Walgreens collects detailed health information including your prescriptions, medical history, allergies, and immunization records when you use their pharmacy or health programs.
This analysis describes what Walgreens's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Health and prescription data is among the most sensitive personal information, and its collection by a company that also operates digital advertising programs creates significant privacy considerations for consumers.
Interpretive note: The precise boundary between HIPAA-protected data and consumer privacy statute coverage depends on the specific data flows and processing contexts, which are not fully detailed in the policy text.
Your prescription history, health conditions, and immunization records are collected and stored by Walgreens, and may interact with digital systems beyond traditional pharmacy records management, depending on how data flows to affiliated services and partners.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Walgreens has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information about your health and wellness, including information related to your use of our pharmacy services, such as prescriptions and prescription history, health conditions, allergies, and immunizations. We may also collect information about your participation in our health and wellness programs.— Excerpt from Walgreens's Walgreens Privacy Policy
REGULATORY LANDSCAPE: This provision implicates HIPAA and its Privacy Rule for prescription and clinical health data where Walgreens acts as a covered entity; the FTC Health Breach Notification Rule may apply to health data processed outside HIPAA coverage; Washington's My Health MY Data Act, Nevada's consumer health data statute, and similar emerging state laws may apply to consumer health data processed in a retail context. HHS Office for Civil Rights is the primary enforcement authority for HIPAA matters; state AGs enforce applicable state health privacy statutes. GOVERNANCE EXPOSURE: High. The collection of prescription history, health conditions, and immunization data in a digital retail environment creates layered compliance obligations across HIPAA, consumer privacy statutes, and emerging state health data laws. The boundary between HIPAA-protected data and data subject to broader consumer privacy frameworks is operationally complex in the retail pharmacy context. JURISDICTION FLAGS: Heightened exposure in Washington state under My Health MY Data Act, California under CPRA's sensitive personal information provisions, Nevada, and any state that has enacted consumer health data statutes. HIPAA applies nationally where Walgreens operates as a covered entity or business associate. CONTRACT AND VENDOR IMPLICATIONS: Business associates and service providers receiving health or pharmacy data should have executed Business Associate Agreements where HIPAA applies. Vendor contracts should specify data use restrictions consistent with the policy's stated purposes and applicable law. Advertising or analytics vendors receiving data touching pharmacy activity require careful scoping. COMPLIANCE CONSIDERATIONS: Compliance teams should conduct data mapping to identify all systems processing health and prescription data, verify HIPAA compliance for covered transactions, assess whether third-party tracking technologies interact with health data on digital properties, and evaluate consent requirements under state health privacy statutes for data processed outside HIPAA's scope.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Health and prescription data is among the most sensitive personal information, and its collection by a company that also operates digital advertising programs creates significant privacy considerations for consumers.
Your prescription history, health conditions, and immunization records are collected and stored by Walgreens, and may interact with digital systems beyond traditional pharmacy records management, depending on how data flows to affiliated services and partners.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Walgreens.