Consumer Health Data Notice
Explains how Breached avoids, limits, consent-gates, secures, and deletes consumer health data when breach intake could involve health, medical, biometric, reproductive, or similar sensitive information.
- Updated
- May 7, 2026
- Footer
- Required
- Intake
- Required
Health data Breached avoids
- Do not submit diagnosis, treatment, medication, surgical, reproductive health, gender-affirming care, genetic, biometric, or similar details in public intake notes.
- Do not upload medical records, insurance cards, lab results, screenshots, raw breach files, or identity documents through a public intake form.
- Do not include Social Security numbers, full dates of birth, payment card numbers, account passwords, or government IDs in health-breach intake notes.
When health data may be inferred
A breach involving a hospital, clinic, pharmacy, health app, insurer, genetic-testing provider, biometric service, reproductive-health service, or similar company can reveal health-related information even if you provide only contact details. Breached treats those matters as sensitive and minimizes the public intake fields.
Consent and sharing
If Breached needs consumer health data beyond what is necessary to provide the requested intake or notification service, Breached will disclose the categories, purposes, recipients, withdrawal path, and obtain any required separate consent before collection or sharing.
Attorney-controlled follow-up
If a case team needs medical, biometric, genetic, reproductive-health, or similarly sensitive details, that follow-up will happen through a secure attorney-controlled process, not through the general public intake notes field.
Rights and deletion
Where Washington, Nevada, or another consumer health data law applies, Breached supports access, withdrawal, deletion, appeal, and downstream deletion notifications as required, subject to legal exceptions and attorney workflow obligations.
No sale or geofencing
Breached does not sell consumer health data, use health-breach interest for retargeting, or use geofencing around healthcare facilities or sensitive locations for case advertising.
Security
Consumer health data receives stricter access controls, logging, retention limits, vendor review, and deletion handling than ordinary site analytics or breach-source metadata.