The move is not unexpected, as it would be very much against Apple’s modus operandi to allow developers access to such crucial data without some restrictions on its use in place as a protection for users. Similar restrictions exist for the Touch ID API, which doesn’t allow developers to access user fingerprint data at all, let alone store it.
There is one exception to this rule, however…
Apple explicitly states that developers may share user health data with third parties only if those parties are using the data for health-related research. In order to share a user’s information with those third parties, the developers must first get permission from the user. Anyone who doesn’t want their information being used for research purposes can simply choose not to opt-in to any research sharing initiatives.