Walgreens collects detailed health information including your prescriptions, medical history, allergies, and immunization records when you use their pharmacy or health programs.
This analysis describes what Walgreens's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Health and prescription data is among the most sensitive personal information, and its collection by a company that also operates digital advertising programs creates significant privacy considerations for consumers.
Interpretive note: The precise boundary between HIPAA-protected data and consumer privacy statute coverage depends on the specific data flows and processing contexts, which are not fully detailed in the policy text.
Your prescription history, health conditions, and immunization records are collected and stored by Walgreens, and may interact with digital systems beyond traditional pharmacy records management, depending on how data flows to affiliated services and partners.
How other platforms handle this
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
With your permission, we may also receive data from your mobile device's health app (like Apple HealthKit or Google Health Connect), including hours of sleep and sleep goals. However, we do not infer any health-related characteristics from this information and only process it consistent with the pur...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Walgreens has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information about your health and wellness, including information related to your use of our pharmacy services, such as prescriptions and prescription history, health conditions, allergies, and immunizations. We may also collect information about your participation in our health and wellness programs.— Excerpt from Walgreens's Walgreens Privacy Policy
REGULATORY LANDSCAPE: This provision implicates HIPAA and its Privacy Rule for prescription and clinical health data where Walgreens acts as a covered entity; the FTC Health Breach Notification Rule may apply to health data processed outside HIPAA coverage; Washington's My Health MY Data Act, Nevada's consumer health data statute, and similar emerging state laws may apply to consumer health data processed in a retail context. HHS Office for Civil Rights is the primary enforcement authority for HIPAA matters; state AGs enforce applicable state health privacy statutes. GOVERNANCE EXPOSURE: High. The collection of prescription history, health conditions, and immunization data in a digital retail environment creates layered compliance obligations across HIPAA, consumer privacy statutes, and emerging state health data laws. The boundary between HIPAA-protected data and data subject to broader consumer privacy frameworks is operationally complex in the retail pharmacy context. JURISDICTION FLAGS: Heightened exposure in Washington state under My Health MY Data Act, California under CPRA's sensitive personal information provisions, Nevada, and any state that has enacted consumer health data statutes. HIPAA applies nationally where Walgreens operates as a covered entity or business associate. CONTRACT AND VENDOR IMPLICATIONS: Business associates and service providers receiving health or pharmacy data should have executed Business Associate Agreements where HIPAA applies. Vendor contracts should specify data use restrictions consistent with the policy's stated purposes and applicable law. Advertising or analytics vendors receiving data touching pharmacy activity require careful scoping. COMPLIANCE CONSIDERATIONS: Compliance teams should conduct data mapping to identify all systems processing health and prescription data, verify HIPAA compliance for covered transactions, assess whether third-party tracking technologies interact with health data on digital properties, and evaluate consent requirements under state health privacy statutes for data processed outside HIPAA's scope.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Health and prescription data is among the most sensitive personal information, and its collection by a company that also operates digital advertising programs creates significant privacy considerations for consumers.
Your prescription history, health conditions, and immunization records are collected and stored by Walgreens, and may interact with digital systems beyond traditional pharmacy records management, depending on how data flows to affiliated services and partners.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Walgreens.