Newly iconNewly
How to Get the Apple HealthKit Clinical Health Records Entitlement

How to Get the Apple HealthKit Clinical Health Records Entitlement

Accessing a user’s clinical records is gated — but by App Review, not a request form. Here is what you enable and what Apple checks.

Timothy Lindblom
Timothy Lindblom

Founder, Newly

HealthKit has two tiers of gating, and it is easy to confuse them. Basic health and fitness data is just a capability you toggle on. Clinical Health Records — a user’s FHIR-backed conditions, medications, lab results and allergies downloaded from their healthcare provider — needs an extra entitlement value. Crucially, there is no Apple request form for it: you enable it in your build and Apple evaluates the use at App Review, so the bar is meeting the documented requirements rather than waiting on a separate approval.

There is no pre-approval form for this capability. You enable it in your build and App Review evaluates it when you submit — so the bar is meeting the documented requirements below, not waiting on a separate approval queue.

Key Takeaways

  • Basic HealthKit is just a toggle; clinical records add the health-records access entitlement.
  • There is no pre-approval form — clinical records access is gated at App Review.
  • You must supply a clinical usage-description string and a valid privacy policy URL.
  • Clinical records access is read-only and must serve the user, not advertising.

Health Records at a Glance

No form
App Review gated
Read-only
Clinical records
FHIR
Record format
Privacy URL
Required

What This Entitlement Is

The com.apple.developer.healthkit.access entitlement with the health-records value lets your app request read-only access to clinical records the user has downloaded into the Health app from a supported institution. It is distinct from general HealthKit health/fitness data. Because it covers sensitive medical information, Apple requires specific Info.plist strings and a privacy policy, and reviews the app’s use of the data closely during submission.

Entitlement & config keys

  • com.apple.developer.healthkit
  • com.apple.developer.healthkit.access = ["health-records"]
  • NSHealthClinicalHealthRecordsShareUsageDescription (Info.plist)
  • NSHealthShareUsageDescription (Info.plist)

Who Needs It

Patient-facing health apps

Apps that surface a user’s own medical records — conditions, medications, labs, allergies, immunizations.

Care coordination & disease management

Chronic-condition, medication-adherence and care-team apps that read clinical data to personalize guidance.

Health research apps

Research apps that use clinical records, subject to Apple’s additional health-research rules and consent.

Not for basic fitness data

If you only need steps, workouts or heart rate, plain HealthKit (a simple toggle) is enough — you do not need clinical records.

How to Enable It and Pass Review

  1. 1

    Enable HealthKit and the clinical records access

    Turn on the HealthKit capability and add the health-records value to com.apple.developer.healthkit.access. Automatic signing adds it to your App ID immediately — there is no form to submit.

  2. 2

    Add the required usage strings

    Provide NSHealthClinicalHealthRecordsShareUsageDescription and NSHealthShareUsageDescription in Info.plist explaining what you do with the data and why.

  3. 3

    Publish a privacy policy

    Add a valid privacy policy URL — it is shown on the clinical-record permission sheet and is required for review.

  4. 4

    Request only the data types you use

    At runtime call HKHealthStore.requestAuthorization with the specific clinical types you actually need — do not over-request.

  5. 5

    Submit through normal App Review

    There is no separate queue. App Review evaluates that you use clinical data appropriately under the Health guidelines when you submit the build.

What App Review Evaluates

  • That the app meaningfully uses the clinical data it requests — unused types get flagged.
  • That you provide clear usage-description strings and a working privacy policy URL.
  • That clinical health data is never used for advertising, marketing or data sale.
  • That the app complies with the Health and Health Research App Store Review guidelines.

Timeline. There is no pre-approval cycle: automatic signing adds the entitlement to your App ID as soon as you enable it. The real gate is normal App Review when you submit — so plan your timeline around the standard review queue, not a separate entitlement approval.

Common Reasons It Gets Rejected

Declared but unused data types

Apple may reject apps that request clinical record types they do not actually use.

How to avoid it: Request only the clinical types your features genuinely read, and demonstrate the flow.

Missing usage string or privacy policy

A missing or weak usage-description string, or an absent privacy policy URL, blocks review.

How to avoid it: Write a specific clinical usage string and link a real, reachable privacy policy.

Disallowed use of the data

Using clinical health data for advertising, marketing or sharing with third parties violates the Health guidelines.

How to avoid it: Keep clinical data on-device or strictly for the user-facing feature, and document how it is handled.

Adding It in Newly

Newly builds real native apps, so the capability goes into your app exactly the way it would in a hand-written project — you just describe it instead of editing config files.

  1. 1Ask Newly to "let users connect their clinical health records and show medications and lab results."
  2. 2Newly enables HealthKit, adds the health-records access entitlement and the required Info.plist usage strings to your iOS build.
  3. 3Add a privacy policy URL in your project settings — Apple shows it on the permission sheet.
  4. 4Build and submit from the Deploy modal; clinical records access is verified during normal App Review.

For the full deployment flow, see the permissions & entitlements guide in the Newly docs.

Frequently Asked Questions

Is there a form to request clinical health records access?

No. Unlike Family Controls or CarPlay, there is no standalone request form. You add the health-records value to the HealthKit access entitlement in your build, and Apple evaluates the use during App Review.

What is the difference between HealthKit and clinical health records?

Basic HealthKit covers health and fitness data (steps, workouts, heart rate) and is just a capability toggle. Clinical Health Records covers FHIR-based medical records from healthcare institutions and needs the additional health-records access entitlement plus extra usage strings.

Can I write clinical records back to Health?

No. Clinical Health Records access is read-only. You can read the records the user has downloaded into the Health app but cannot create or modify them.

Do I need a privacy policy?

Yes. A valid, reachable privacy policy URL is required and is displayed on the clinical-record permission sheet. Apps without one are rejected.

Ship a Health Records app without fighting the native config

Describe the feature and Newly wires up the entitlement keys, Info.plist / manifest entries and native modules for you — then builds and submits to the App Store and Google Play. You still file the approval yourself, but the build is ready the moment it's granted.

Start Building Your App

Sources & Further Reading

Official Apple documentation for the Health Records capability. Always confirm the current requirements against these pages before you apply.

Continue Learning

Critical Alerts Entitlement

Notifications that bypass silent mode — common in health apps.

Family Controls Entitlement

Screen Time and parental-control distribution entitlement.

Default App Entitlements

Another App-Review-gated set of iOS entitlements.

Android Restricted Permissions

Health Connect and other declaration-gated Android permissions.