23andMe · 23andMe Privacy Statement

Separate Medical Record Privacy Notice for Telehealth

Medium severity
Share 𝕏 Share in Share

Why it matters

Health information collected through telehealth may be subject to different — potentially HIPAA-compliant — standards, but consumers need to locate and read a separate document to understand those protections.

Consumer impact

23andMe collects highly sensitive genetic and health data that can reveal predispositions to serious diseases and relate to biological relatives who never consented to testing. The company may share de-identified genetic data with pharmaceutical and research partners if you opt into the Research program, and can disclose personal data to law enforcement in response to valid legal process. You can opt out of research participation, request sample discard, or delete your account entirely through your account settings at https://www.23andme.com/settings/.

Applicable agencies

  • Hhs Ocr
    HHS Office for Civil Rights enforces HIPAA privacy rules applicable to health data collected through telehealth services.
    File a complaint →

Provision details

Document information
Document
23andMe Privacy Statement
Entity
23andMe
Document last updated
March 24, 2026
Tracking information
First tracked
March 20, 2026
Last verified
March 20, 2026
Record ID
CA-P-000903
Document ID
CA-D-00148
Evidence Provenance
Source URL
https://www.23andme.com/legal/privacy/
Wayback Machine
View archived versions →
SHA-256
844495d7dee785114a99561b45c570c06ec624efeede6528fc52ced0ba522f1b
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: 23andMe | Document: 23andMe Privacy Statement | Record: CA-P-000903
Captured: 2026-03-20 10:27:43 UTC | SHA-256: 844495d7dee78511…
URL: https://conductatlas.com/platform/23andme/23andme-privacy-statement/separate-medical-record-privacy-notice-for-telehealth/
Accessed: April 4, 2026
Classification
Severity
Medium
Categories
Privacy rights

Other provisions in this document