What can I do about this clause?

{'method': 'IN_APP', 'recipient': 'Settings > Privacy & Security > Health on iPhone', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': "On your iPhone, go to Settings > Privacy & Security > Health to see which apps have access to your health data. Revoke access for any apps you don't fully trust, and review the Health app itself under Browse > your data categories to delete specific health records.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'HHS_OCR', 'reason': 'HHS OCR enforces HIPAA for covered entities and business associates handling health data, and has issued guidance on health app data practices.', 'complaint_url': 'https://www.hhs.gov/ocr/complaints/index.html'}

What is the severity of this clause?

ConductAtlas classifies this Health and Fitness Data Processing clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Health and Fitness Data Processing — Apple

Share 𝕏 Share in Share 🔒 PDF

What it is

Apple collects health and fitness data from your Apple Watch and iPhone with your permission, but if you share that health data with third-party apps, Apple's privacy protections no longer apply and those apps' own policies govern your data.

Consumer impact (what this means for users)

Your health metrics collected by Apple Watch and iPhone — including heart rate, menstrual cycles, medications, and fitness data — can be shared with third-party apps where Apple's protections no longer apply, creating significant privacy risk for sensitive medical information.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

On your iPhone, go to Settings > Privacy & Security > Health to see which apps have access to your health data. Revoke access for any apps you don't fully trust, and review the Health app itself under Browse > your data categories to delete specific health records.

Cross-platform context

See how other platforms handle Health and Fitness Data Processing and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Health data is among the most sensitive personal information, and once shared with third-party health apps, it leaves Apple's privacy framework entirely — those apps may sell or share your health data with insurers, employers, or data brokers.

View original clause language

Health information. Data relating to the health features of Apple software and devices, including, with your permission, health and fitness information that you provide or that is gathered from the device. If you choose to share health information with third-party apps, the health data you share is governed by the third-party's privacy policy. Apple's privacy policy does not apply to how third parties handle the health information you share with them.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Health data constitutes a special category under GDPR Art. 9, requiring explicit consent (Art. 9(2)(a)) or another enumerated basis for processing. Under CCPA/CPRA, health information is a 'sensitive personal information' category (Cal. Civ. Code §1798.121) triggering opt-in consent requirements. While Apple itself is not a HIPAA covered entity (45 CFR Parts 160, 162, 164), third-party apps receiving HealthKit data that are operated by covered entities or business associates may be subject to HIPAA, enforced by HHS OCR. FTC Act Section 5 applies to deceptive health data practices by app developers.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

Hhs Ocr

HHS OCR enforces HIPAA for covered entities and business associates handling health data, and has issued guidance on health app data practices.
File a complaint →

Provision details

Document information

Document

Apple Privacy Policy

Entity

Apple

Document last updated

April 29, 2026

Tracking information

First tracked

April 27, 2026

Last verified

April 27, 2026

Record ID

CA-P-003229

Document ID

CA-D-00024

Evidence Provenance

Source URL

https://www.apple.com/legal/privacy/en-ww/

Wayback Machine

View archived versions →

SHA-256

994b983f6900cdaa9bdc93e6bbe73247775f83fe14db2d46bfab3b416f57d9b0

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Apple | Document: Apple Privacy Policy | Record: CA-P-003229
Captured: 2026-04-27 10:36:19 UTC | SHA-256: 994b983f6900cdaa…
URL: https://conductatlas.com/platform/apple/apple-privacy-policy/health-and-fitness-data-processing/
Accessed: May 2, 2026

Classification

Severity

High

Health and Fitness Data Processing