Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add "Personal Health" section #1562

Open
jonaharagon opened this issue Jul 18, 2022 · 11 comments · May be fixed by #1628
Open

Add "Personal Health" section #1562

jonaharagon opened this issue Jul 18, 2022 · 11 comments · May be fixed by #1628
Assignees
Labels
c:software self-hosted/decentralized software and related topics status:research required content that needs to be looked into further

Comments

@jonaharagon
Copy link
Member

We should look at a section covering personal health/fitness tracking and management, including period tracking as mentioned below, as well as just a generalized health database. Outside of fitness tracking, health databases have a clear use-case for a variety of medical reasons such as medication, vitals, and nutrition tracking; so this definitely isn't something that can be dismissed as simply as "just don't track that stuff if you want privacy" lol

On iOS, simply sticking with Apple Health seems like a clear recommendation, as it operates entirely on-device and includes period tracking as well as tracking of essentially any other health metric. I think we need to research available options on Android still, including the ones linked below:

Discussed in https://github.com/orgs/privacyguides/discussions/1513

Originally posted by FriskyInitiate July 5, 2022
Period tracker apps are used to record highly personal information that can include your menstruation cycle, sexual activity, daily mood, pain levels, whether you are trying to have a baby, pregnancy or if you experience a miscarriage. With the recent attack on reproductive rights in the US, it seems more relevant than ever to introduce a category for period tracking apps. Consumer Reports has evaluated some of the available apps for privacy invasions and recommends Drip, Euki and Periodical.

@jonaharagon jonaharagon added c:software self-hosted/decentralized software and related topics status:research required content that needs to be looked into further labels Jul 18, 2022
@jonaharagon jonaharagon changed the title Personal health/fitness tracking apps Add "Personal Health" section Jul 18, 2022
@jonaharagon
Copy link
Member Author

jonaharagon commented Jul 18, 2022

I believe functionality analogous to Apple Health's Health Record functionality is available on Android with CommonHealth, which lets you store and access your medical health data locally on your device, but I don't believe it has any personal health tracking capabilities. I think the closest alternatives to Apple Health's HealthKit functionality is found in Google Fit and Samsung Health, neither of which are ideal for our purposes.

On a personal note, I will say that Android's lack of private health tracking that I'm aware of is the primary reason I stick with iOS.

The health-tracking scene on Android has changed this year as I'm looking into it. We should look into whether Google's Health Connect is suitable. The main issue I see at a glance is that it doesn't provide any tracking functionality itself, leaving that up to third-party apps which may be privacy-invasive.

We should be able to find a collection of privacy-respecting individual apps on Android that fulfill different roles Apple Health fulfills on iOS, such as pedometer apps, nutrition apps, period tracking apps, et cetera. They'll merely lack integration with each other or any native integration with Android itself, which should be fine for most people. Finding apps with integration with Android Health Connect would be a plus if that API appears promising.

https://f-droid.org/en/categories/sports-health/index.html could be promising.

@dngray
Copy link
Member

dngray commented Jul 20, 2022

I've wondered about this myself, and perhaps might look at a few options.

@freddy-m
Copy link
Member

I don't know of any apps for this, but very much approve of this as a section.

@debsidian
Copy link

debsidian commented Jul 29, 2022

I have a personal interest in this and have done a lot of research on the matter (primarily on web and iOS -- not android). If I can help turn you on to various apps, software, etc., please just ask.

Since iOS has such a focus on heart and cardiac monitoring, I've found the most useful cardiac iOS app is HeartWatch. (I don't have any affiliation with them or any of these companies/apps). They don't have any telemetry or data sharing or "proprietary cloud feature" that I am aware of. All data stays on-device, that is what makes it private. What makes it useful are the analytics it provides with your heart-data.

They have an app for sleep tracking, AutoSleep, but I don't use that one.

For Blood Pressure monitoring, I like SmartBP. The free version has ads but if you pay for the app, the ads go away. Also you can not pay and just use pi-hole -- the ads go away then, too. Telemetry is from flurry.com, disabled through pihole. BP readings are taken at home and resting, so you (should) always have your pihole enabled. They do have a proprietary cloud, I've never enabled it. The app still works perfectly.

LMK if you want other recommendations. @jonaharagon

Edit: Just looked at the Blood Pressure app again and yikes. Probably shouldn't include it on your recommendations list.

@debsidian
Copy link

debsidian commented Jul 29, 2022

I think it would be helpful if you explained the difference between "health data" and "medical data" from a privacy/legal perspective. Patient-Generated Health Data (PGHD) is a thing (definition) and is not covered by HIPAA. The health data which users voluntarily upload to apps are not private and are not afforded the same protections that medical data is afforded.

It doesn't matter if the data is generated by a wearable or from a doctor's office. If the data in question is provided and voluntarily uploaded by the patient to a 3rd party repository (such as an app), HIPAA protections no longer apply. The only exception to this is if that 3rd party repository is your physician's medical software. If you're uploading PGHD data from your iPhone (Apple Health) via MyChart to your physican's Epic (EMR) instance, then that data is covered under HIPAA. It is covered because it is classified as doctor-patient communications, which is protected- assuming hospital or physician is a Covered Entity.

tl;dr -

  • Medical Data: Data generated by your doctor or other Covered Entity about you. Covered by HIPAA. Private by default.
  • Health Data: Data generated or provided by you to any app or other 3rd party data repository which isn't your doctor. Not covered by HIPAA. Not private by default.

@jonaharagon jonaharagon linked a pull request Aug 11, 2022 that will close this issue
@jonaharagon
Copy link
Member Author

Leaving a note to self: Gadgetbridge for cloudless fitness hardware on Android

@ph00lt0
Copy link
Member

ph00lt0 commented Aug 18, 2022

Do we consider options for apps that would work when forcefully been blocked from having internet access (like possible on grapheneOS)? In that case we only have to look for apps that still work when they are being disconnected.

@jonaharagon
Copy link
Member Author

@ph00lt0 Not unless no other options are available in a category, for two reasons: Most users won't be using a ROM which supports blocking internet access from apps entirely, and we want to put an emphasis on apps which are designed with privacy in mind rather than just apps where privacy is (incidentally) possible.

@jonaharagon jonaharagon self-assigned this Aug 28, 2022
@Emily-Kang77
Copy link

Emily-Kang77 commented Aug 29, 2022

we want to put an emphasis on apps which are designed with privacy in mind rather than just apps where privacy is (incidentally) possible.

Then just because a health-tracking app is on F-Droid, it isn't enough to get recommended on the Privacy Guides website? It does make sense, although I think that offering a list of "offline" but not exactly secure apps would help people move away from definite privacy risks like stuff from Google and Apple. Most, or a lot of small open source apps aren't actually checked by people other than the developer, so it is a bit of a gray area. It would be nice if users could directly improve application security with an app like VeraCrypt (keep all app contents in a container), but I don't know of any good ones for Android. There's DroidFS on F-Droid to encrypt files at least.

Some nice apps on F-Droid (AFAIK they don't use encryption):

  • Track and Graph is good for general tracking and visualizing progress
  • log28 is a period tracker

@PrivacyBay
Copy link

The health section of PrivacyTools was released yesterday: https://www.privacytools.io/health

They have added these open-source projects as well:

@privacyguides-bot
Copy link
Collaborator

This issue has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/health-section/12681/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c:software self-hosted/decentralized software and related topics status:research required content that needs to be looked into further
Projects
Status: Ready
Development

Successfully merging a pull request may close this issue.

8 participants