Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple CareKit integrates with Tresorit ZeroKit to secure patient data in the cloud

Apple on Tuesday announced its CareKit development framework, designed to create apps that let healthcare professionals continue followup care with patients, is now integrated with Tresorit's ZeroKit, which provides end-to-end encryption of users' account credentials and their health data to the cloud.

Apple announced CareKit last spring as an extension of ResearchKit. While ResearchKit was intended to help create apps that enabled medical researchers to gather and analyze health related data from study participants, CareKit — in response to practitioners' requests — was created to help individuals better manage their own medical conditions.

CareKit-based apps allow users to track their symptoms, activity and medications. For example, one new app in development at Texas Medical Center focuses on post surgical care, tracking patients pain levels, temperature, range of mobility and the medications they take. This data is encrypted for secure storage on users' iPhones, but many apps also make use of shared data with their care teams.

Other CareKit apps focus on managing chronic conditions or diseases like diabetes that require tracking of symptoms such as pain, hunger and dizziness as well as monitoring glucose levels.

CareKit itself doesn't handle encryption to the app developers' servers, requiring separate work by developers. Tresorit has already developed end-to-end encryption for its file sync and sharing application. This is serving as the foundation for the company's ZeroKit framework, designed to make it easy to protect user passwords and their medical records.

As noted in a release today on Apple's CareKit blog, ZeroKit integrates with Apple's CareKit to provide both secure, "zero knowledge proof" user authentication to protect user passwords from breaches, as well as helping developers to store patients' Protected Health Information (PHI) in the cloud with end-to-end encryption in order to comply with U.S. HIPAA requirements required by the Health Insurance Portability and Accountability Act.

In a press release, Tresorit explained that ZeroKit "combines zero knowledge methodology and end-to-end encryption," so that user passwords and patient data such as medical reports "never reach the servers in plain text."

Because all encryption and password transformation happens on users' devices and the readable formats never leave them, "user data cannot be read by unauthorized people," the company noted. "Even in case of a server data breach, hackers will only find unreadable data."

The company's cofounder and chief executive Istvan Lam stated, "Our mission is to help people stay secure and protect their privacy. With ZeroKit, our aim is to make our core end-to-end encryption technology available for all developers and enable them to build secure digital health tools."

Lam added, "Secure authentication goes hand-in-hand with end-to-end encryption of data: without that, end-to-end encryption is practically useless. ZeroKit is an out-of-the-box solution for this."

Tresorit's ZeroKit is already being used by healthcare apps including The Diary's CarePro, a tool to automate care coordination, and DrNearMe, a service for connecting patients to health providers.