Regain control of your private health information

Right now, your personal health data may be bought and sold without your knowledge or consent. Learn who has your health information and how it's being used.


Access over 6.9 million healthcare providers and organizations to identify who stores your personal health information.


Restrict the sharing and selling of your personal health information or the removal of your data from their systems.


Continuously monitor the healthcare data sharing ecosystem to ensure your personal health information remains private.

With every healthcare encounter, your data is shared amongst a vast network of healthcare organizations, state health information exchanges and data brokers.

In many cases, your health data is being shared with third parties who have nothing to do with your health care. Organizations you trust are selling your health data prior to being de-identified, so organizations can link your health data to other information about you such as credit rating, income, race, consumer behavior, public records and social media data.

This is a violation of your HIPAA privacy rights.

If privacy matters to you, this is a problem. Here's why.

"I've always kind of called de-identification a privacy placebo. It works about as well as the thermostat in a hotel room. There's a lot of ways around it."

profile picture
Eric Perakslis
Duke Clinical Research Institute

Privacy is not a guarantee

As a patient, it's important to understand that while de-identification of your health information is crucial for protecting your privacy, it may not always guarantee complete security. De-identification involves removing personal details and applying data-hiding techniques to make it more difficult to link the information back to you. However, with the constant advancements in data mining and analytics, there is still a chance that someone could re-identify you by combining de-identified data with other available datasets. One technique used in the process of de-identification is tokenization, which replaces sensitive data elements with non-sensitive placeholders, or "tokens." While tokenization can help protect your information, it is not considered true de-identification because the original data can still be accessed using a "token-to-data" mapping, which may be vulnerable to unauthorized access or breaches.

"In 2021 82% of healthcare organizations reported experiencing a data breach in the last year."

profile picture
The HIPAA Journal

Greater risk of your data being exposed

In recent years, health care data breaches have highlighted a concerning correlation between the number of organizations handling patient data and the increased risk of exposure. With the rapid digitization of health care systems, the sharing and storage of sensitive patient information across various organizations have become commonplace. As a result, the likelihood of data breaches escalates. A study by the US Department of Health and Human Services (HHS) found that between 2019 and 2021, the rate of health care data breaches increased by 55.7%.

"You close the door and you think, I'm telling my doctor my most intimate medical secrets, and only my doctor knows about it. But it's sold commercially."

profile picture
Adam Tanner
Harvard University Fellow

You don't have control of your data

The increasing prevalence of health care data transactions in the digital marketplace has highlighted patients' lack of control over their own sensitive information. Personal health records, which encompass medical histories, financial data, and identifying details, are often bought and sold without patients having the ability to consent or restrict the sharing of their data. This situation not only undermines patient autonomy but also raises concerns about the secure handling and ethical use of their personal information.

"Medical records, which most patients think are private and protected, are in reality lucrative commodities in a multibillion-dollar industry."

profile picture
Medical Economics

Others are profiting from your private information

Health systems and data brokers are profiting immensely from the sale of your private health information without your explicit consent. A report by the Office of the National Coordinator for Health Information Technology (ONC) revealed that the health data market was valued at $26.68 billion in 2020, a figure expected to grow significantly in the coming years. The fact that third-parties can profit from your sensitive information raises urgent ethical concerns about the balance between the pursuit of innovation and the protection of your privacy. With health systems potentially earning billions of dollars from data sales, patients must be vigilant about how their health data is being used and demand greater transparency from healthcare providers and data brokers.

You can do something about it.

Here's how we help.

From notifying data brokers of your opt-out request to proactively managing your health information privacy, we have a solution to help.

Do Not Sell Registry™

Quickest way to request an opt-out of the selling of your health data.

  • Sign up, opt-out
  • Join the only national "do not call" list for opting out of personal health information selling and sharing.

  • Data broker access
  • Health data brokers get continuous access to our registry to learn who has requested removal of their data.

  • Peace of mind
  • We continue to work with the data industry to ensure your personal health information remains private.

Add me to the Do Not Sell Registry Learn more

Health Data

Our most comprehensive and proactive approach to health data protection.

  • Discover
  • Search from our database of seven million providers to find all the doctors and facilities you have visited.

  • Restrict
  • We direct every provider, health information exchange and data broker to restrict future sharing or remove your data.

  • Monitor
  • We continuously monitor the health data sharing ecosystem to ensure your personal health information remains private.

Get started with PrivacyGuardian™ Learn more

Who uses your health data?

It's not what you expected.

Who uses my health data?
source: goinvo

Your data, your rights

The Health Insurance and Portability & Accountability Act (HIPAA) affords you a number of rights regarding the protection of your personal health information. Certain states offer additional rights and protections.

Right to access

Patients have the right to request and obtain copies of their personal health information held by covered entities (healthcare providers, health plans, and healthcare clearinghouses) and their business associates.

Right to request amendments

Patients can ask for corrections or amendments to their personal health information if they believe there is an error or omission.

Right to an accounting of disclosures

Patients have the right to request a list of certain non-routine disclosures of their personal health information made by covered entities or their business associates.

Right to request restrictions

Patients can request restrictions on the use or disclosure of their personal health information for treatment, payment, or healthcare operations, although the covered entity is not required to agree to the request.

Right to be notified of a breach

Patients have the right to be notified if there is a breach of their unsecured personal health information.

Right to file complaints

Patients can file complaints with their healthcare provider, health plan, or the U.S. Department of Health and Human Services' Office for Civil Rights if they believe their HIPAA rights have been violated.

Right to opt-out

In some jurisdictions, patients may have the right to opt out of certain uses or disclosures of their personal health information, such as for marketing purposes or the sharing of information with specific organizations.

Right to withdraw consent

If a patient has previously provided consent for the use or disclosure of their personal health information, they may have the right to withdraw that consent in certain circumstances.

Right to object to processing

In some locations, patients may have the right to object to the processing of their personal health information for specific purposes, such as research or profiling.

Our value and promise

We value your privacy

As a privacy-first company, your private data is our number one priority. We will never sell or share your information with any third parties. We do not collect or store any of your medical data. Our goal is to identify what organizations store your data and exercise your legal protections and privacy rights regarding that data. We value transparency and will provide you with a complete record of our search results and interactions with healthcare organizations and data brokers.

Save time

Most individuals who have interacted with the healthcare system in the past decade have a larger digital data footprint than they think. In many cases, your data could be with dozens of organizations, including healthcare providers, hospitals, clinics, outpatient facilities, pharmacies, labs, health insurers, clearinghouses and data brokers. Our service can save you hundreds of hours researching, contacting, verifying and monitoring your health data annually.

Peace of mind

Our goal is to provide you with the assurance and confidence you deserve when it comes to protecting your private and sensitive health data. We understand that protecting your personal health information is of paramount importance, which is why our sole purpose is to help you stop the unauthorized sharing and exchange of your private data. By entrusting us with your privacy needs, you can focus on what truly matters.

If you care about the privacy of your health information we can help.

Get started today and take the first step for controlling the use of your personal health data.