Local-First Architecture: A Guide To Truly Private Health Data

"Eighty-eight percent of mobile health applications contain embedded code capable of collecting and transmitting your personal data to external third-party services."
— The BMJ 2021

You just downloaded a new app to track your latest blood work and cholesterol numbers. A 2021 study published in The BMJ found that 88 percent of mobile health applications contain code capable of collecting your personal information. The majority of those observed data flows went directly to external third-party services like advertisers and analytics brokers.

Understanding how your most sensitive information is processed requires looking past the privacy policy and straight at the underlying technology.

The Core Problem With Cloud-Based Healthcare

The scale of medical record exposure is difficult to comprehend. A detailed analysis of the United States Department of Health and Human Services Office for Civil Rights breach portal revealed that 725 large healthcare breaches occurred in 2023.

This vulnerability stems directly from centralized server architecture. When millions of patient files are pooled into a single database, that server becomes a "honey pot" for hackers. Even the promise of "anonymization" is fragile. A foundational 2000 study by Latanya Sweeney demonstrated that 87 percent of Americans have a uniquely identifiable combination of just three data points: a five-digit ZIP code, a full birth date, and gender.

The Science of Data Ownership

The technical difference between a vulnerable system and a secure one comes down to cryptographic key management. Most commercial platforms rely on server-side encryption to protect your account. The service provider encrypts your files for storage using keys they generate and control.

Local-first architecture fundamentally reverses this dynamic. Modern mobile hardware utilizes dedicated secure coprocessors to handle sensitive cryptography. Apple devices rely on a system called the Secure Enclave. This hardware subsystem generates a unique root cryptographic key fused directly into the silicon.

This key is never exposed to the main operating system or to any external servers. When an application uses Apple CryptoKit to implement on-device hardware encryption, the decryption keys never leave your physical phone. The server never sees the keys. A cloud data breach therefore yields nothing but unreadable ciphertext.

Securing Your Digital Footprint

You have the power to fundamentally change how your medical history is stored and shared. Taking control of your digital perimeter requires a few deliberate adjustments:

• Review Permissions: Access the permissions of every wellness application on your phone and revoke access to your camera and local storage if not strictly required.
• Manual Transfers: Request your laboratory results as physical paper copies or direct PDF downloads to avoid vulnerable third-party portal aggregators.
• Audit Privacy Labels: Review the privacy labels in the App Store before downloading to verify their specific data collection practices.

Your medical history stays with you

Meridian is engineered entirely around local-first architecture. When you scan a physical lab report, the optical character recognition happens directly on the Apple Neural Engine inside your phone. There are no external API calls to cloud servers.

Because we utilize Apple CryptoKit and hardware encryption, your data never leaves your device. We do not maintain user accounts, eliminating the central database that attracts attackers. You hold the keys to your own information.

SOURCES

1. Tangari, G., et al. (2021). Mobile health and privacy: cross sectional study. BMJ.
2. Sweeney, L. (2000). Simple Demographics Often Identify People Uniquely. Carnegie Mellon University.
3. El Emam, K., et al. (2011). A systematic review of re-identification attacks on health data. PLoS One.
4. American Medical Association. (2022). AMA health data privacy framework.