In a world where people use wearables and mobile apps to track everything about their health, including their blood pressure and quality of sleep, everyone wants to have their data stored within one platform where it can be conveniently accessed.
Apple and Google have both come up with platforms that accumulate health and fitness-related data. The expectation is that by providing a standardized format and storage mechanism for health data, HealthKit and Google Fit will facilitate the development of apps and devices that can share health data with each other. This will also enable users to switch between apps without having to worry about transferring all their data.
In this article, we compare HealthKit and Google Fit and discuss the importance of data security while creating a healthcare app.
Apple HealthKit versus Google Fit
The principal difference between Apple’s and Google’s platforms is that Google targets the fitness aspect of digital health, while Apple is primarily focused on medical data. Apple announced its health informatics mobile app called Health in 2014. It was included in iOS 8 and accompanied by HealthKit, an API that’s part of the iOS SDK.
Google introduced its own health tracking platform called Google Fit later in 2014. In August of that year, the company also released the Google Fit SDK. In 2019, Google Fit became available on iOS. Also, Google continues to work on two healthcare projects aimed at healthcare facilities: Google Health and Cloud Healthcare API.
The Google Health project explores ways in which artificial intelligence (AI) and deep learning can help medical workers. So far, Google has released several pieces of research including on how AI can predict lung and breast cancer and how a deep learning model can accurately make a diagnosis right after a patient is admitted to the hospital.
The Cloud Healthcare API allows developers to securely exchange data between healthcare apps and solutions built on Google Cloud. It allows organizations to manage data from a range of inputs and systems and then analyze that data using machine learning.
The functionality of HealthKit and Google Fit somewhat overlaps, but there are significant differences between them.
First, let’s see what tools these platforms offer for custom healthcare software development.
Apple has three products – HealthKit, ResearchKit, and CareKit – that form an ecosystem that works with different types of medical data. This ecosystem was developed gradually. First there was HealthKit, then Apple introduced ResearchKit, and last came CareKit.
The HealthKit framework works inside the Health app and allows for seamless communication with third-party applications. It’s a convenient container for all health data received from user input and device sensors and makes it easy for apps to process, store, and collect health data.
ResearchKit is a framework for gathering medical data from large groups of people for research purposes.
ResearchKit consists of three modules:
Survey. This module has a predefined UI that allows researchers to quickly create and customize surveys for medical research.
Consent. People participating in surveys want to know how their data will be stored and processed and why this data is being gathered. The consent module provides researchers with customizable notifications that explain the details of the study and a ready-made form where participants can consent to participate.
Active tasks. This module invites participants to perform certain kinds of activities and collects data about user conditions using iPhone sensors (i.e. heart rate while running, balance while standing on one leg).
CareKit is a framework to help users manage longer-term illnesses and chronic conditions, monitor recovery after surgery, and so on. It contains four modules:
Care Card allows patients to track if they’re taking their medications on time.
Symptom and Measurement Tracker helps patients monitor their progress and keep records of their symptoms.
Insight Dashboard compares data to analyze which treatment is more efficient.
Connect lets patients share data with their friends and family or medical staff.
The Google Fit health-tracking platform
The fitness store is a repository for health and fitness data from various devices and apps.
The permissions and user controls component has a predefined set of tabs for requesting user permissions to access health data.
The sensor framework offers high-level representations for sensors, fitness data types, and sessions. It works with the fitness store on any platform.
Google Fit APIs are a set of APIs for creating both web and mobile apps. The platform architecture consists of two types of APIs: Android APIs for native Android apps and REST APIs for other platforms. These APIs include the Goals API for tracking goals set by users and the History API for storing, reading, and deleting fitness data.
Healthcare and fitness data
Google Fit and HealthKit represent Google’s and Apple’s takes on storing information and integrating it across multiple devices and applications. But the types of data displayed by these apps differ significantly.
Google Fit has four categories of public data types that can be stored and collected. Apps can request permission to read and share this data.
