She Lost Coverage After Using Flo
Sarah downloaded Flo to track her periods. Logged symptoms. Mood swings. Sexual activity. Two years of intimate data.
Then her health insurance denied coverage for a pregnancy complication. The reason? "Pre-existing condition indicators."
How did they know? Flo sells "anonymized" data to data brokers. Those brokers sell to insurers. Insurers match it back to you using location data, device IDs, and behavioral patterns.
Sarah never agreed to this. She thought she was tracking her health. She was actually building a case against herself.
HIPAA Doesn't Protect You Here
Your doctor can't share your medical records without consent. That's HIPAA.
Your health app? Not covered.
Unless the app is provided directly by your healthcare provider or insurance company, HIPAA doesn't apply. That period tracker, meditation app, fitness band? They can sell everything.
What "Health" Apps Actually Track
- Period Trackers: Menstrual cycles, sexual activity, pregnancy attempts, miscarriages, abortion considerations
- Fitness Apps: Heart rate, sleep patterns, exercise frequency, weight changes, location data
- Mental Health Apps: Depression scores, anxiety levels, therapy notes, medication reminders, crisis events
- Meditation Apps: Stress levels, sleep problems, emotional states, usage patterns
- Nutrition Apps: Eating disorders, dietary restrictions, alcohol consumption, weight goals
Each data point alone seems harmless. Together, they paint your complete health picture. And that picture is for sale.
From Your Phone to Your Premium
Here's how your morning run becomes a rate hike:
- You log a workout (or don't - that's data too)
- App packages your data with millions of others
- Data broker buys the package (often for pennies per user)
- Broker "enriches" data by combining multiple sources
- Insurance companies buy "insights" about risk categories
- You get grouped into a risk pool
- Your rates adjust accordingly
The entire pipeline takes weeks. Your rate change comes months later. You never connect the dots.
Period Trackers: The Worst Offenders
After Roe fell, period trackers became surveillance tools. But they were already selling to insurers.
What Flo Knows
Flo has 300 million users. Each one shares:
- Exact cycle dates and irregularities
- Symptoms (cramps, headaches, mood)
- Sexual activity and protection used
- Pregnancy attempts and outcomes
- Weight and temperature changes
Flo claims they stopped sharing data with Facebook. But their privacy policy still allows sharing with "business partners" for "research" and "product improvement." Insurance companies fund health research. Connect the dots.
2025 Update: In December 2025, Flo and Google agreed to pay $56 million to settle class-action lawsuits over data sharing. A jury also found Meta illegally collected reproductive health data from Flo users. Flo has since introduced an "Anonymous Mode" feature, but the damage was already done. Years of intimate data had already flowed to data brokers.
What Clue Collects
Clue markets itself as "privacy-focused" because they're European. GDPR protects EU citizens. Americans? Different story.
Clue's US data can be shared with "service providers" and "partners." They use Google Analytics. Google sells to insurance data brokers. Your "private" period data flows through the same pipeline.
Ovia's Double Dip
Ovia is often provided free by employers as a "wellness benefit." Your boss pays for it. You think it's a perk.
Reality: Ovia gives employers aggregated data about employee pregnancy and fertility. HR knows how many employees are trying to conceive, having complications, or considering leave.
Individual data is "anonymized." But in a 50-person company, how anonymous is "the only woman trying IVF"?
Fitness Apps: Heart Rate to Rate Hike
Your Fitbit knows when you skip workouts. Strava logs where you run. MyFitnessPal tracks what you eat.
Strava's Global Heatmap Disaster
2018: Strava's public heatmap revealed secret military bases through soldiers' jogging routes. If they can accidentally expose military operations, what are they doing with your data?
Strava sells "Metro" data to city planners. Same dataset can identify individuals through running patterns. Insurance companies would pay well for "person who stopped exercising" lists.
Fitbit Sells to Google
Google bought Fitbit for $2.1 billion. They promised not to use health data for ads. They said nothing about insurance.
Google already partners with insurance companies through Nest (smart home discounts). Adding Fitbit data completes the picture: how you live, how you move, how you sleep.
Critical deadline: By February 2, 2026, all Fitbit users must migrate to Google accounts or lose their data permanently. Privacy advocacy groups have filed GDPR complaints against this forced migration. Your fitness history is now Google's property.
Apple Watch: Premium Device, Premium Rates
Apple claims privacy leadership. But they partner directly with insurance companies through Apple Watch.
