Frequently Asked Questions

In this post

Who uses HealthConsent?

People who care about the privacy of their personal health information (PHI) and want to regain control of how it is used and shared.

Why choose HealthConsent?

HealthConsent is the only organization dedicated to the privacy of your personal health information, providing you with the tools to ensure your data remains private. If you care about the privacy of your health information we can help.

Save time

Most individuals who have interacted with the healthcare system in the past decade have a larger digital data footprint than they think. In many cases, your data could be with dozens of organizations, including healthcare providers, health information exchanges, hospitals, clinics, outpatient facilities, pharmacies, labs, health insurers, clearinghouses, and data brokers. Our service will save you hundreds of hours researching, contacting, opting-out, resetting your privacy preferences, and submitting delete requests for your personal health information.

Peace of mind

Our goal is to provide you with the assurance and confidence you deserve when it comes to protecting your private and sensitive health data. We understand that protecting your personal health information is of paramount importance, which is why our sole purpose is to help you stop the unauthorized sharing and exchange of your data.

How does HealthConsent work?

HealthConsent is a privacy-first service that helps individuals control the use and disclosure of their personal health information (PHI) and further prevents their data from being bought, sold, and exchanged.

HealthConsent offers two services that will help protect your health data:

National Do Not Sell Registry™️ features include:

  • One-click signup
  • Continuous listing on HealthConsent’s National Do Not Sell Registry™️ (similar to the “do not call” list for phone numbers)
  • Opt-out request of sharing and selling of personal health information
  • List available to all health data brokers for opt-out confirmation
  • Addition of new health data brokers as they come online

Health Data PrivacyGuardian™️ features include:

  • All features of the Do Not Sell Registry
  • Choose from more than 6.9 million providers, clinics, and facilities
  • Request an accounting of all disclosures of your health data
  • Proactively restrict the use of data
  • Update privacy preferences with all providers
  • Automated delete requests with health information exchanges and data brokers
  • Personalized dashboard
  • Email support

Why should I trust HealthConsent?

We value your privacy

As a privacy-first company, protecting your private healthcare data is our number one priority. We will never sell your information to any third parties. We do not collect or store any of your medical data. Our goal is to help you identify what organizations retain your personal health information (PHI) and exercise your legal protections and privacy rights regarding this data.

Why should I be concerned with my health information being shared?

With every healthcare encounter, your data is shared amongst a vast network of healthcare organizations, state health information exchanges, and data brokers. In some cases, your health data may be shared with third parties who have nothing to do with your healthcare. Organizations you trust may be sharing your health data prior to being de-identified. Even if your personal health information is de-identified prior to sharing or selling, it can still be re-identified later using modern technology. Once you have been re-identified, a profile is created about you that includes your historical health information which can be linked to other data collected about you,, including credit rating, income, race, consumer behavior, public records, and social media data. This is a violation of your HIPAA privacy rights and, in our view, it’s unethical and immoral.

How do I sign up?

Click on the Get Started button or any product button to sign up.

How much does HealthConsent cost?

We offer monthly and annual subscriptions for PrivacyGuardian™️, and an annual subscription for the National Do Not Call Registry™️. If you are interested in team discounts for your organization of 10 or more members, please Contact Us for more information.

What happens after I sign up for HealthConsent?

National Do Not Sell Registry™️

We will add you to our registry that is continuously shared with our database of health data brokers. HealthConsent will advocate for your sensitive information to be immediately removed from data broker databases.

Health Data PrivacyGuardian™️

After signup, you will be directed to a short onboarding process that will verify your identity using our service provider Plaid. If you’ve every connected your bank account or credit card to an online service, you will be familiar with their interface. The process is quick and easy and can be done from the comfort of your own home. Then, you will be prompted to identify all the providers and healthcare organizations you have visited. If at any time you would like to add to the list, you are free to do so on the app dashboard. HealthConsent will continue to direct the removal and restriction of your health data, depending on the provider or entity type. The app dashboard is continuously updated as we receive responses to our requests.

I don’t live in the US. Can I still sign up for HealthConsent?

At this time, we are unable to support non-US citizens, however, take a look at the European Union data privacy regulations, specifically the General Data Protection Regulation (GDPR) to learn more about European regulations and support services.

Do I need a credit card to sign up?

You can, but we also have alternative payment methods. We accept all major credit cards, Cash App, Google Pay, and Apple Pay.

How can I contact the HealthConsent support team?

