Apple wants to put your medical history in the palm of your hand. And, for good measure, on your wrist as well.
The tech giant confirmed Wednesday that it intends to allow customers access to their medical records via iPhones and Apple Watches on iOS 11.3 beta. But like with so many things in the world of highly personal data, putting medical information on a digitally connected device is not without risk — and how it all shakes out could have a huge impact on the lives of millions.
According to CNBC, which broke the story, the new feature will be folded into the Apple Health app. After a health provider is added to the app, the “user taps to connect to Apple’s software system.”
Does that mean this information passes through Apple’s servers before hitting your iPhone, or does it come directly from the provider itself? And how, exactly, is that data protected from hackers or leaks? That, unfortunately, is unclear. This reporter reached out to numerous people at Apple with a series of questions about the new service, but received no response.
This is a problem. If Apple wants people to trust it with details regarding their “allergies, conditions, immunizations, lab results, medications, procedures and vitals,” as CNBC reports, then it needs to be more forthcoming about how it plans to secure that information.
Mashable was able to confirm that the medical records in question can be kept on an iCloud account — if you opt in — but that otherwise they’re stored locally on the device, and protected with the same form of encryption that secures everything else on the device. It’s unclear if this is a separate opt-in than the one an iPhone user makes to back files up to iCloud.
It is very possible that you might want your photos backed up to the cloud, but not the details of your embarrassing medical condition. Hopefully Apple plans to give users that flexibility. Unfortunately, however, at this time we don’t know.
Risk and reward
While the benefits of having your medical history at your fingertips may be numerous, so are the potential pitfalls. After all, it’s not hard to imagine what could go wrong. As the notorious 2014 hack of celebrity iCloud accounts made clear, Apple can’t guarantee the safety of your data. Sure, that incident involved targeted phishing, but for many people, a jealous ex is part of a valid threat model — and that’s exactly the type of person who would be able to bluff their way into an iCloud account.
That is also the same kind of person who might have physical access to your iPhone or Apple Watch. As soon as they got into one of those devices, your medical records would potentially be up for grabs.
To be clear, it’s not like your medical data is necessarily safe where it is. We learned in 2014 that hackers had stolen the records of some 4.5 million patients after breaching the systems of an American hospital network.
As soon as they got into one of those devices, your medical records would potentially be up for grabs.
But, still. Throwing another potential target in the mix in the form of an iPhone or Apple Watch, no matter how secure Apple may claim them to be, doesn’t make this reality any better.
We reached out to both the Electronic Frontier Foundation and the U.S. Department of Health and Human Services for additional insight, and will update this when and if we hear back.
In the meantime, it’s perhaps best to keep in mind that medical records present a unique challenge when it comes to balancing privacy, security, and availability. Not getting them into the hands of your doctor could have disastrous effects, but so could having them fall into the hands of a hacker.
Apple’s customers would be better served by an open dialogue on how the company plans to achieve that optimal balance. Until that happens, however, upload your medical records to Apple’s cloud at your own risk.