Guideline 5.1.3(ii) — does encrypted, per-user private CloudKit storage count as "storing personal health information in iCloud"?

Guideline 5.1.3(ii) says apps "may not store personal health information in iCloud." Does this apply to any use of a private, per-user CloudKit database for health-related data, or is it specifically about unencrypted/shared storage, or data sourced from HealthKit?

If a health app end-to-end encrypts sensitive fields so that even Apple's infrastructure can't read them, and the data never leaves the individual user's own iCloud account, does that change how 5.1.3(ii) applies — or is the guideline a blanket restriction regardless of encryption?

Has anyone gotten reviewer feedback (approval or rejection) that clarifies how this is actually enforced in practice?

Thanks in advance!

Guideline 5.1.3(ii) — does encrypted, per-user private CloudKit storage count as "storing personal health information in iCloud"?
 
 
Q