Working with third-party apps
When you install an app that supports HealthKit, you'll need to configure it to access various types of HealthKit data. That process will vary from one app to the next, but typically the option to setup an app's connection with HealthKit is something you see the first time you launch an app or it's located within the app's settings. Most apps will also let you choose what metrics you want to record, access, or process--just switch on the appropriate toggles
When you configure an app to work with HealthKit data or if you later adjust which metrics it works with, you'll see a permissions screen called Health Access. The screen will identify the app and show you exactly which data points it will write into HealthKit and which ones it will read out of HealthKit. You need to explicitly confirm you are giving the app permission to access each individual data point both to write and read. This means that you know exactly what information an app can work with and ensures that apps cannot access data without your knowledge and consent.
You can see a full list of all the apps that have requested access to HealthKit both in Health (by tapping the Sources icon at the bottom of the app) and by selecting Health from the Privacy screen in Settings. You can also tap on each app to see what permissions it has requested and to change them.
Apple has built HealthKit to respect user privacy in part with the permissions model that allows you to always see what apps can access what data. It has also barred developers from selling HealthKit information to data brokers or mining it for any purpose other than medical research, in which case all the data must be made anonymous. If you backup your iPhone to your computer using iTunes, Apple requires you to enable the option to encrypt the backup in iTunes in order to backup your HealthKit data (if you don't, the data won't be included in the backup).
Even with these protections, however, it's wise to consider what an app is going to do with your data. For example, many fitness apps offer the ability to automatically post data to your social networks. Many services, including ones centered on weight loss, fitness, and healthcare store or process data in their own private clouds. What happens to information when you use such apps or services is governed by their terms of service, so pay extra close attention to what you're agreeing to when installing any health, fitness, or medical apps.
Sign up for CIO Asia eNewsletters.