Is Your Health App Reporting Your Private Data to the Government?

Short answer: Yes, very soon.
Starting early next year, our personal medical records and the information from our health apps will be shared between the government and big tech companies such as Apple, Amazon, and Noom. While the government and big tech say sharing this information will help people lose weight or manage chronic conditions, I see this as a profound threat to our privacy, our bodily and economic autonomy, and the security of our most sensitive data. At the bottom of this post are actions you can take to protect yourself.

This morning, I decided to close out my Noom subscription and stopped using Samsung Health. This was a deliberate choice fueled by a deepening discomfort about the ultimate destination of my health data. And it turns out, my concerns are hardly unique or unfounded.

Data Sharing between Government, Big Tech, and your Doctor
There’s a new initiative taking shape, a collaboration between the federal government—specifically the Centers for Medicare and Medicaid Services (CMS)—and tech giants like Google, Amazon, and Apple. Even companies like Noom are reportedly part of this. The stated aim is convenience: simplifying how we access and share our health records across doctors, hospitals, and the health apps we rely on daily. They assure us it’s an “opt-in” system and that our data will be secure. That assurance, and past examples, do little to reassure me and data privacy organizations.

Noom, Apple, Amazon will have access to your medical records. Your doctor will have access to everything you enter in your health apps. The government, however, will have access to all of it.

Here’s why this data-sharing trend troubles me, and why it should trouble you too:

Government Overreach
“Hi, I’m from the government and I’m hear to help you” along with “Trust me, we won’t expand this and do bad things” are phrases only the most naive should believe on their face.

Imagine a future where the government possesses such a comprehensive view of your health, gathered from your doctor’s visits and your health apps, that it begins to dictate your choices. What if they identify you as overweight from your health app data, and suddenly, your Medicare insurance is impacted? Or your private insurance rates go up because you’ve been recording what you eat and they predict heart disease in your future? What if they start attempting to control your diet and activities, by limiting your access to anything the government controls unless you comply, based on algorithms that deem them “unhealthy”? Will this affect things such as child custody and proving which parent gains custody? This may seem extreme, but we are seeing the government take actions that would have been unthinkable 10 or 20 years ago.

We’ve recently seen government agencies share extensive databases for other purposes, such as home addresses for immigration enforcement. It’s not a stretch to envision medical data being used in ways that could genuinely harm us or our families, beyond just our health insurance. Could they, for instance, track reproductive health or mental health choices based on location data from our phones, or even notes from a doctor’s visit? Could they decide you have a substance abuse disorder because they know how often you are near a bar or buy alcohol from phone tracking data, banking information, facial recognition, and license plate readers? These are not distant possibilities when such vast and sensitive data pools are consolidated.

Big Tech: Monetization and Misuse
Let’s be candid: big tech companies thrive on data. While they may promise secure handling, their core business isn’t necessarily your health. It’s often about advertising and creating highly personalized experiences that keep you engaged (and spending). We’ve already witnessed instances where sensitive patient data, like details about appointment scheduling or even search terms related to medical conditions, have been transmitted from hospital websites to platforms like Facebook via tracking pixels. This data, even if initially anonymized, can be incredibly valuable for targeted advertising or, worse, building incredibly detailed profiles about our health habits without our full, informed consent. It’s, as some digital privacy advocates aptly put it, “an open door for the further use and monetization of sensitive and personal health information.” This, however, isn’t anonymized – this data is attached to your file. I don’t know about you, but I don’t Samsung to have access to my medical records.

Data Breaches
No system, regardless of its “security” claims, is impervious. The healthcare industry is a prime target for cyberattacks, and the statistics are truly alarming. Millions of patient records have been exposed in data breaches, ranging from hacking incidents to ransomware attacks. We’re talking about names, addresses, Social Security numbers, full medical histories, lab results—the most intimate aspects of our lives. Companies like Change Healthcare, Kaiser Foundation Health Plan, and countless others have suffered breaches affecting millions. When government and big tech consolidate even more of this data, it creates an enormous, enticing target for malicious actors. A single breach could expose an unprecedented volume of personal health information, potentially leading to identity theft, insurance fraud, and even blackmail.

What Can You Do?
While these tools offer convenience and insights, and having easier access to your medical records is handy, the trade-off in privacy is simply too significant. It’s imperative that we, as individuals, demand greater transparency and control over our health data. We must question these partnerships between government, big tech, and medical providers and advocate for more robust protections, because ultimately, our health and our privacy are non-negotiable.

So, what steps can we take right now to push back against this increasing erosion of our health privacy?

1. Understand and Exercise Your “Opt-In” Rights (and “Opt-Out” where available):
   For this new government/big tech/medical provider health data sharing initiative, the good news is that it’s designed as an “opt-in” system. Hopefully it really is designed that way, but don’t put your full trust in that. This means you should have to actively consent before your medical records are shared within this new framework. Do not automatically opt-in. Read the terms carefully. Beyond that, many existing health information exchanges (HIEs) or state health information networks allow you to “opt-out” of sharing your broader medical records. Contact your healthcare providers and ask about their data-sharing practices and any opt-out options they offer for HIEs.
2. Discontinue Apps and Tell the Company Why: This is a powerful move. If you discover a health app is participating in data sharing practices you’re uncomfortable with, or if you simply can no longer trust their privacy commitments, discontinue your use and tell them precisely why. Don’t just delete the app; formally cancel your subscription if there is one, and look for options to delete your account and associated data. Many apps have a “data deletion” or “account closure” process within their settings or on their website. When you do this, send a clear message to their customer support or privacy officer (often found in their privacy policy) stating that your decision is specifically due to data privacy concerns and their sharing practices with third parties or government entities. Companies track user churn and the reasons behind it; your specific feedback adds to the pressure for change. Also Be Wary of Free Apps: If an app is free, chances are you are the product, and your data is the currency.
3. Spread the Word:
   This issue affects everyone, not just those of us already concerned about digital privacy. Many people are still unaware of how deeply their personal health data is being tracked, shared, and potentially monetized. Talk to your friends, family, and colleagues. Share this blog post, discuss your concerns on social media, or simply bring it up in conversation. The more people who understand the stakes, the stronger our collective voice becomes. Widespread awareness is the first line of defense against policies that undermine our fundamental right to privacy.
4. Support Privacy Organizations: Organizations like the Electronic Privacy Information Center (EPIC) the Citizens Council For Health Freedom, and the Privacy Rights Clearinghouse are actively fighting for stronger data privacy laws and advocating against unchecked data collection. Support their work, whether through donations, spreading awareness, or joining their calls to action.
5. Contact Your Legislators: Let your elected officials know that health data privacy is a critical concern for you. Urge them to enact comprehensive federal privacy laws that cover all health data, regardless of whether it’s held by a traditional medical provider or a tech company. Demand stronger government oversight of health technology. You can find your elected Congress Critter here.
6. Demand Transparency: Push for clearer, more understandable privacy policies from all companies and government initiatives handling health data. We need to know exactly what we’re consenting to, in plain language, not legalese.
   

This fight for our digital health privacy won’t be easy, but it’s essential. Our health data is not just numbers on a screen; it’s a deeply personal reflection of who we are. Let’s make sure it stays that way.