Visit our Contact Us page and complete the Get in touch form or email support [at] myhealthconsent.org.

What should I be aware of when signing privacy forms at my doctor’s office?

When reviewing a HIPAA notice or privacy policy, pay attention to the fine print – specifically any language that pertains to the sale or sharing of your information for marketing or research purposes. Look closely at whether the notice is simply an acknowledgment that you have read the policy or if you are signing to consent to their sharing practices. In particular, if there is notice of your information being stored or shared with an option to opt-out, this is a clear indication that your information is being shared without necessity. See the example below:

Example Privacy Notice

Keep in mind, that refusing to sign a privacy notice does not prevent you from receiving treatment. Refer to the U.S. Department of Health and Human Services for more information.

What if I have a partner/spouse who wants to sign up or I want to protect my minor children’s health information?

Health Data PrivacyGuardian™️ offers protection for up to 5 family members. Each adult must verify their identity. One parent or guardian must attest on behalf of their children.

The Health Insurance Portability and Accountability Act (HIPPA) defines how your doctor and other healthcare entities may use and disclose your personal health information (PHI).

Permitted Uses and Disclosures.

A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures); (2) Treatment, Payment, and Health Care Operations; (3) Opportunity to Agree or Object; (4) Incident to an otherwise permitted use and disclosure; (5) Public Interest and Benefit Activities; and (6) Limited Data Set for the purposes of research, public health or health care operations.18 Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make.

(1) To the Individual. A covered entity may disclose protected health information to the individual who is the subject of the information.

(2) Treatment, Payment, Health Care Operations. A covered entity may use and disclose protected health information for its own treatment, payment, and health care operations activities.19 A covered entity also may disclose protected health information for the treatment activities of any health care provider, the payment activities of another covered entity and of any health care provider, or the health care operations of another covered entity involving either quality or competency assurance activities or fraud and abuse detection and compliance activities, if both covered entities have or had a relationship with the individual and the protected health information pertains to the relationship. See additional guidance on Treatment, Payment, & Health Care Operations.

Treatment is the provision, coordination, or management of health care and related services for an individual by one or more health care providers, including consultation between providers regarding a patient and referral of a patient by one provider to another.20

Payment encompasses activities of a health plan to obtain premiums, determine or fulfill responsibilities for coverage and provision of benefits, and furnish or obtain reimbursement for health care delivered to an individual21 and activities of a health care provider to obtain payment or be reimbursed for the provision of health care to an individual.

Health care operations are any of the following activities: (a) quality assessment and improvement activities, including case management and care coordination; (b) competency assurance activities, including provider or health plan performance evaluation, credentialing, and accreditation; (c) conducting or arranging for medical reviews, audits, or legal services, including fraud and abuse detection and compliance programs; (d) specified insurance functions, such as underwriting, risk rating, and reinsuring risk; (e) business planning, development, management, and administration; and (f) business management and general administrative activities of the entity, including but not limited to: de-identifying protected health information, creating a limited data set, and certain fundraising for the benefit of the covered entity.22

Most uses and disclosures of psychotherapy notes for treatment, payment, and health care operations purposes require an authorization as described below.23 Obtaining “consent” (written permission from individuals to use and disclose their protected health information for treatment, payment, and health care operations) is optional under the Privacy Rule for all covered entities.24 The content of a consent form, and the process for obtaining consent, are at the discretion of the covered entity electing to seek consent.

At this time, it is considered legal for your doctor to share de-identified health information with contracted third parties. However, with recent technological advancements and research in data mining and analytics, it has been proven to be rather easy to re-identify your information by simply combining multiple sources of de-identified data.

Many states are adding new privacy laws that protect your information beyond the HIPAA privacy rule. Visit US State Privacy Legislation Tracker to see if your state has begun or passed data privacy legislation.

Most healthcare organizations and data brokers have a published turnaround time to address these types of requests. The average is 45 days.

Where can I view your terms of use?

HealthConsent terms of use

Where can I view HealthConsent’s website disclaimer?

HealthConsent disclaimer

Where can I view your privacy policy?

HealthConsent privacy policy

What is HIPAA?

The Health Insurance and Portability & Accountability Act (HIPAA) and Privacy Rule affords you a number of rights regarding the protection of your personal health information (PHI). Certain states offer additional rights and protections.

Where can I learn more about my state’s privacy regulations?

You can visit the National Conference of State Legislatures for more information.