HealthConsent
Privacy Threats Privacy Guide Privacy Checklist
Data Breach Response
Give your affected members privacy protection and regain trust
For Healthcare Providers
Patient privacy protection and HIPAA compliance tools
For Employers
An employee benefit that protects their personal health information
For Digital Health Apps
FTC compliance and user privacy management solutions
Breaches live Pricing About
Sign In Protect My Data
Privacy Threats Privacy Guide Privacy Checklist Breaches live Data Breach Response For Providers For Employers For Digital Health Pricing About
Sign In Protect My Data

Privacy Policy

Your Privacy Matters to Us
We’re committed to protecting your personal information and being transparent about how we use it.

Last updated: May 2026


Privacy Summary

What We Collect

  • Information you provide (contact details, account details, identifiers you supply to submit privacy requests)
  • Identity verification information (documents, photos, and verification results from our identity verification provider)
  • Information generated through your use of the Services (request history, recipient responses, statuses, logs)
  • Device and usage data (cookies, analytics, IP address, browser/device information)

How We Use It

  • To provide and operate the Services (including preparing and submitting privacy requests you direct)
  • To verify your identity and prevent fraud
  • To communicate with you and provide support
  • To improve, secure, and maintain the Services
  • To comply with legal obligations and enforce our terms

How We Share It

  • With service providers that help us run the Services (e.g., payment processing, email delivery, hosting, identity verification, AI processing)
  • With recipients you choose (providers, pharmacies, PBMs, insurers, labs, HIEs, data brokers, etc.) to process your requests
  • For legal/safety reasons (as required by law, to prevent fraud/abuse, to protect rights)

We do not sell your personal information. We do not “share” personal information for cross-context behavioral advertising as that term is defined under certain state laws.


1. Who We Are

This Privacy Policy describes how Healthnode Inc., a corporation doing business as HealthConsent® (“HealthConsent,” “we,” “us,” “our”) collects, uses, discloses, and protects information when you use our website at myhealthconsent.org and our services (the “Services”). For purposes of applicable state privacy laws (including the CCPA/CPRA), Healthnode Inc. is the “business” or “controller” with respect to the personal information described in this Policy.

Important note about HIPAA: Healthnode Inc. is a privacy technology company. We are not a healthcare provider and do not provide medical care. Healthnode Inc. is not a HIPAA “covered entity” in that capacity. This Privacy Policy (and not HIPAA) governs Healthnode Inc.’s handling of information in connection with the Services.


2. Scope

This Policy applies to:

  • Visitors to our Site
  • Users of our Services

It does not apply to information processed by third parties (including recipients of your privacy requests) under their own privacy policies and practices.


3. Information We Collect

3.1 Information You Provide to Us

We collect information you provide directly, which may include:

  • Contact information: name, email address, phone number, mailing address
  • Account information: login credentials (or authentication tokens), preferences, settings
  • Service information: the recipients you select and details about the privacy requests you want us to submit
  • Identity and matching information (at your direction): date of birth, prior addresses, plan/member IDs, patient/account identifiers, and other identifiers you provide so recipients can locate your records
  • Identity verification information: as part of onboarding, we use a third-party identity verification service (Plaid) to verify your identity. This may include government-issued ID documents, selfie photos, and related verification results. Your identity verification information is processed by our identity verification provider and is retained as needed to comply with legal obligations and prevent fraud.
  • Signature and authorization artifacts: your signature, authorizations/consents you provide, and related metadata (e.g., timestamp, request ID) used to execute and submit requests on your behalf
  • Support communications: messages, emails, and feedback you send to us
  • Payment and billing: billing details and subscription status. Payment card information is processed by our payment processor (e.g., Stripe) and is not stored by us except as needed for receipts, invoicing, and reconciliation.
  • Family plan information: if you invite family members to your subscription, we collect their name and email address. Family members create their own accounts with their own data, separate from the primary subscriber.

3.2 Information We Collect Automatically

When you use the Site or Services, we may collect:

  • Usage data: pages/screens visited, features used, clicks, referring URLs, timestamps, error logs
  • Device and network data: IP address, browser type, device type, OS, approximate location (derived from IP)
  • Cookies and similar technologies: for authentication, security, preferences, analytics, and performance (see “Cookies” below)
  • Address autocomplete data: when you enter addresses, we use Google Maps for address validation and autocomplete. Google may receive address-related information you type.
  • Bot protection data: we use hCaptcha to protect against bots and abuse. hCaptcha may collect device and interaction data as described in their privacy policy.

