Bloomberg:

Apple Inc. responded to Democratic Senators who sent a letter to Chief Executive Officer Tim Cook with questions related to the privacy of the iPhone maker’s Covid-19 screening tools.

From the letter Apple sent in response:

Consistent with Apple’s strong dedication to user privacy, the COVID-19 app and website were built to protect the privacy and security of users’ data. As you note, use of the tools do not require a sign-in or association with a user’s Apple ID, and users’ individual responses are not sent to Apple or any government organization. Access to important information and guidance regarding individual health or the health of a loved one should not require individuals to compromise their privacy rights. Rather, it is in times like these, that our commitment to protecting those rights is most important. Our COVID-19 app and website were designed with that in mind. We appreciate the opportunity to provide the Senators with more information about the COVID-19 app and website.

The letter goes into a fair amount of detail, solid answers to solid questions. Worth taking the time to read.

I found question 2, and the response, to be especially interesting:

Are the Apple screening site and app governed under the terms of the HIPAA? If not, please explain why.

In a nutshell, the response:

Neither the site nor app are covered by HIPAA. Notwithstanding, we have applied strong privacy and security protections to the app and the website, including designing both tools to meet some of the technical safeguard requirements of HIPAA, such as access controls and transmission security.

And for Google folks, The Verge has a well written post that includes some detail on Google’s approach.

As a reminder, here’s a link to a comic about COVID-19 contact tracing that helped me wrap my head around the basic concepts.