data collected on a device is associated with one user. This is a very reasonable assumption for most phones, but more than one person often shares tablets, and indeed HealthKit is not yet supported on iPad. Similarly, Google Fit data is assumed to belong to the device owner signed in to his or her Google account.

Problem 3: Too Many Apps

blood-pressure-monitor

The idea that “there’s an app for that” used to be cool, but does each health device really need its own app? For example Omron, iHealth and Withings blood pressure monitors each require their users to use the devices’ own apps to record a blood pressure reading. Users may prefer to see their device data in a different app, but for this to be possible, devices must agree to use the same Standardized Data. In the case of wireless health devices, an excellent standard has existed since 2011: Bluetooth Smart, or Bluetooth Low Energy, or Bluetooth 4.0, a technology that comes with Android and iOS smartphones since 2012. Any app can connect with devices that adhere to Bluetooth Smart Profiles. Unfortunately, health tracking device makers have been slow to adopt the Bluetooth Smart standards. (Omron, iHealth and Withings each use proprietary Bluetooth profiles, and thus require their own app.) A list of devices, including blood pressure monitors, that do adhere to Bluetooth Smart standards, is available on the Bluetooth website.

google-fit-bluetooth-smart-app

On Android, Bluetooth Smart devices connect to a user’s Android phone through an Android app. If the app saves the device’s data to Google Fit, that data can then be shared with other apps that integrate with Google Fit. There is no way for a Bluetooth Smart device to save data directly into Google Fit without going through an app.

apple-healthkit-bluetooth-smart

Apple HealthKit goes a step further by allowing Bluetooth Smart devices to connect directly to the iOS platform without an app. iOS 8 has built-in accessory support for the following Bluetooth Smart devices:

  • heart rate
  • blood glucose
  • blood pressure
  • health thermometer

Once a user connects one of these health accessories to HealthKit, a HealthKit-connected app given user permission can read data from the device through HealthKit. This is helpful for both health device makers and app developers. Health device makers no longer need to also develop an app – as long as their device conforms to Bluetooth Smart device protocols, their app will be compatible with apps that use HealthKit. Health app developers no longer need to worry about Bluetooth Smart communication with devices – HealthKit handles that – they can read data from Bluetooth Smart devices by reading data from HealthKit.

Problem 4: Privacy and Security

hipaa

It’s prudent to understand how the personal data stored with HealthKit and Google Fit is kept secure, shared only with the people intended to see it. Apple’s terms of service for HealthKit state that:

  • Apps may not use users’ health data for advertising. The only approved uses are improving health, medical, and fitness management, or for the purpose of medical research.
  • Apps may not share users’ health data with third parties without user consent.
  • Apps using HealthKit must provide a privacy policy
  • Apps that provide diagnoses, treatment advice, or control hardware designed to diagnose or treat medical conditions must provide written regulatory (e.g. FDA) approval upon request.

Apple provides iOS developers with a complete set of tools to keep data on its devices safe and secure, as does Android, but neither Apple nor Google enforce that developers use the tools. Fitness data stored in Google Fit, and any data Google stores, is subject to Google Privacy and Security Policies. Security auditing tools are available from HIMSS and HealthIT.gov to assist app developers in complying with data security regulations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and other best practices. There is a long list of software security standards and certifications, such as FISMA, ISO 27001, and SSAE 16, that developers can follow to ensure good security, and which require a third party auditor to verify compliance. However, few users are familiar with these standards, and it’s rare for mobile health apps to advertise compliance with these standards. A universal standard for mobile health app security could emerge in the future if either Apple or Google decides to require developers to follow a particular standard. Until then, users may find assurance in knowing that apps that share data with US health care providers are typically required by the provider to provide proof of HIPAA-compliant security and to sign a Business Associates Agreement (BAA), such as the sample BAA provided by the US Department of Health & Human Services, which makes the developer “directly liable under the HIPAA Rules and subject to civil and, in some cases, criminal penalties for making uses and disclosures of protected health information that are not authorized by its contract or required by law.” A business associate is also “directly liable and subject to civil penalties for failing to safeguard electronic protected health information in accordance with the HIPAA Security Rule.”

Why do HealthKit and Google Fit matter?

By providing a standardized format and storage mechanism for health data, HealthKit and Google Fit will facilitate development of apps and devices that can share health data between each other. In turn, users can look forward to switching between apps without having to worry about migrating their data. And even though neither HealthKit nor Google Fit provides a way to share data with other people, other apps do, and so when those apps connect with these platforms, it will allow users to share their health data with other people, including health care providers. Health data is valuable; a McKinsey report estimates the data-related value of health care apps at more than $300 billion in the US alone. Google Fit and Apple’s HealthKit are enabling tools that will help individuals and healthcare providers capture that opportunity. Granted, Apple and Google aren’t just in it for their health – they stand to gain a lot through device, app and services sales. Whether the investment pays off in improved health outcomes is a question many researchers are studying. Beyond the dollar value of data and wow-factor of new technology, it is worth remembering the whole reason health data is valuable is that it’s important to us to improve our health – for our loved ones, our communities and ourselves.

Infographic

Apple HealthKit vs Google Fit Infographic

PDF version of the Apple HealthKit vs Google Fit Infographic