Aetna, United Healthcare, and Vitality offer Apple Watch discounts. You "earn" the discount by meeting activity goals. Miss your goals? Premium goes up. It's surveillance disguised as wellness.
Mental Health Apps: Weaponizing Vulnerability
Feeling depressed? There's an app for that. It's also selling that depression to data brokers.
BetterHelp's Betrayal
BetterHelp settled with the FTC for $7.8 million in 2023. They shared users' mental health questionnaires with Facebook and Snapchat for advertising.
Those questionnaires included:
- Depression and anxiety levels
- Medication history
- Trauma experiences
- Suicidal thoughts
Facebook has data partnerships with insurance companies. Your therapy intake form becomes an insurance risk assessment.
Headspace and Calm
Meditation apps know exactly how stressed you are. Checking the app at 3 AM every night? That's chronic insomnia. Using "anxiety" meditations daily? That's an anxiety disorder.
Both apps use third-party analytics that share with data brokers. Your meditation practice becomes a pre-existing condition.
AI Therapy Bots
Replika, Wysa, Youper - AI therapists that never sleep. Also never forget. Every message you send is stored, analyzed, and monetized.
These aren't therapists. They're data collection interfaces designed to extract your deepest fears and sell them.
The Data Broker Ecosystem
Your health data flows through these companies:
IQVIA
The world's largest health data broker. Has records on 1.2 billion patients. Buys from apps, pharmacies, doctors. Sells "de-identified" data that researchers regularly re-identify.
Veeva Systems
Manages data for 1,000+ life science companies. Your app data helps pharma companies identify "patient populations." Insurance companies are very interested in those populations.
Crossix (now Veeva Crossix)
Matches your health data across sources. Prescription filled at CVS + fitness app data + grocery purchases = complete health profile. All "anonymized." All traceable back to you.
LexisNexis Risk Solutions
Yes, the same company tracking your driving also buys health app data. They create "risk scores" for insurance companies. One database to rule them all.
This Destroys Real Lives
Pregnancy Discrimination
Woman in Missouri was fired after her period tracker data indicated pregnancy. Company claimed "performance issues." Timeline matched perfectly with her app showing missed periods.
Mental Health Denial
Man in California lost life insurance application after using Headspace extensively during divorce. Insurer cited "mental health risk factors" without specifying source.
Abortion Prosecution
Nebraska teen's Facebook messages about abortion pills led to criminal charges. Period trackers have same data. Post-Roe, they're evidence.
Eating Disorder Discrimination
College student's MyFitnessPal data showing 800-calorie days led to health insurance marking her as "eating disorder risk." Premiums tripled.
Protecting Your Health Data
⚠️ Nuclear Option: Delete Everything
Seriously consider deleting all health apps. Use paper. Use spreadsheets stored locally. Your health data is too sensitive to trust to any company.
If You Must Use Health Apps
Choose Carefully
- Drip: Open source period tracker, stores data locally only
- FitoTrack: Open source fitness tracker, no cloud sync
- Prescrip: Local-only medication reminder
- Avoid anything "free" - you're the product
Lie Strategically
- Fake birthdate (keep it consistent)
- Fake name where possible
- Use masked email addresses
- Never use Facebook/Google login
- Use VPN to hide location
Compartmentalize
- Use separate email for health apps
- Use burner phone number (Google Voice)
- Never link to other accounts
- Pay with privacy-focused payment methods
Request Your Data
Under CCPA (California) and similar laws, request your data from every health app annually. See what they have. Demand deletion. Document everything.
The Wellness Trap
Employers push "wellness programs." Insurance companies offer "discounts" for healthy behavior. It's all surveillance.
That step challenge at work? Data goes to insurance. That "free" health screening? Straight to your permanent record. That mental health benefit? Tracked and scored.
They've gamified surveillance. You compete to give them more data. The prize? They know everything about your body. The cost? Your insurability.
Your Body Is Not a Data Point
Every health app promises to help you. Track your period. Lose weight. Sleep better. Manage anxiety.
They're lying.
They exist to extract your most intimate data and sell it. Your irregular period becomes a premium increase. Your missed workouts become a coverage denial. Your therapy notes become a pre-existing condition.
The quantified self movement was a trap. They convinced us to surveil ourselves and pay for the privilege. We bought fitness trackers to get healthy. We gave them the data to deny us healthcare.
Your body is not a product. Your health is not a data point. Your medical privacy is not negotiable.
Delete the apps. All of them. Your future self will thank you when you still have health insurance.