Mobile health: Who'll keep your secrets, Apple or Google?

With HealthKit, Google Fit and the others, it's as if every big tech firm is suddenly waking up to making your health part of their business -- but who are you going to trust with your personal health data?

Trust in me

Apple seems committed to keeping your private data private. Google is into this myth called "open," which means all your information should be available, even while it keeps its own algorithms and business strategies private. Information should be free -- for Google.

However, when it comes to digital health, both firms must deliver data security due to a provision inside HIPAA (the Health Insurance Portability and Accessibility Act). This sets out requirements for the privacy of user data (Protected Health Information, or PHI) for both medical pros and business associates such as app developers, hosting providers and so on.

What these provisions mean is that information about you -- your heart rate or blood pressure, for example -- needs to be protected once it reaches medical professionals. Given that the full benefit of digital health solutions pretty much demands that data get to medical pros at some point, then it seems clear both platform providers will need to double down on privacy. And Google is no goodat privacy -- like Facebook, it doesn't seem to understand it.

Apple v. Google

TrueVault is a company with expertise in HIPAA compliance for healthcare apps, so I spoke with TrueVault's Morgan Brown to learn a little more:

"It's hard to say who will handle privacy the best," he said. "However, there are some immediate differences. Apple is launching its health initiative with the Health app as a key part of the platform and integrations built with the app and hospitals using the EPIC EMR software. The Healthkit API will allow developers to plug into this data, but their preliminary API docs don't reveal much beyond that. Apple has met with the FDA to discuss the implications of this data collection."

In other words, Apple is already working with regulators to develop a secure connected health platform that keeps your private patient data private.

Typical Google…

"Google on the other hand, is taking a more typical Google approach, in creating the platform and APIs but not announcing their own app," said Brown. "If this open versus closed paradigm plays out as it has in the past, you can expect Apple to hold tighter reigns on access to data by third party apps and Google to be more hands off.

"Apple will likely be more proactive about managing access than Google will," he said.

Sounds about right...

The danger for Apple and Google is that if an unauthorized third party finds a way to crack data from either platform, they may be liable to prosecution if a vulnerability in their platform enabled the data to be compromised.

Who to trust?

Which of Apple or Google is safe?

I'm not sure we can guarantee safety, but we can already see that Apple is far more focused on user privacy and security than its competitor.

Google's lax security model is and always has been a magnet for organized crime, and this is why 97 percent of mobile malware is on Android. What does this mean? It means that if Google's health solutions succeed but are security compromised (which seems inevitable given the inherent weakness of its platform security) then Google is liable for prosecution under HIPAA. But this may not matter much if personal data belonging to millions is already in the public domain as a result.

If privacy matters to you, Apple seems safest at the moment, if not yet completely safe.

Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?