It’s not an overstatement to say that the health and fitness space has been transformed in the past couple of decades. Thanks to the introduction of wearables and trackers, keeping tabs on one’s progress no longer means manually entering weights and reps into a chalky old notebook between sets. Fitness has been streamlined, incentivized, and occasionally even gamified.

But connected health devices like smartwatches, fitness trackers, and smart rings have a ton of additional potential that we’re only just beginning to tap. Their logging of real-time health stats, such as heart rate and monitoring sleep patterns, makes them a valuable source of data with wider implications.

In this article, we’ll touch on some of the ways in which APIs are already instrumental in health and fitness tech, explore how APIs can be used to navigate tricky privacy issues, and see what the future of healthcare could look like with APIs powering its modernization.

How APIs Power Health and Fitness Tech

Fitness wearables made by providers like Apple Watch, Garmin, and Fitbit rely heavily on APIs to sync health and workout data across platforms and stream health data in real time. There are already various notable examples of platforms providing health and fitness APIs, such as:

• Apple HealthKit provides a central repository for health and fitness data on Apple devices and provides an API framework that developers can use when building relevant apps.
• Garmin provides a suite of APIs, including Activity, Training, Women’s Health, and others.
• Fitbit offers an API that allows developers to interact with Fitbit data in third-party apps.
• Google Fit provides Android and REST APIs for building integrations. (Although, following their acquisition of Fitbit, these will be deprecated in 2026 and are no longer accepting new signups.)
• Spike offers a single API designed for healthcare organizations that’s capable of connecting to over 500 wearables, IoT systems, EMRs, and lab systems.

In terms of standards, organizations have made strides toward better healthcare interoperability. Various countries have adopted the Health Level Seven International’s (HL7) Fast Healthcare Interoperability Resources (FHIR) standard, a specification and set of rules designed for the secure exchange of healthcare data that uses a suite of tech derived from APIs.

Research indicates that as many as one in three Americans use wearables to track their health and fitness, and that 80% of them would be happy to share that information with their doctor(s). In most healthcare scenarios, however, that simply isn’t happening. There’s a lingering feeling that we could and should be doing more with all of the health data that’s out there.

The Untapped Potential of Health Data

In a 2016 piece on how APIs are streamlining healthcare, we wrote about how API-based services like MedlinePlus Connect and DrChrono (since acquired by EverHealth) are being used in the healthcare space.

Those apps — used to simplify diagnosis and lab test codes into plain English for patients and handling electronic health records (EHRs), respectively — are both still around today, and demonstrate the wide range of potential applications for APIs in healthcare. But there’s an elephant in the room here. Or, rather, a couple of elephants in the room.

The first of these is complacency. Unless providers and customers understand the tangible benefits of more connected healthcare systems, they won’t rush to adopt them. Not to mention that they may have anxiety around ensuring that the products they’re building comply with regulatory acts such as HIPAA. (We’ll get to that in a later section.)

The bigger of these two elephants is privacy. Although there are measures in place to protect patients, such as HIPAA and FHIR, the majority of healthcare tech remains “opt in” by design. Given the sensitive nature of health data, that’s not surprising. And much of the general public is reluctant to opt in due to fears around targeted data breaches, surveillance, and so on. Interestingly, APIs and related tech might hold the key to getting around that.

APIs and Health Data’s Privacy Dilemma

In our post on APIs in the insurance industry, we talked about how some insurance providers, like the UK’s Vitality, use third-party data from the likes of Fitbit and Garmin to reward their customers with discounts and freebies for working out, hitting step targets, and so on.

Earlier this year, Donald Trump announced a similar initiative for millions of Americans to upload health data and medical records to new apps and systems (created by private tech companies) designed to streamline the healthcare system. Even though the system would be maintained by the Centers for Medicare and Medicaid Services (CMS), the plans are controversial.

Lawrence Gostin, a Georgetown University law professor who specializes in public health, shared the following: “There are enormous ethical and legal concerns. Patients across America should be very worried that their medical records are going to be used in ways that harm them and their families.” At the very least, the potential secondary use of data is contributing to mistrust.

Applying zero trust security — least privilege enforcement, continuous verification, and other tactics — in conjunction with zero-knowledge proofs and decentralized identifiers could be a solution to this problem. Such a system could be used to verify eligibility without disclosure and be a viable alternative to a monolithic architecture that represents a honeypot for hackers.

Ultimately, armed with tools like patient-controlled identity wallets encrypted on personal data vaults (perhaps using blockchain), this setup would put the control back into users’ hands.

Invention, Innovation, and Compliance

In a theoretical future where interoperable services are the bedrock of healthcare transmission, with government and private apps requesting access to patient data via APIs, standards and compliance become even more critical to health data than they already are today.

While the emergence of standards like FHIR is valuable, and extensive information about access rights and health apps is available, compliance with regulations like HIPAA remains a source of anxiety for many developers. But this could be another case of “APIs to the rescue.”

Keragon, for example, is a healthcare automation platform that enables users to connect apps and build no-code integrations that are HIPAA-compliant by design. Elsewhere, their competitor Blaze has described themselves as a HIPAA compliant Zapier alternative.

Workato’s API also has HIPAA compliance built into it, so customers can safeguard protected health information (PHI) when building AI agents. In the UK, the NHS features a comprehensive API catalogue that includes standards defined by them. The list goes on!

These products are evidence that many in the healthcare space view APIs as an option for navigating some of the red tape associated with dealing with health data without compromising on compliance, privacy, or user safety. The more systems that can be safely and securely connected, the more complete the picture of a patient’s state of health will be.

While it’s not immediately clear what the future of healthcare looks like, in the US or beyond, APIs could hold the key to plenty of issues around security, interoperability, and patient trust. All that remains to be seen is how extensive their implementation will end up being.