3.3 Information We Generate or Receive While Providing Services

To operate the Services, we may collect or generate:

  • Request lifecycle data: which recipients you selected, request types submitted, dates sent, and status tracking
  • Recipient communications: acknowledgements, denials, completion confirmations, forms, and other messages received from recipients (including via unique email addresses created for routing)
  • Operational metadata: delivery confirmations, bounce logs, portal submission logs, fax/mail tracking (if used), and internal audit logs
  • AI-generated research data: we use AI-powered web search tools to find contact information (such as privacy office email addresses) for recipients you select. This research data is used to facilitate your privacy requests.
  • In-app notifications and inbox messages: system-generated messages informing you of request status, recipient responses, and other service-related updates

3.4 Sensitive Information / Consumer Health Data

Depending on what you provide and what recipients return, information processed through the Services may include sensitive personal information and/or consumer health data as defined by certain state privacy laws. We use this information only to provide the Services and as otherwise described in this Policy.


4. How We Use Your Information

4.1 To Provide the Services

  • Create and manage your account
  • Prepare, execute (including by applying your stored signature where authorized), and submit privacy requests you direct us to submit
  • Communicate with recipients and track outcomes
  • Provide you with updates, statuses, and confirmations
  • Provide customer support

4.2 To Secure, Maintain, and Improve the Services

  • Authenticate users and prevent unauthorized access
  • Detect, prevent, and investigate fraud, abuse, and security incidents
  • Debug, monitor, and improve performance
  • Develop and improve features (including improving workflows and request handling)

4.3 Communications

  • Send administrative communications (e.g., confirmations, billing notices, security alerts)
  • Respond to your inquiries
  • Send marketing communications where permitted by law (you can opt out of marketing emails at any time)

4.4 Legal, Compliance, and Enforcement

  • Comply with legal obligations and lawful requests
  • Enforce our Terms of Service and protect our rights and the rights of others

5. How We Share Your Information

We do not sell your personal information. We disclose information only as described below:

5.1 Service Providers (“Processors”)

We use vetted third-party service providers to help operate the Services. These providers are authorized to process information only to provide services to us and are required to protect it. Categories of service providers we use include:

  • Cloud hosting and infrastructure providers
  • Database and storage providers
  • Payment processors
  • Identity verification services
  • Email delivery services (inbound and outbound)
  • AI and machine learning service providers
  • Address validation services
  • Bot protection and fraud prevention services
  • Analytics and error monitoring tools

5.2 Recipients You Select (Privacy Request Processing)

When you choose a provider/entity and instruct us to submit requests, we share the information reasonably necessary to submit and manage those requests—such as identifiers needed for matching and the request directives themselves.

5.3 Legal and Safety

We may disclose information if we believe disclosure is reasonably necessary to:

  • comply with law, regulation, subpoena, court order, or lawful governmental request;
  • protect the safety, rights, or property of HealthConsent, our users, or others; or
  • detect, prevent, or address fraud, abuse, security, or technical issues.

5.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will take steps to ensure the receiving party honors commitments consistent with this Policy.


6. Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Essential functions: authentication, session management, security, fraud prevention
  • Preferences: saving settings
  • Analytics/performance: understanding site usage and improving the Services

Where required by law, we provide cookie choices and honor applicable opt-out preferences.


7. AI / Automated Processing

To provide the Services at scale, HealthConsent uses automated systems, including machine learning and other AI-enabled tools (“Automated Processing”), to process information associated with your account and with privacy requests.

Automated Processing may be used to read, extract, interpret, classify, summarize, and generate content from materials connected to your use of the Services, including recipient replies and request history, and to support actions you direct us to take through the Services.

7.1 AI Service Providers

We use third-party AI service providers to power Automated Processing for tasks such as text analysis, classification, summarization, content generation, and web search to research recipient contact information. These providers process information under contract with us and are required to protect it. Information processed by AI providers may include recipient names, contact information found through research, and the content of communications to and from recipients.

7.2 How Automated Processing Is Used

Without limiting the foregoing, Automated Processing may be used to:

  • read and analyze messages and attachments received from recipients;
  • classify those communications (e.g., acknowledgement, denial, request for more information, completion);
  • summarize request history and current status across recipients;
  • generate suggested next steps and draft responses or follow-up communications;
  • populate and generate request documents and other operational artifacts;
  • research and identify contact information (email addresses, fax numbers, privacy officer details) for recipients you select; and
  • improve and maintain the Services (including quality, security, and fraud prevention).

7.3 Your Acknowledgment

You acknowledge and agree that recipient communications routed through the Service may be processed by Automated Processing to deliver the Service features described above. Recipients and third parties ultimately control their own actions and decisions regarding compliance.

If you believe Automated Processing has produced an incorrect classification or recommendation, you may contact us and we will review.