Activity – basal metabolic rate, calories burned, cycling cadence, step count, workout duration
Body – body fat percentage, heart rate, weight, height
Location – wheel revolutions per minute (RPM) and cumulative revolutions, distance, speed
Nutrition – hydration, food, nutrients
There are also so-called restricted health data types. Since this data includes sensitive information, to access it, you need to apply for OAuth API verification. Google will review your application and grant or deny verification.
Restricted data types include information on:
Blood glucose levels
Google also allows for creating custom data types if they aren’t already covered by an existing data type.
HealthKit offers a complex hierarchy of data types. HKObjectType subclasses identify types of data stored in HealthKit:
HKCharacteristicType represents data that doesn’t change over time. This subclass includes blood type, sex, skin type, and birth date.
HKQuantityType represents numerical values (calories burned, total steps)
HKCategoryType represents a chosen option from a list of values (mood after sleep)
HKWorkoutType represents all data about workouts (workout type, time)
HKCorrelationType includes complex sets of data (food item, calories in food item)
HKActivitySummaryType includes all data about user activities
HKDocumentType is used to create document queries (prescriptions, etc.)
HKSeriesType stores a series of data (i.e. a series of heartbeat data)
These data types look a bit hard to understand. To help developers easily find the data type they need, Apple has divided the types into several categories: vitamins, body measurements, vital signs, minerals, hydration.
Many well-known companies have integrated HealthKit and Google Fit into their applications, which testifies to the trustworthiness of these platforms.
Moreover, Google and Apple are now striking deals with healthcare facilities and health organizations to improve the healthcare industry. In turn, Apple and Google get valuable feedback and can better understand the challenges facing the industry.
HealthKit is integrated into fitness apps like Strava, DailyBurn, PocketYoga, Sleepio, Runtastic Me, and Garmin Connect as well as nutrition apps like Lifesum and Nutrino and healthcare apps like Mayo Clinic, AskMD, and Hello Doctor.
Apple works with a long list of hospitals all over the United States to standardize fragmented healthcare data and improve interoperability.
Thanks to this partnership, patients of partner hospitals are able to view vital information (lab results, medications, etc.) right in the Health app.
Read also: The Latest Trends of Fitness App Development
Google Fit is used in applications like Under Armour Record, Runtastic, Nike Run Club, Pokémon Go, Calm, Calorie Counter – MyFitnessPal, 8fit Workouts & Meal Planner, Map My Fitness Workout Trainer, Strava, Mindbody, Clue Period Tracker, Withings Health Mate, Seven, Qardio, and Jefit. The number of service providers that use Google Fit is constantly growing.
In 2018, the World Health Organization partnered with Google Fit to launch its global action plan on physical activity. The aim of this program is to reach more people with the WHO’s recommendations on nutrition, physical activity, and healthy lifestyles.
Google has also partnered with the American Heart Association to create two goals based on the Heart Association’s activity recommendations.
Google and the AHA came up with two brand-new data types:
- Move Minutes, which is used for activity tracking. Users earn Move Minutes for every bit of physical activity they do (yoga, walking, etc.).
- Heart Points are earned when users perform activities at a faster pace.
With these two types of data, Google aims to make the results of exercising easier to understand.
Google Fit boasts a wider range of compatible fitness wearables compared to HealthKit (that works only with Apple Watch working on WearOS). Google Fit is the default fitness application in every Wear OS smart device and integrates with other devices including Samsung Galaxy Watch, Xiaomi Mi Band, Huawei Band, Withings Move, Sony SmartBand, and devices by Fitbit and Garmin.
Security and privacy
Understanding the difference between privacy and security for medical and fitness tracking apps is important. Privacy is an individual’s right to control their information and decide who to share it with. Security is the technical means of safeguarding that information.
The security requirements of a particular app depend on its functions and on whether or not it contains sensitive personal information. Fitness apps can easily get away with a somewhat basic level of security, whereas anything marketed as a medical app requires a much more serious level of built-in protection.
Read also: Core Elements of Data Security
Google Fit and fitness tracking app security
When you look at the terms of service for Google Fit for developers, you’ll see that Google does not intend Google Fit to be a medical device. You may not use Google Fit in connection with any product or service that may qualify as a medical device pursuant to Section 201(h) of the US Federal Food, Drug, and Cosmetic Act.
