When you use Instacart to order prescription medications, the company collects health-adjacent information related to your prescription, which is handled under a separate section of the privacy policy not available on white-label retailer sites.
Your prescription medication order data is collected by Instacart and may be used or shared in ways that reveal sensitive health information, creating privacy risks that go beyond typical grocery shopping data.
Cross-platform context
See how other platforms handle Prescription Delivery Data Handling and similar clauses.
Compare across platforms →Prescription data is among the most sensitive personal information — if this data is shared with advertising partners or insufficiently protected, it could expose your health conditions to third parties without your knowledge.
(1) REGULATORY FRAMEWORK: Prescription data collection implicates potential proximity to HIPAA (45 CFR Parts 160 and 164), though Instacart as a delivery intermediary is likely not a HIPAA-covered entity. However, if Instacart receives Protected Health Information (PHI) from a covered pharmacy partner, Business Associate Agreement (BAA) obligations under HIPAA §164.502(e) may apply. The FTC Health Breach Notification Rule (16 CFR Part 318) may apply to non-HIPAA health data. State health privacy laws (e.g., Washington My Health MY Data Act) may impose additional restrictions. (2)
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.