Saltar al contenido principal

CVS Personal Health Record Privacy Policy

LAST UPDATED: January 15, 2026

This CVS Personal Health Record Functionality Privacy Policy (the “PHR Privacy Policy”) supplements the CVS Privacy Policy y California Notice at Collection and describes how CVS Care Concierge, LLC (“CVS CC”) collects, uses, and discloses Personal Information about your health from Third-Party PHR Partners (defined below), health information you enter directly, or health information you otherwise consent to maintain under this PHR Privacy Policy (collectively, “PHR Data”) through your use of the CVS Personal Health Record functionality (“CVS PHR”) in the CVS Health mobile application (“CVS App”) or on CVS.com.

The CVS PHR puts you in charge of a combined view of your PHR Data. You choose which data to store in your CVS PHR, and you can use the CVS PHR to search, organize, visualize, and export your PHR Data. CVS CC recognizes that PHR Data may be sensitive. By using the CVS PHR, you agree to the collection, use, and disclosure of your information as described in this PHR Privacy Policy. If you do not agree, please do not use the CVS PHR.


Relationship to Other CVS Terms, Policies, and Notices

This PHR Privacy Policy does not apply to any other services or products provided by the CVS Health family of companies, including other services and products made available via the CVS App or CVS.com. If there is a conflict with other CVS privacy policies with respect to the CVS PHR, this PHR Privacy Policy will take precedence.

For clarity, this PHR Privacy Policy does not apply to any information you choose to view or use in the CVS PHR that is sourced from your CVS Health family of companies-affiliated or -managed healthcare providers, including (CVS Pharmacy, CVS Specialty, CVS Caremark Mail Service Pharmacy, MinuteClinic, CVS Healthcare Practices, or Oak Street Health) ("CVS Health Family of Companies Providers") unless you otherwise consent to treat such data as subject to this PHR Privacy Policy. This health information remains subject to the Health Information Portability and Accountability Act ("HIPAA") and the applicable CVS Health Family of Companies Provider's Notice of Privacy Practices ("NOPP"). Please visit the CVS Health Privacy Center to review the applicable CVS Health Family of Companies Provider’s NOPP to understand how this information is handled and your privacy rights.


1. By What Means the CVS PHR Collects PHR Data

The types of PHR Data we collect depend on how you use the CVS PHR. The CVS PHR may support data types ranging from specific health data points (such as your height and weight) that you enter to full, structured medical records from your third-party healthcare providers. You are in control of the data in your CVS PHR, and we will only collect your PHR Data with your permission.

Data From Third-Party PHR Partners

With your consent, we will connect your CVS PHR to third parties that store information about your health and have agreed to establish data connections with CVS ("Third-Party PHR Partners"). Some Third-Party PHR Partners, such as your primary care physician or your physician's electronic health records system, maintain data under HIPAA. The PHR Data that you choose to store in your CVS PHR, however, is not subject to HIPAA, even if you transfer the data from a HIPAA-covered source.

Data That You Enter Directly

Where applicable, you may also choose to enter PHR Data directly into your CVS PHR. For instance, you may be able to enter quantitative health data, such as your height and blood pressure. You also may be able to connect devices and health apps, such as wearable fitness tracker and health apps on your mobile phone, to your CVS PHR.


2. How We Use Your PHR Data

Display and Manage Your PHR Data

The CVS PHR is intended to give you the ability to easily view and manage all of your PHR Data. We use your PHR Data so that we can display it to you and give you control over your health information in the CVS PHR.

Recommendations, Notifications, and Alerts

Depending on the types of PHR Data you store in your CVS PHR, we may generate content in the CVS App or on CVS.com for you. For instance, CVS CC may provide personalized recommendations for health-related articles, reminders to obtain vaccines or visit your healthcare provider, and alerts about health and environmental conditions (such as high pollen levels) in your area.

In addition, CVS CC may use PHR Data to provide you with product and wellness recommendations and other personalized content. Some of this content may constitute marketing offers and may be paid for by third parties. To the extent applicable, CVS CC will collect your consent or authorization to use your PHR Data for such purposes. You should consult your physician or other licensed healthcare provider for medical advice or services, or to address any questions about information that we provide through the CVS PHR.
 

3. How We Disclose Your PHR Data

CVS CC does not sell or share your PHR Data, or use your PHR Data for targeted advertising, as these practices are defined under applicable laws, in connection with the CVS PHR unless you have otherwise provided consent or authorization.

With your consent or authorization, and at your direction, CVS CC will disclose your PHR Data to the individuals or organizations that you select, or enable you to disclose your PHR Data to them through your CVS PHR. For instance, you may be able to share copies of certain types of records that you store in your CVS PHR. You can also choose to share PHR Data from your CVS PHR with your healthcare providers, as well as family members or friends who are involved in your care.

You can stop these disclosures at any time. However, CVS CC cannot recover or delete any PHR Data from a third party with whom you have already chosen to share.
 

4. Sus opciones y derechos de privacidad

The Privacy Rights and Choices that are described in Section 4 of the CVS Privacidad also apply to the CVS App and CVS.com and the data stored in your CVS PHR. In addition, if you provide your consent or authorization to transfer your PHR Data to your CVS PHR, you may withdraw this consent or authorization at any time.
 

5. Retention

We will retain your PHR Data for as long as reasonably necessary to provide you with access to your CVS PHR. We will delete your PHR Data if your CVS PHR is inactive for a period of 1 year. These retention periods do not apply to (i) deidentified or aggregated data that we create from PHR Data, or (ii) any health information maintained by your CVS Health Family of Companies Providers as protected health information under HIPAA.
 

6. Revisions to the PHR Privacy Policy

We reserve the right, in our sole discretion, to change, modify, add, remove, or otherwise revise portions of this PHR Privacy Policy. If we change the PHR Privacy Policy in a material way, we will provide appropriate notice to you and seek your consent where required by applicable privacy laws.
 

7. How to Contact Us

If you have any questions or concerns about the practices described in this PHR Privacy Policy, you may contact us by email at ConsumerPrivacy@CVSHealth.com, by mail to CVS Care Concierge, Attn: Privacy Office, 1 CVS Drive, Woonsocket, RI 02895, or by phone at 1-833-533-0768.