Health record security: Apple plays the long game

Concerned about the security of medical information stored on an iPhone? You’re 5 years too late.

From Apple’s iOS 11.3 press release:

The new Health Records feature brings together hospitals, clinics and the existing Health app to make it easy for consumers to see their available medical data from multiple providers, whenever they choose. Patients from participating medical institutions will have information from various institutions organized into one view and receive regular notifications for their lab results, medications, conditions and more. Health Records data is encrypted and protected with a passcode.

This was a long time coming. An iPhone security and encryption timeline:

  • 2013: Apple introduces Touch ID as a passcode alternative for unlocking the iPhone 5S; mine doesn’t work
  • 2013: Apple introduces the Secure Enclave as an alternative to the cloud for storing sensitive data
  • 2014: With the iPhone 6, Touch ID use is extended to authentication of payments; the slow rollout of Apple Pay begins
  • 2015: With the iPhone 6S Apple introduces a fingerprint reader that works for me
  • 2016: Front-page news: Tim Cook resists Jim Comey’s demand that Apple unlock the San Bernardino shooter’s iPhone
  • 2016: The FBI cracks the San Bernardino iPhone, but only after paying unidentified hackers an undisclosed sum
  • 2017: Apple introduces Face ID; claims the failure rate is 1 in a million (versus 1 in 30,000 for Touch ID)
  • 2017: Use of Touch ID/Face ID is extended to the exchange of cash via Messages
  • 2018: Use of Secure Enclave extended to store health data

My take: If you were thinking of spreading fear, uncertainty and doubt about Apple’s ability to keep secret the state of your health, you’ve missed the boat. As CNBC put it, quoting RxAdvance chairman John Sculley, your health records are probably safer in Apple’s hands than anyone else’s.

One Comment

  1. David Emery said:
    HIPAA rules make this a very difficult proposition. The HIPAA intent is excellent, but the restrictions and complexity of implementation make it a real challenge for both medical providers and patients. And as usual, a lot of the software is poorly designed and buggy….

    So good luck to Apple, and Apple’s commitment to privacy (and we hope to security 🙂 ) should provide a competitive advantage, -if- they can figure out how to integrate with medical provider software.

    January 25, 2018

Leave a Reply