U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Talk to the Veterans Crisis Line now

VA Web and Mobile App Privacy Policy

The Veterans Administration (VA) Privacy Services office protects your private data when you interact with the VA online. Private data includes any information that can identify you, like your name, address and social security number. It also includes your health information. There are general rules that apply to all VA online information and rules for web and mobile apps. This page describes these rules as they apply to the VA Web and the Mobile apps listed on the VA App Store.

About Federal Web Data Privacy Protection

All U.S. Federal web pages that you view, or interact with, in a browser must comply with a set of general rules to protect your private data. These include all pages in the .gov domain, including web sites like this one on mobile.va.gov, and the VA Web apps (apps that run on any device in a browser), and VA Mobile apps that run on Apple or Android devices, listed in the VA App Store. These rules include:

  • Rules under the Privacy Act rights
  • Information collected and stored automatically
  • Use of cookies and tracking technologies
  • Registration and log in
  • Password protection
  • Saving of passwords by browser
  • Logging out
  • Information sharing
  • Digital analytics

You can read more about how the VA Privacy Services addresses these issues, here: www.va.gov/privacy-policy.

About Google Analytics

Veterans Health Administration (VHA) Office of Connected Care (OCC) apps do not employ Google Analytics. These are apps in the VA App Store that have VA Health in their logo.

Some Federal agencies may participate in the Digital Analytics Program (DAP). As part of this program, Federal web sites may analyze their web traffic with Google Analytics 360 tools. DAP forbids passing any personally identifiable information -- including health information -- to Google Analytics. Information is "anonymized" (scrambled) before Google Analytics receives it. Users can receive recommendations related to personal privacy by accessing the Google Privacy Checkup. Google Analytics also has an opt-out tool to prevent sharing of information from web browsers.

About VA Apps Privacy Protection

In addition to the general federal rules listed above, The VA's Privacy Service ensures that all VA online applications listed on the VA App Store comply with rules specific to web or mobile apps. These rules include:

  • Passing data to or from the VA, like health records.
  • Terms protecting private data are included in the End User License Agreement (EULA)
  • How a device may store private data

You can read an overview of these topics from an app developer's perspective, here: Privacy and Application Data Security.

Protecting Personal Health Information

The Veterans Health Administration (VHA) also ensures that the apps developed by the Office of Connected Care further protect your personal health information. Apps with the padlock symbol on their logos require that online exchanges must occur over a secure connection within the VA network. Veterans and their designated caregivers typically need an ID.me or Login.gov subscription to satisfy this requirement. VA providers and staff must be signed in to the VA network via their personal identification verification (PIV) card to review any user data.

About Third Party Apps Privacy Protection

The VA App Store includes apps from three sources: Veterans Health Administration (VHA) Office of Connected Care (OCC) apps, VA-Sponsored apps, and suggested Third Party Apps. (See OCC App Ownership for more information about these app types. Third Party apps are only recommendations: VA does not test them.) The VA Privacy Services office tests and certifies that OCC apps and VA-Sponsored apps have passed its rules to ensure that the apps cannot reveal private information to unapproved parties.

Bluetooth and Health Data

This application utilizes Bluetooth to connect with and receive data from your personal health tracking devices (e.g., blood pressure monitors, pulse oximeters). We collect the following data:

  • Health Measurements: Data transmitted by your device (e.g., blood pressure, oxygen saturation).
  • Device Name: The name/model of the connected Bluetooth device.

Location Permission (Android 11 and Earlier)

On Android 11 and earlier, the Android operating system requires location permissions for Bluetooth functionality. This application does not access, store, or transmit your location data. The permission is solely for Bluetooth device discovery.

Bluetooth Permissions (Android 12 and Later)

On Android 12 and later, dedicated Bluetooth permissions (BLUETOOTH_SCAN, BLUETOOTH_CONNECT) are requested, eliminating the need for location permissions.

User Control

Bluetooth permissions can be managed through device settings.

Health Connect Data Usage Policy

This policy explains how Share My Health Data (SMHD) accesses, uses, and protects your health and fitness data when you grant us permission through Android Health Connect. Transparency and your privacy are very important to us. This information is provided to help you understand why we request access to certain categories of data before you grant permissions via Health Connect.

What is Health Connect?

Health Connect is an Android platform that provides a central place for users to manage and share data between their favorite health and fitness apps. You have full control over which apps can read or write data within Health Connect.

Data We Access Via Health Connect (Read-Only)

SMHD requests read-only access to health and fitness data categories within your Health Connect service. When you connect our app, the official Health Connect permission screen will show you the specific data points we are requesting and allow you to approve or deny each one. These categories may include, but are not limited to:

  • Activity: Data related to your physical activity, such as steps, distance, active time, and calories burned.
  • Body Measurements: Data related to your body composition, such as weight and body fat percentage.
  • Vitals: Data related to your body's vital signs, such as heart rate.
  • Nutrition: Data related to your diet, such as calories, macronutrients, and hydration.

Important: We only read the data you permit us to access. SMHD does not write or modify any data within Health Connect.

Why We Need This Data (Purpose of Use)

We request read-only access to your Health Connect data for two primary purposes:

  • Consolidated View for You: To provide you with a single, comprehensive view of your health and fitness information within SMHD. By accessing your activity, body measurement, vitals, and nutrition data, we can build charts based on information from all your various connected apps (like Google Fit, Fitbit, Garmin, etc.).
  • Healthcare Provider Review: To collect and securely store this information so that it can be made available for review by your designated healthcare provider(s). A holistic view of your health data can facilitate better-informed health decisions and care coordination.

The overall goal is to use the data you permit us to access to provide a clear, actionable picture of your health, both for your own use and for sharing with your care team.

Your Control

  • Granular Permissions: You choose exactly which data types SMHD can access when you grant permissions through the official Health Connect interface. This screen is the single source of truth for all requested permissions.
  • Revoking Access: You can review and revoke permissions granted to SMHD at any time directly within the Health Connect app on your Android device. If you revoke permission for a specific data type, SMHD will immediately lose the ability to access that data moving forward.
  • Data Deletion Request: To request previously shared data be removed from your health record, you must submit a privacy amendment request to the VA medical facility Privacy Officer where you receive care.