When you use Noom, you share sensitive health details like your weight, food diary, and exercise habits. Noom collects and uses this data for its services and improvements, and explicitly tells you this data is NOT protected by HIPAA.
Your sensitive health data — including weight, food intake, and physical activity — is collected by Noom but does not receive HIPAA protections, meaning Noom has greater latitude to share or use this data with partners and advertisers than a doctor or hospital would have with your medical records.
Cross-platform context
See how other platforms handle Health and Wellness Data Collection and similar clauses.
Compare across platforms →Noom explicitly disclaims HIPAA protection for your health data, meaning your weight, nutrition, and fitness information can be used and shared under less restrictive rules than medical records — this is a significant privacy gap many users do not expect.
REGULATORY FRAMEWORK: This provision engages the FTC Health Breach Notification Rule (16 CFR Part 318), which applies to non-HIPAA health apps and requires notification to users and the FTC in the event of unauthorized access to individually identifiable health information — the FTC has actively enforced this rule against health apps since 2023. CCPA/CPRA (Cal. Civ. Code §1798.100) classifies health and medical information as sensitive personal information requiring explicit opt-in consent for use beyond primary purpose. GDPR Art. 9 treats health data as a special category requiring explicit consent (Art. 9(2)(a)) for EU users. The document's explicit disclaimer of HIPAA coverage, while legally accurate for a wellness app, may not eliminate FTC jurisdiction over deceptive data practices.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.