Health Connect apps collect health and fitness data, which may contain personal and sensitive data. Apps distributed through Google Play must meet the following policy requirements in order to read and/or write data to Health Connect.
What apps are eligible for Health Connect?
To be eligible to read and/or write data to Health Connect, an app must fall under an approved use case. These use cases include:
- Applications, services, or features designed with the primary purpose to benefit users' health and fitness via a user interface allowing users to directly journal, report, monitor, and/or analyze their physical activity, sleep, mental well-being, nutrition, health measurements, physical descriptions, and/or other health or wellness-related descriptions and measurements.
- Applications, services, or features designed with the primary purpose to benefit users' health and fitness via a user interface allowing users to sync their physical activity, sleep, mental well-being, nutrition, health measurements, physical descriptions, and/or other health or wellness-related descriptions and measurements.
1. Privacy requirements
Apps that read and/or write to Health Connect must meet privacy requirements outlined in the Health Connect Permissions section of Permissions and APIs that Access Sensitive Information as part of Google Play policy.
To be eligible to read and/or write to Health Connect, all apps must strictly follow all Health Connect Permissions policies, including but not limited to the following requirements:
- Health Connect may only be used for approved use cases. Additionally, apps may only request access to permissions that are critical to implementing the application or service's functionality.
- Apps reading and/or writing to Health Connect can only transfer data to third parties for reasons that include providing or improving an app’s appropriate use case or features that are clear from the requesting application's user interface and only with the user’s consent. All other transfers, uses, or sale of user data is completely prohibited, including transferring or selling user data to third parties like advertising platforms, data brokers, or any information resellers.
- Apps reading and/or writing to Health Connect can only request access to the permissions necessary to implement the app’s features or services.
- Apps reading and/or writing to Health Connect must provide user help documentation that explains how users can manage and delete their data from the app.
2. Security requirements
Apps that read and/or write to Health Connect must meet the secure data handling requirements outlined in the Health Connect Permissions section of Permissions and APIs that Access Sensitive Information of Google Play Policy.
Depending on the data types requested and number of user grants or users, apps will be required to go through a security assessment from Google empanelled security assessors.
Frequently Asked Questions (FAQ)
What are the approved use cases for Health Connect permissions?
|Approved use cases
Fitness and Wellness
Applications that allow users to track their fitness / wellness and progress to their goals using phone sensors, manual journalling or participating in digital classes and guided sessions.
Applications that encourage users to adopt and maintain healthy habits in exchange for financial rewards.
Applications that feature virtual human fitness coaching helping users to achieve a health or fitness goal. Human coaches have access to user data to check on progress and provide guidance and support.
Enterprise focused platforms that enable wellness managers to distribute and manage wellness programs for employees.
Applications that help users receive and manage clinical care. These applications may provide services that exchange health and fitness data with clinical teams, such as condition management apps focused on medical conditions like diabetes or hypertension.
Health Connect is a general purpose data sharing platform that allows users to aggregate health and fitness data from various sources on-device and share it with third parties at their election. The data does not necessarily originate with Google or any Google affiliates and has not been reviewed by Google. It is your responsibility to assess whether Health Connect is appropriate for your intended use and to investigate and vet the source and quality of any data from Health Connect in connection with any purpose, and, in particular, for research, health, or medical uses.
Applications give users the opportunity to donate their data for health research studies. These studies are typically approved by an Institutional Review Board (IRB) or Ethics Committee (EC) and collect user consent for conducting health research.
Apps conducting health-related human subject research using data obtained through Health Connect must obtain consent from participants or, in the case of minors, their parent or guardian. Such consent must include the (a) nature, purpose, and duration of the research; (b) procedures, risks, and benefits to the participant; (c) information about confidentiality and handling of data (including any sharing with third parties); (d) a point of contact for participant questions; and (e) the withdrawal process. Apps conducting health-related human subject research using data obtained through Health Connect must receive approval from an independent board whose aim is 1) to protect the rights, safety, and well-being of participants and 2) with the authority to scrutinize, modify, and approve human subjects research. Proof of such approval must be provided upon request.
Applications where a user’s progress in a game is influenced or impacted by their fitness and/or wellness. These are games that collect a user’s activity data as a way to advance game play.
What happens if my app does not pass privacy and security verification?
How do I get a security assessment if my app needs one?
How do I access data through Health Connect?
- If your app does not require access to specific data types, then you must not request access to these data types.
- Be as detailed as possible in your app description documenting the purpose for your access requests.
- Request the minimum data types needed and provide a valid use case for each request.
What are the restricted Health Connect data types?
|Lean Body Mass
|Basal Metabolic Rate
|Basal Body Temperature
|Heart Rate Variability
|Resting Heart Rate