Saltar al contenido principal

CVS App Personal Health Record Privacy Policy

LAST UPDATED: December 1, 2025

This Personal Health Record Functionality Privacy Policy (the “PHR Privacy Policy”) supplements the CVS Privacy Policy y California Notice at Collection and describes how CVS Care Concierge, LLC (“CVS CC”) collects, uses, and discloses Personal Information about your health (“Personal Health Data”) through your use of the CVS Personal Health Record functionality (“CVS PHR”) in the CVS Health mobile application (“CVS App”). 

The CVS PHR puts you in charge of a combined view of your Personal Health Data. You choose which data to store in your CVS PHR, and you can use the CVS PHR to search, organize, visualize, and export your Personal Health Data. CVS CC recognizes that Personal Health Data may be sensitive. By using the CVS PHR, you agree to the collection, use, and disclosure of your information as described in this PHR Privacy Policy. If you do not agree, please do not use the CVS PHR.


Relationship to Other CVS Terms, Policies, and Notices

This PHR Privacy Policy does not apply to any other services or products provided by the CVS Health family of companies, including other services and products made available via the CVS App. If there is a conflict with other CVS privacy policies with respect to the CVS PHR, this PHR Privacy Policy will take precedence. This PHR Privacy Policy does not apply to CVS healthcare services, such as pharmacy, medical, and health plan services. Visite nuestro Centro de privacidad to view our other CVS Health privacy policies.


1. How the CVS PHR Collects Personal Health Data

The types of Personal Health Data we collect depend on how you use the CVS PHR. The CVS PHR may support data types ranging from specific health data points (such as your height and weight) that you enter to full, structured medical records from your healthcare providers. You are in control of the data in your CVS PHR, and we will only collect your Personal Health Data with your permission.

Direct Transfers from Other Sources

You can choose to copy Personal Health Data directly from some sources to the CVS PHR, including:

  • Third-Party PHR Partners

    With your consent, we will connect your CVS PHR to third parties that store information about your health and have agreed to establish data connections with CVS ("PHR Partners"). Some PHR Partners, such as your primary care physician or your physician's electronic health records system, maintain data under the Health Information Portability and Accountability Act ("HIPAA"). The Personal Health Data that you choose to store in your CVS PHR, however, is not subject to HIPAA, even if you transfer the data from a HIPAA-covered source.

  • CVS Health-Affiliated Providers

    You may also choose to import data to your CVS PHR from a CVS-affiliated healthcare provider, such as CVS Pharmacy or MinuteClinic. To do so, you will need to complete a HIPAA authorization for each CVS Health-affiliated provider. Data that you authorize to be copied from these providers into the CVS PHR is not subject to HIPAA when it is stored in your CVS PHR.

Data That You Enter Directly

Where applicable, you may also choose to enter Personal Health Data directly into your CVS PHR. For instance, you may be able to enter quantitative health data, such as your height and blood pressure. You also may be able to connect devices and health apps, such as wearable fitness tracker and health apps on your mobile phone, to your CVS PHR.

Recommendations, Notifications, and Alerts

Depending on the types of Personal Health Data you store in your CVS PHR, we may generate content in the CVS App for you. For instance, CVS CC may provide personalized recommendations for health-related articles, reminders to obtain vaccines or visit your healthcare provider, and alerts about health and environmental conditions (such as high pollen levels) in your area.

In addition, CVS CC may use Personal Health Data to provide you with product and wellness recommendations and other personalized content. Some of this content may constitute marketing offers and may be paid for by third parties. To the extent applicable, CVS CC will collect your consent or authorization to use your Personal Health Data for such purposes. You should consult your physician or other licensed healthcare provider for medical advice or services, or to address any questions about information that we provide through the CVS PHR.


2. How We Disclose Your Personal Health Data

CVS CC does not sell or share your Personal Health Data, or use your Personal Health Data for targeted advertising, as these practices are defined under applicable laws, in connection with the CVS PHR unless you have otherwise provided consent.

With your consent or authorization, and at your direction, CVS CC will disclose your Personal Health Data to the individuals or organizations that you select, or enable you to disclose your Personal Health Data to them through your CVS PHR. For instance, you may be able to share copies of certain types of records that you store in your CVS PHR. You can also choose to share Personal Health Data from your CVS PHR with your healthcare providers, as well as family members or friends who are involved in your care.

You can stop these disclosures at any time. However, CVS CC cannot recover or delete any Personal Health Data from a third party with whom you have already chosen to share.


3. Sus opciones y derechos de privacidad

The Privacy Rights and Choices that are described in Section 4 of the CVS Privacidad also apply to the CVS App and the data stored in your CVS PHR. In addition, if you provide your consent or authorization to transfer your Personal Health Data to your CVS PHR, you may withdraw this consent or authorization at any time.


4. Retention

We will retain your Personal Health Data for as long as reasonably necessary to provide you with access to your CVS PHR. We will delete your Personal Health Data if your CVS PHR is inactive for a period of 1 year. These retention periods do not apply to deidentified or aggregated data that we create from Personal Health Data.


5. Revisions to the PHR Privacy Policy

We reserve the right, in our sole discretion, to change, modify, add, remove, or otherwise revise portions of this PHR Privacy Policy. If we change the PHR Privacy Policy in a material way, we will provide appropriate notice to you and seek your consent where required by applicable privacy laws.


6. How to Contact Us

If you have any questions or concerns about the practices described in this PHR Privacy Policy, you may contact us by email at ConsumerPrivacy@CVSHealth.com, by mail to CVS Care Concierge, Attn: Privacy Office, 1 CVS Drive, Woonsocket, RI 02895, or by phone at 1-833-533-0768.