Add "Personal Health" section

[jonaharagon]

We should look at a section covering personal health/fitness tracking and management, including period tracking as mentioned below, as well as just a generalized health database. Outside of fitness tracking, health databases have a clear use-case for a variety of medical reasons such as medication, vitals, and nutrition tracking; so this definitely isn't something that can be dismissed as simply as "just don't track that stuff if you want privacy" lol

On iOS, simply sticking with Apple Health seems like a clear recommendation, as it operates entirely on-device and includes period tracking as well as tracking of essentially any other health metric. I think we need to research available options on Android still, including the ones linked below:

Discussed in https://github.com/orgs/privacyguides/discussions/1513

^{Originally posted by **FriskyInitiate** July 5, 2022} Period tracker apps are used to record highly personal information that can include your menstruation cycle, sexual activity, daily mood, pain levels, whether you are trying to have a baby, pregnancy or if you experience a miscarriage. With the recent attack on reproductive rights in the US, it seems more relevant than ever to introduce a category for period tracking apps. Consumer Reports has [evaluated](https://web.archive.org/web/20220630092722/https://www.consumerreports.org/health-privacy/what-your-period-tracker-app-knows-about-you-a8701683935/) some of the available apps for privacy invasions and [recommends](https://web.archive.org/web/20220630215118/https://www.consumerreports.org/health-privacy/period-tracker-apps-privacy-a2278134145/) [Drip](https://bloodyhealth.gitlab.io/), [Euki](https://eukiapp.com/) and [Periodical](https://arnowelzel.de/en/projects/periodical).

[jonaharagon]

I believe functionality analogous to Apple Health's Health Record functionality is available on Android with CommonHealth, which lets you store and access your medical health data locally on your device, but I don't believe it has any personal health tracking capabilities. I think the closest alternatives to Apple Health's HealthKit functionality is found in Google Fit and Samsung Health, neither of which are ideal for our purposes.

On a personal note, I will say that Android's lack of private health tracking that I'm aware of is the primary reason I stick with iOS.

The health-tracking scene on Android has changed this year as I'm looking into it. We should look into whether Google's Health Connect is suitable. The main issue I see at a glance is that it doesn't provide any tracking functionality itself, leaving that up to third-party apps which may be privacy-invasive.

We should be able to find a collection of privacy-respecting individual apps on Android that fulfill different roles Apple Health fulfills on iOS, such as pedometer apps, nutrition apps, period tracking apps, et cetera. They'll merely lack integration with each other or any native integration with Android itself, which should be fine for most people. Finding apps with integration with Android Health Connect would be a plus if that API appears promising.

https://f-droid.org/en/categories/sports-health/index.html could be promising.

[dngray]

I've wondered about this myself, and perhaps might look at a few options.

[freddy-m]

I don't know of any apps for this, but very much approve of this as a section.

[debsidian]

I have a personal interest in this and have done a lot of research on the matter (primarily on web and iOS -- not android). If I can help turn you on to various apps, software, etc., please just ask.

Since iOS has such a focus on heart and cardiac monitoring, I've found the most useful cardiac iOS app is HeartWatch. (I don't have any affiliation with them or any of these companies/apps). They don't have any telemetry or data sharing or "proprietary cloud feature" that I am aware of. All data stays on-device, that is what makes it private. What makes it useful are the analytics it provides with your heart-data.

They have an app for sleep tracking, AutoSleep, but I don't use that one.

~For Blood Pressure monitoring, I like SmartBP. The free version has ads but if you pay for the app, the ads go away. Also you can not pay and just use pi-hole -- the ads go away then, too. Telemetry is from flurry.com, disabled through pihole. BP readings are taken at home and resting, so you (should) always have your pihole enabled. They do have a proprietary cloud, I've never enabled it. The app still works perfectly.~

LMK if you want other recommendations. @jonaharagon

Edit: Just looked at the Blood Pressure app again and yikes. Probably shouldn't include it on your recommendations list.

[debsidian]

I think it would be helpful if you explained the difference between "health data" and "medical data" from a privacy/legal perspective. Patient-Generated Health Data (PGHD) is a thing (definition) and is not covered by HIPAA. The health data which users voluntarily upload to apps are not private and are not afforded the same protections that medical data is afforded.

It doesn't matter if the data is generated by a wearable or from a doctor's office. If the data in question is provided and voluntarily uploaded by the patient to a 3rd party repository (such as an app), HIPAA protections no longer apply. The only exception to this is if that 3rd party repository is your physician's medical software. If you're uploading PGHD data from your iPhone (Apple Health) via MyChart to your physican's Epic (EMR) instance, then that data is covered under HIPAA. It is covered because it is classified as doctor-patient communications, which is protected- assuming hospital or physician is a Covered Entity.

tl;dr -

• Medical Data: Data generated by your doctor or other Covered Entity about you. Covered by HIPAA. Private by default.
• Health Data: Data generated or provided by you to any app or other 3rd party data repository which isn't your doctor. Not covered by HIPAA. Not private by default.

[jonaharagon]

Leaving a note to self: Gadgetbridge for cloudless fitness hardware on Android

[ph00lt0]

Do we consider options for apps that would work when forcefully been blocked from having internet access (like possible on grapheneOS)? In that case we only have to look for apps that still work when they are being disconnected.

[jonaharagon]

@ph00lt0 Not unless no other options are available in a category, for two reasons: Most users won't be using a ROM which supports blocking internet access from apps entirely, and we want to put an emphasis on apps which are designed with privacy in mind rather than just apps where privacy is (incidentally) possible.

[Emily-Kang77]

we want to put an emphasis on apps which are designed with privacy in mind rather than just apps where privacy is (incidentally) possible.

Then just because a health-tracking app is on F-Droid, it isn't enough to get recommended on the Privacy Guides website? It does make sense, although I think that offering a list of "offline" but not exactly secure apps would help people move away from definite privacy risks like stuff from Google and Apple. Most, or a lot of small open source apps aren't actually checked by people other than the developer, so it is a bit of a gray area. It would be nice if users could directly improve application security with an app like VeraCrypt (keep all app contents in a container), but I don't know of any good ones for Android. There's DroidFS on F-Droid to encrypt files at least.

Some nice apps on F-Droid (AFAIK they don't use encryption):

• Track and Graph is good for general tracking and visualizing progress
• log28 is a period tracker

[PrivacyBay]

The health section of PrivacyTools was released yesterday: https://www.privacytools.io/health

They have added these open-source projects as well:

• https://hovancik.net/stretchly/
• https://workrave.org/

[privacyguides-bot]

This issue has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/health-section/12681/1