Since Google acknowledges that Google Fit should not be seen as a medical device, the app does not require additional security measures that are essential for custom healthcare software development.
Google states that it makes no representation that Google Fit satisfies HIPAA requirements. So when an app creator is a covered entity or business associate under HIPAA, they should use Google Fit in their app only after receiving written consent to such use from Google.
HealthKit and medical app security
Health Kit also offers well-designed security features, starting with the fact that it only works on Apple devices. One reason for that might be security.
The latest iPhone models are equipped with Touch ID and Face ID, which can identify a user when passing data between Apple devices. When a user’s iPhone is locked, their health data in the Health app is encrypted on‑device. If a user chooses to sync their health data with iCloud, it’s encrypted while in transit and at rest.
Medical apps in the US are controlled and regulated by the Food and Drug Administration guidelines and HIPAA.
The FDA recommends the following measures in order to protect users’ medical data: using user authentication (for example, a user ID and password, smart card, or even biometrics); strengthening password protection by avoiding hard-coded passwords, and limiting public access to passwords used for technical device access.
David Lee Sher, MD, in his article on medical app security, breaks down the most common threats to users’ privacy and security into the following checklist :
1) Unencrypted personal health information
2) Unsecured wireless communications from monitors
3) Lack of functionality to prevent commingling of hospital data such as a patient’s personal health information and the app user’s personal data
4) Lack of technical support or enforcement of minimum password requirements
5) Failure to block untested or unapproved apps
6) Absence of remote wipe or delete/lockdown functions to protect data in the event the device is lost
Apple considered these data security threats, which is why HealthKit is protected by bank-grade security and encryption — medical records, notes, and other information is protected according to the same standards as bank data. All information is stored in secure data centers with multiple backups in place. Also, HealthKit is HIPAA compliant.
Patient profiles and clinical notes in HealthKit can only be accessed by medical practitioners and administrators based on levels of access.
HealthKit data can only be accessed with a username and password. Only people who have a user’s permission, such as doctors, can view the user’s personal information and health records. You should protect user's privacy at all costs.
Read also: Our Healthcare Software Development Services
Let’s check how easy it is to integrate your app with Google Fit and HealthKit.
Google asks developers to use its platform responsibly when developing fitness and wellness apps and lays out the following principles of use:
it’s forbidden to use Google Fit for creating apps that store biometric or medical data without Google’s written consent
Users should know what data you will collect and for what purpose.
You must honor requests from users to delete data.
If reading data from Google Fit, you must also allow for writing fitness data to Google Fit.
You must agree to the Google Fit Terms and Conditions before using Google Fit.
First and foremost, you need a Google account and Google Play Services. To use Google Fit, you also need an OAuth 2.0 Client ID. Google provides extensive and clear documentation on how to make your app works with Google Fit.
Since HealthKit may be used for storing sensitive user data, Apple treats user privacy seriously and places strict rules on the platform.
Users should know what data you will collect and for what purpose.
Every user must explicitly grant each app permission to read and write data to the HealthKit store. Users can grant or deny permission separately for each type of data. To prevent possible data leaks, an app does not know whether it has been denied permission to read data.
HealthKit data must only be kept locally on the users' smartphones. For security, the HealthKit store can only be accessed by an authorized app. As a result, an app launched in the background cannot read data from the store.
While you can show advertising in an app that uses the HealthKit framework, you cannot use data from the HealthKit store to serve ads.
Any information gained through HealthKit cannot be exposed to a third party without user permission.
You can share a user’s HealthKit data with a third party for medical research only after the user grants permission.
Apple provides mobile app developers with a step-by-step guide on how to set up HealthKit. You need iOS SDK (software development kit) 8 and higher.
At this point, there is no clear winner between HealthKit and Google Fit, as both platforms have their advantages and disadvantages. HealthKit focuses on providing very detailed information and stressing the health side of things, whereas Google Fit supports many more wearables and devices and is used for fitness app development.