We’re updating our Health Connect policy
|
|
|
|
|
|
|
|
|
| DEVELOPER UPDATE
|
| Hello Google Play Developer, |
| To give users more control over their data, we're updating our Health Connect policy to strengthen safeguards regarding the handling of sensitive health record data. Health Connect is an Android platform that allows health and fitness apps to store and share the same on-device data, within a unified ecosystem. It also offers a single place for users to control which apps can read and write health and fitness data, including health records. Health Records may include medical history, diagnoses, treatments, medications, lab results, and other clinical data, obtained from healthcare providers or institutions, or through supported third-party health platforms. This data is highly sensitive and requires careful handling to protect user privacy. |
| What is changing? |
| The Health Connect policy has always prioritized the protection of sensitive health data. Starting today, this policy is being updated to further strengthen these protections and reflect the sensitive nature of health record data. These changes include:
|
- Clear eligibility criteria for apps requesting access to health record data, so only apps with justified use cases will be considered.
- New detailed justification requirements in Play Console for accessing health record data permissions. You will need to clearly articulate why your app needs access to specific health record data types and how this access will directly benefit the user.
- Enhanced privacy obligations for developers handling health record data, including limitations on data sharing and usage, and specific requirements for user consent.
| In addition to accessing health record data, developers may also request permission to write such data to Health Connect, subject to explicit user authorization and consent. This allows users to consolidate their health information from various sources in a central location. Apps writing health record data will also be subject to strict privacy and security requirements.
|
|
| Action required |
| If you request access to read or write health record data, you must take the following steps:
|
- Review the updated policy and FAQs: Carefully review the updated Health Connect policy and FAQs to understand the new requirements and obligations.
- Align with approved Use Cases: Ensure your app's functionality aligns with the approved use cases for health record data, which are outlined in the FAQs. Access to and writing of health record data will only be granted for these specific use cases.
- Provide detailed justifications: Provide detailed and compelling justifications in Play Console, for each health record data permission you request, whether for reading or writing. Explain precisely why your app needs the data and how it will be used to benefit the user.
- Update your Privacy Policy: Update your app's privacy policy to explicitly address the collection, use, sharing, and protection of health record data. Clearly explain what data is collected, why, how it's used, with whom it's shared, and how users can control their data.
- Comply with applicable regulations (HIPAA, GDPR, etc.): If your app handles health record data, you are responsible for compliance with all applicable regulations, including but not limited to HIPAA (for US-based health providers and their business associates) and GDPR (for data of individuals in the European Union). This may include entering into Business Associate Agreements (BAAs) where required.
- Establish data sharing agreements (where applicable): Depending on the nature of the data you are accessing and how you are using it, you may need to establish data sharing agreements with the relevant data controllers.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
