Apple is about the change the relationship between brands, data and customers. That’s the secret sauce in its new Health Kit offering, according to several observers of data and security.
“Google, Yahoo and others gather correlate, analyze and use personal identity metadata including your location, search history, browsing history to monetarize for their own purposes or to sell to others. I believe Apple is trying to build a counter story on security using identity and services encapsulated in devices you own.”
When you do business with Google, as a consumer, you strike a deal. In return for free search you get ads and for those ads you agree to your data being collected, stored and sold on. The way Apple sees business up ahead, when you use an Apple health service, Apple manages data for you, on your terms. That is a revolution.
Greg’s note of caution though is well advised because none of us know quite how Apple will implement its new “kits”. In health in particular the ultimate solution will be determined by standards that Apple may help to define. It’s also a long road – health is a conservative sector.
In order to find out more though, and picking up on Greg’s intimation of identity as the core of the solution, I spoke via email with David Waite and Paul Madsen at Ping Identity, specialists in identity management,and Farid Fadaie, senior product manager at Bit Torrent, for an alternative view of security and identity in health.
These experts have a particular interest in the use of identity and distributed systems as security mechanisms.
The first point to emerge from that discussion is that Apple has entered the health arena as an enabler. There’s surely a lesson there for every other business contemplating or executing a platform strategy.
Whatever Apple does down the line, first base is to enable local storage on the iPhone of data collected by other devices, says Waite
Short term it is entirely on the phone. They do not even support Health Kit on iPad (from what I understand) to have it work between my devices.
One of the first suppliers to throw their hat in the ring is WebMD, which is already busy on an app to interpret sensor data.
Madsen also sees Apple adopting an enabling role:
Apple is positioning itsHealth app as the point of aggregation for all the user’s different health data, and Health Kit the development platform to enable that integration. But critically, indications are that the health data will for the most part be collected by sensors (Nike+, Withings Scale, Fitbit Flex etc) of other wearable manufacturers…. offering – i..e stay away from the hardware for now and instead provide the services & software glue to tie all the existing hardware into some sort of cohesive whole.
One reason for that might be security. The iPhone (at least the later versions) have fingerprint sensor security. If health data passes between an iPhone and an iPad how can the device(s) be sure of the user’s identity? On a single device, especially the iPhone that has fingerprint access, identity is solvable on the device. With multiple devices it becomes more difficult and more prone to the complexity of multiple users.
They seem to want one device to represent a single persona, says Waite, – not a bad position for a hardware vendor to take. They encapsulate your online identity for services like Twitter and Facebook onto your device, but this is primarily so that applications do not do this work themselves.
That also means Apple is looking to deepen the service value of the smartphone, something Samsung has been trying to do. Samsung, however, has also added more devices (the Gear and Gear Fit in particular). Apple seems to be rallying the market back towards the iPhone. It means Apple must see the iPhone as a key profit center for years to come. It does also mean though that Apple must now innovate rapidly in services. As Health Kit builds momentum, Apple will be in need of a new identity solution Madsen says. Its attempt, in the near future, to parlay data between institutions and devices
….absolutely demands an underlying standardized identity layer that would give the necessary security for the health data as it flows, and the users the requisite privacy-enabling control over that flow.
OAuth 2.0 and OpenID Connect 1.0 are likely standards for Apple to draw on, though Apple has a preference for doing identity its own way. On the developer side of the equation, initially, Apple will be experimenting with different ways for developers to use data at different levels of permission, according to Waite:
The structure of health kit is such that an application asks the user for each kind of information, and the user can opt in or out of write and read access. For example, I might let this one hypothetical app read my steps taken and heart rate, but not my nutritional information.
Second base is to migrate some of a user’s health data to Apple’s Cloud but under the control of the user. Fadaie believes a P2P solution would provide greater security for an equal user experience going forward:
Based on the limited amount of information available, Apple’s view of eHealth is like a Dropbox for health-related information. Different apps can read/write to this “HealthBox” and Apple takes care of making the data available on user’s different devices. If Apple’s goal is to be a provider of such a service, a P2P solution can certainly help keep this data private without storing it on Apple’s cloud (even if the data is encrypted). This will be as usable but more private for users.
Third base is the integration of the medical profession into the data stream.
Part of the challenge there though is to integrate different strands of the medical profession in ways that are acceptable or satisfactory to them.
According to Waite:
Today, the hospital or clinic would have to have a user install an app and approve it access to data. The app can then ‘siphon’ data off the health kit database on the phone, and upload it someplace that is accessible by the hospital/clinic.
Pharmacies, labs, hospitals and clinics are going to want to be able to exchange data directly rather than going through apps on the user’s phone. The user is going to want to feel in control of that sort of communication as well. Health Kit today doesn’t provide that. But hopefully it will help build momentum toward that future outcome.
The precise nature of the Apple solution is, as yet, an unknown, but what is interesting about the exercise is the way it reverses the current data paradigm, away from Google’s collection paradigm towards a data management paradigm.