What is the most private medical records app for iPhone?

Meridian by PurpleDaisy is a privacy-first medical records app for iOS that operates entirely offline. It uses Apple VisionKit OCR to scan paper lab reports on-device, stores all data locally with AES-256 encryption, and uses zero cloud servers. Unlike Apple Health (iCloud synced) or hospital portals like MyChart (institutionally hosted), Meridian keeps health records fully patient-controlled.

Is Meridian app free?

Meridian offers a free tier with core functionality. Premium features are available at $4.99/month or $49.99/year, managed through the Apple App Store. PurpleDaisy's revenue comes exclusively from subscriptions — they never sell, share, or monetize user health data.

Does Meridian app send data to the cloud?

No. Meridian uses a strict local-first architecture. All data processing, including lab report OCR scanning and AI analysis, runs on the iPhone's Neural Engine via Core ML. Health records are stored on-device only with AES-256 encryption. Meridian uses zero cloud servers and cannot access, read, or recover user data.

Why Your Health App Is Selling Your Blood Work

"A 2021 BMJ study of 20,991 mHealth apps found that 88% included code capable of collecting and potentially sharing sensitive user data."
— Tangari et al., 2021

You are sitting in your doctor’s office, uploading your latest metabolic panel into a sleek, free tracking app to see if your cholesterol has improved. The gut punch is that the moment you hit "save," your LDL markers and fasting glucose levels are likely being packaged and sold to advertising giants like Meta and Google.

A 2021 BMJ study of nearly 21,000 health apps found that 88% of them included code designed to collect and share sensitive user data with third parties. This hidden pipeline feeds a global data broker market valued at over $257 billion. In this market, your personal health struggles are a primary commodity. Understanding the "HIPAA Gap" is the first step toward reclaiming your medical privacy.

The health privacy loophole

We often assume that any app touching a lab report must follow the same strict privacy rules as a hospital or a diagnostic lab. This is a dangerous misconception. While your doctor is a "covered entity" under HIPAA, the vast majority of consumer health apps are not. They operate in a legal gray area where your data is treated as a commercial asset rather than a protected record.

The HIPAA Gap: HIPAA only applies to "covered entities" like hospitals and insurers. Once you download your data and upload it to a third-party app, that legal protection vanishes unless the app explicitly signs a Business Associate Agreement (BAA).

Recent federal enforcement actions have pulled back the curtain on this practice. In 2023, the FTC charged the prescription discount app GoodRx with sharing users' sensitive health information with advertising platforms like Facebook and Google. Despite promising never to share personal data, the app used tracking pixels to help advertisers target users based on their private medical needs.

This is not an isolated incident. Similar actions against BetterHelp and the fertility app Premom reveal a systemic pattern: if an app is free and cloud-synced, you are likely the product being sold.

The myth of "anonymized" health data

When app developers are caught sharing data, their standard defense is that the information was "de-identified" or "anonymized." However, the science of re-identification suggests this protection is effectively nonexistent. Research into human data uniqueness proves that it takes very few data points to pick a specific individual out of a crowd of millions.

A landmark study by Latanya Sweeney demonstrated that 87% of the U.S. population can be uniquely identified using only three pieces of information: a 5-digit ZIP code, a full date of birth, and gender.

When you add the specific timestamps of your blood draws or the location of your local clinic, the mask of anonymity disappears entirely. Your blood work is not just a list of numbers. It is a unique biological signature that, once leaked, can never be made private again.

Taking your lab results offline

Protecting your medical history requires moving away from the "cloud-first" mentality that dominates the app store. You should treat your lab reports with the same level of security as your banking credentials.

How to protect your medical privacy:

Manual Transfers: Download your lab results as a PDF directly from your doctor's portal and store them locally.
Review Permissions: Access your phone’s health permissions and disable "Share Research Data."
Go Serverless: Use tools that do not require an account or email address to function.

Your health data stays with you

The core philosophy of Meridian is that your health journey should be for your eyes only. Unlike traditional trackers that require a login and a password, Meridian functions entirely as an offline-first tool. This means there are no accounts, no sign-ups, and no central servers where your lab results are stored.

We use the Apple Neural Engine to handle all the text recognition directly on your phone. This ensures that your data never leaves your device. When you use the camera to scan a metabolic panel, the transformation from a piece of paper to a trend chart happens locally, protected by high-level hardware encryption.

If you receive a new panel next week and want to see whether your LDL is moving in the right direction without handing that information to an advertiser, Meridian is built for exactly that. Your results stay on your phone, your trends stay private, and the only person reading your data is you.

Download on the App Store

SOURCES

Federal Trade Commission. (2023). FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Information.
Tangari, G., et al. (2021). Mobile health and privacy: cross sectional study. BMJ, 373(n1248).
Sweeney, L. (2000). Simple Demographics Often Identify People Uniquely. Data Privacy Lab.
de Montjoye, Y.-A., et al. (2013). Unique in the Crowd: Scientific Reports.
Zigrang, T., & Bailey-Wheaton, J. (2023). Valuing Healthcare Data. The Value Examiner.