23andMe removed a sentence that described separate privacy protections for telehealth services and updated references to the company name in the scope statement and contact section. The removed language previously directed users to a separate Medical Record Privacy Notice for telehealth-related medical information. The updated privacy statement no longer explicitly references this separate notice or explains how medical information collected through telehealth services is handled under different privacy rules.
The updated privacy statement no longer explicitly directs users to a separate Medical Record Privacy Notice for telehealth services or explains that medical information collected through telehealth is governed by different privacy rules. Previously, the policy stated that users choosing telehealth services coordinated through 23andMe would find healthcare privacy protections described in a separate notice. That reference is now absent from the main privacy statement. Users seeking privacy information specific to telehealth services will need to determine independently whether a separate notice exists or contact 23andMe directly using the provided contact information.
The updated policy removes explicit guidance that medical information collected through telehealth services is governed by separate privacy terms. This affects how users understand the scope of privacy protections applicable to healthcare information, and may create ambiguity about whether the main privacy statement or separate healthcare-specific terms govern medical records collected through telehealth. Organizations using 23andMe telehealth services should verify whether separate healthcare privacy protections remain in effect and how they are now disclosed.
→ Contact 23andMe using privacy@23andme.com or 1-800-239-5230 to request clarification on whether a separate Medical Record Privacy Notice for telehealth services remains in effect and where to find it.
→ Review any separate healthcare privacy documentation 23andMe provides for telehealth services to understand medical information protections.
→ Users may not realize that medical information collected through telehealth services may be subject to different privacy rules than the main privacy statement describes.
→ Disputes about medical information privacy handling may arise if the applicable privacy terms are unclear or no longer referenced in the main policy.
This is the 2nd significant Transparency Removal change 23andMe has made since ConductAtlas began monitoring.
ConductAtlas has recorded 2 material changes to this document over 43 days of monitoring (since March 2026). An additional minor or cosmetic changes were excluded.
Across all monitored documents, 23andMe has made 5 significant changes.
3 of 23andMe's significant changes have been classified as negative for consumers.
Removed language stating that users of telehealth services are covered by a separate Medical Record Privacy Notice, creating ambiguity about privacy protections for healthcare information.
Updated references from '23andMe Research Institute' to '23andMe' in scope statement and contact information, a minor organizational clarification.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Users can no longer find in the main privacy policy an explanation that medical information from telehealth services is covered by separate privacy rules.
23andMe removed language that previously directed users to a separate Medical Record Privacy Notice for telehealth services. This creates potential clarity and disclosure issues: users engaging telehealth services may no longer understand that healthcare information may be subject to separate privacy terms, and the main privacy policy no longer explains the scope of protections for medical records. If telehealth services remain subject to HIPAA or state healthcare privacy laws, the removal of this reference may obscure how those legal obligations differ from 23andMe's general privacy statement. Organizations relying on 23andMe's services through business partnerships should verify whether this removal affects how health information privacy is disclosed to their own users or customers.
HIPAA, state healthcare privacy laws (medical records), FTC Act Section 5 (unfair or deceptive practices if material privacy protections are not disclosed)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001624.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — Watcher23andMe restructured the opening section of its Terms of Service on May 5, 2026, making three operational changes: (1) The …
23andMe updated its Privacy Statement on April 19, 2026 to clarify that the policy applies to websites owned and operated …
23andMe restructured its Terms of Service on April 19, 2026, making several material changes to scope and dispute resolution. The …
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.