• Home
  • About
  • Checklist
  • Delete my data
  • Privacy News
  • Blog
  • More
    • Home
    • About
    • Checklist
    • Delete my data
    • Privacy News
    • Blog
  • Home
  • About
  • Checklist
  • Delete my data
  • Privacy News
  • Blog

How can I keep my health information private?

Most of your health information is protected by federal and state laws. This type of data is called Protected Health Information (PHI). However, there is also health information that is not covered by these laws — think about information collected through your Fitbit or Apple Watch, health information you search for online, or data from DNA testing kits.


Important warning about DNA testing companies: 23andMe filed for bankruptcy in March 2025, raising serious concerns about what will happen to the sensitive genetic data of over 15 million users. IAPP 23andMe is not covered by HIPAA, meaning your DNA data isn't protected the way medical records at a doctor's office would be, and the company reserves the right to sell or transfer personal information as part of a bankruptcy or acquisition. McAfee If you have a 23andMe account, you should strongly consider deleting your genetic data and revoking research permissions as soon as possible. Similar caution applies to other DNA testing services such as Ancestry.com — always review their privacy settings and data sharing options.


Some general guidelines:

  • Be mindful of who you provide your health information to — especially health apps, wearables, and DNA testing services, which are not covered by HIPAA
  • You can request access to your Protected Health Information from your healthcare provider
  • You can file a complaint with the Department of Health & Human Services (HHS) if you think your medical information was not used or shared in a legal way — or file directly via the OCR Complaint Portal
  • Learn more about your health information privacy rights under HIPAA


Use the below security protections when dealing with your medical information:


1. Encrypt your correspondence

When sending health-related information by email or message, use an encrypted service to prevent interception:

  • ProtonMail — free encrypted email
  • Signal — encrypted messaging app for sensitive communications


2. Use strong passwords

  • Use a unique, strong password for every health-related account (patient portals, health apps, insurance websites)
  • Use a password manager to generate and store them securely
  • Enable 2-Factor Authentication (2FA) wherever possible


3. Limit access to your health data on mobile apps

Review and restrict which apps can access your health data on your device:

  • iPhone/iPad: Control which apps can access Health data on iOS
  • Android: Manage health app permissions on Android
  • Google Fit / Health Connect: Manage app permissions in Health Connect


4. Review privacy settings on health and fitness apps 

Major health platforms have their own data sharing settings worth reviewing:

  • Apple Health privacy settings
  • Fitbit / Google privacy settings
  • MyFitnessPal privacy settings

Copyright © 2018-2026 PRIVACY101.org  

All Rights Reserved | Privacy Policy 

Powered by