8. Data Retention

We retain personal information only as long as necessary to provide the Services and for legitimate business and legal purposes, including security, dispute resolution, enforcement, and compliance.

Typical retention (may vary by context):

  • Account information: retained until you delete your account, plus a limited period for backup, security, and compliance
  • Request lifecycle and recipient response data: retained to provide ongoing service, support, auditing, and proof of submission, plus a limited period thereafter
  • Marketing communications data: retained until you opt out (or as otherwise required)
  • Legal/compliance logs: retained as required by law or as needed to protect our rights

You can request deletion as described in Section 10, subject to legal exceptions.


9. Data Security

We use administrative, technical, and physical safeguards designed to protect information, including:

  • encryption in transit and at rest (where appropriate),
  • access controls and least-privilege access,
  • logging and monitoring,
  • security reviews and patching practices.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.


10. Your Privacy Rights

Depending on where you live, you may have rights under state, federal, or international laws.

10.1 General Rights (Where Applicable)

You may have the right to:

  • Access information we hold about you
  • Correct inaccurate information
  • Delete information (subject to exceptions)
  • Opt out of marketing emails
  • Obtain a copy of certain information in a portable format (where required)

10.2 California and Other U.S. State Privacy Rights (Where Applicable)

Residents of certain U.S. states may have additional rights (e.g., to opt out of certain processing such as targeted advertising, or to limit use of sensitive information, where applicable).

Do Not Sell / Share: HealthConsent does not sell personal information and does not share personal information for cross-context behavioral advertising.

10.3 How to Exercise Rights

Email us at privacy[at]myhealthconsent.org (or use our contact form) with your request. We may need to verify your identity before responding, depending on the request and applicable law. We will respond within the timeframe required by applicable law.


11. International Data Transfers

If you access the Services from outside the United States, your information may be transferred to and processed in the United States and other jurisdictions where we or our service providers operate. We take steps designed to protect information in accordance with this Policy and applicable law.


12. Children’s Privacy

The Services are generally not intended for individuals under 18. We do not knowingly collect personal information from children under 13. Family Plan subscribers may invite family members ages 13 and older to use the Services with their own separate accounts. If you believe a child under 13 has provided us personal information, contact us and we will take appropriate steps.


13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on our Site and update the “Last updated” date. If changes are material, we may also notify you via email or in-app notification.


14. Contact Us

If you have questions or requests related to privacy, contact us:

Email: privacy[at]myhealthconsent.org

Phone: (949) 990-3800

Address: HealthConsent Attn: Privacy Officer 4343 Von Karman Ave Newport Beach, CA 92660

Stay informed about your privacy rights

Get the latest updates on health data privacy laws, tips for protecting your information, and important security alerts.

HealthConsent

Empowering individuals to regain control of their private health information through automated privacy protection and direct action.

Features

  • Health Data Broker Removal
  • HIPAA Privacy Controls
  • Provider Privacy Restrictions
  • Network Opt-Out Requests
  • State Privacy Protections
  • Auto-Generated Legal Forms
  • Real-Time Tracking
  • Personal Dashboard

Resources

  • Pricing
  • FAQ
  • Health Data Privacy Threats
  • Health Data Privacy Guide
  • Health Data Privacy Checklist
  • Know Your HIPAA Rights
  • CMIA vs HIPAA
  • State vs Federal Privacy Laws
  • Submit Health Privacy Requests
  • State-by-State Health Privacy
  • HIE Opt-Out Hub
  • Stop Health Data Sharing
  • Health Privacy Laws
  • Real Health Privacy Breaches
  • Recent Healthcare Breach Tracker
  • Privacy Blog & Insights
  • Health Privacy Law History
  • Health Privacy Resource Library

Business

  • Data Breach Response
  • For Employers
  • For Providers & Payers
  • For Digital Health

Company

  • About
  • Privacy Policy
  • Terms of Service
  • Disclaimer

Recent healthcare breaches

All breaches →
  • May 1 · 695 affected Capitol Pain Institute
  • May 1 · 2,523 affected Cunningham Prosthetic Care LLC
  • May 1 · 113,330 affected Western Orthopaedics, P.C.
  • Apr 30 · 65,000 affected City Health, a medical corporation
  • Apr 30 · 58,000 affected Exclusive Physicians PLLC
is designed, built and backed by Sharpless 🏄 in sunny Newport Beach, California
© 2026 Healthnode Inc. All rights reserved.

Trademark & Non-Affiliation Notice: HealthConsent is not affiliated with, endorsed by, sponsored by, or partnered with any organization shown. Trademarks/logos belong to their respective owners and are used for identification only.