Health Data Privacy
HIPAA, GDPR, post-Roe risk — and the FOSS / on-device alternatives that sidestep most of it.
Health data is the most consequential personal data most people generate. Wearables, period trackers, mood journals, telehealth, and at-home labs all live in a regulatory gap — HIPAA covers providers, not consumer apps, and post-Dobbs (2022) US legal landscape changed risk calculus around reproductive data. This page is the curated list of what to watch, what's defensible, and the FOSS / on-device alternatives.
Sister sections: Period & Cycle Tracking, Pregnancy & Baby Tracking, Mental Health Therapy Platforms, Health Records & FHIR, Quantified Self DIY, Wearable Aggregation, Apple Watch, Diabetes & CGM Tools.
What HIPAA does and doesn't cover
- ★ HIPAA covers "covered entities": healthcare providers, health plans, healthcare clearinghouses + their business associates with signed BAAs.
- HIPAA does NOT cover: most consumer apps (Strava, Fitbit, period trackers, mood journals, fitness apps), most wearables, smart-scale data, your Genetic Direct-to-Consumer test, sleep trackers.
- The "wellness" loophole — apps that don't take medical-provider data live outside HIPAA.
What this means: the privacy of your Strava / Whoop / Flo / Fitbit data is governed by the company's terms of service, not federal medical-privacy law.
Real precedent breaches / settlements (2020-2025)
- ★ BetterHelp 2023 FTC settlement — $7.8M for sharing user health data with Facebook / Snapchat / Pinterest.
- ★ Flo 2021 FTC settlement — sharing pregnancy-tracking data with Google / Facebook ad networks; "Anonymous Mode" added 2022.
- ★ GoodRx 2023 FTC settlement — $1.5M for sharing health-search data with Facebook / Google / Criteo.
- MyFitnessPal 2018 breach — 150M user emails / passwords.
- 23andMe 2023 breach — 6.9M user genetic + ancestry profiles.
- Easy Healthcare (Premom) 2023 FTC settlement — sharing fertility data.
- Cerebral 2023 — controlled-substance prescription practices + data sharing investigations.
The pattern: consumer health apps share data freely until the FTC catches up, after which they fix it for the next year, then the cycle repeats.
Post-Dobbs (2022) US considerations
- ★ Period / pregnancy tracking can be subpoenaed; has been used as evidence in pregnancy-related investigations in some US states since 2022.
- Texts, search history, location data — all potentially relevant; period apps are one piece.
- Cross-border data sharing — even apps with EU GDPR jurisdiction can be subject to US legal process if they have US infrastructure.
- Privacy-first picks: see Period & Cycle Tracking for Drip, Euki, Periodical.
GDPR / CCPA / state laws
- ★ GDPR (EU) — strong; right-to-delete; right-to-portability; explicit consent. Apps headquartered in the EU (Clue, Withings) are bound by GDPR for all users.
- CCPA / CPRA (California) — analogous to GDPR; right to know / delete / opt-out of sale.
- Washington My Health My Data Act (2023) — strongest US state-level health-app privacy law; explicit consent for collection, use, and sharing.
- Connecticut, Virginia, Colorado, Utah — Comprehensive Privacy Acts in force 2023-25.
- Result: many apps released "Anonymous Modes," delete-my-account flows, and explicit consent screens 2022-25.
Your portability rights (US)
- ★ HIPAA Right of Access — your provider must give you your medical records within 30 days, in the format you request, for a reasonable fee. Apple Health Records is partially how this is delivered in 2024-26 via FHIR.
- ★ GDPR Article 20 / 21st Century Cures Act — health systems must export records electronically.
- See Health Records & FHIR for the practical pipeline.
Defensive defaults
- ★ Use Apple Health / Health Connect on-device aggregation rather than a vendor's cloud where you can.
- ★ Don't grant cycle / mood / fertility apps Health-write permission unless you trust them; otherwise they can mirror your data to their servers.
- Disable third-party app sharing in Apple Health Sharing settings.
- Use a passcode / biometric lock on sensitive apps.
- Annual "delete unused apps" sweep — apps you haven't opened in 3 months are still selling your data if you didn't revoke permissions.
- Read the privacy policy of any new health app, specifically the "Sharing" and "Sale" sections.
- Delete your account (not just uninstall) when leaving an app.
- Verify exports work before trusting a service — try exporting before you have 5 years of data locked in.
Apps with strong privacy track records
- ★ Apple Health / HealthKit — on-device + iCloud E2E.
- ★ Drip / Euki / Periodical — local-only.
- ★ OpenScale / GadgetBridge / xDrip+ / Loop / OpenMRS / OpenEMR — FOSS, local.
- Clue — Berlin-based, GDPR-strict.
- Garmin Connect — generally low-controversy, but data still on Garmin's servers.
Apps worth questioning
- Flo, Glow, Stardust — mixed history.
- MyFitnessPal — past breach.
- 23andMe / Ancestry — DTC genetics with breach history; consider what data they share with research partners.
- BetterHelp / Talkspace — FTC scrutiny.
- GoodRx — health-search history shared with ad networks (settled).
- Whoop / Fitbit — cloud-mandatory; verify their current TOS.
Data ownership patterns (best practices)
- ★ On-device first, cloud second — pick FOSS or on-device when reasonable.
- ★ Periodic CSV exports — set a quarterly calendar reminder.
- ★ Self-host where it's worth it — Wger, Nightscout, Memos. See Self-Hosted Personal Apps.
- Tailscale-only access — don't expose your self-hosted tools publicly. See VPN Mesh.
- Separate accounts for fitness vs. medical — avoid one account that sees everything.
Genetic / DTC data
- 23andMe / Ancestry — opt out of research-partner sharing; consider downloading your raw data and deleting your account if no longer using.
- Sequencing.com / Promethease — third-party FOSS / paid analysis on raw 23andMe data; cheaper than re-sequencing.
- Nebula Genomics, Dante Labs — alternatives; check current ownership / privacy policies.
Pick this if…
- Privacy-first cycle tracking: Drip / Euki / Periodical.
- Privacy-first BG monitoring: xDrip+ + self-host Nightscout.
- Privacy-first wearable aggregation: GadgetBridge + Apple Health on-device.
- iOS user, want defensible defaults: Apple Health + Apple Watch + decline third-party-app Health writes.
- Self-host everything you can: Wger / OpenScale / Memos / Trilium / Runalyze + Tailscale.
- Your therapist / clinician: insurance-billed therapy → HIPAA-covered.
- Concerned post-Roe in the US: assume hosted period tracker data is potentially discoverable; use Drip / Euki and avoid logging anything to a hosted service that you wouldn't want subpoenaed.