Privacy Policy - Medblocks
Learn FHIR for FREE! Enroll Now!
Product Services Training Blog Docs About Courses Jobs FHIR for Builders FHIR App Challenge

Privacy Policy

Last updated: June 17, 2026

This privacy policy governs your use of the Medblocks software applications (the “Application,” including Medblocks Connect) and your use of our website. It explains what information we collect, how we use and share it, and the choices you have. Where a practice applies only to a specific type of data - such as health data synced through Medblocks Connect, or Medicare data obtained through the CMS Blue Button API - that is stated explicitly within each section below.

Information We Collect

Account and user-provided information. Registration is optional, but some features require it. When you register and use the Application, you may provide your name, email address, age, username, password, and other registration details; transaction-related information (purchases, offers, downloads); information you provide when contacting us for help; credit card information for purchases; and information you enter into the Application, such as contact or project details.

Automatically collected information. The Application may automatically collect the type of device used, a unique device ID, your IP address, your operating system and browser type, and information about your use of the Application.

Cookies and analytics. We use cookies and similar technologies to operate our website and to understand how it is used, including through third-party analytics services. You can control or disable cookies through your browser settings, though some features of the site may not function properly without them.

Precise location. This Application does not collect precise real-time location information about your device.

Health data (Medblocks Connect - Apple HealthKit and Google Health Connect). With your explicit consent, Medblocks Connect may collect health and fitness data from your device through Apple HealthKit (iOS) or Google Health Connect (Android). Some of this data is sensitive personal data and receives special protection. The categories that may be accessed include:

  • Heart rate, resting heart rate, heart rate variability, and oxygen saturation
  • Step count, active energy burned, and walking or running distance
  • Blood pressure and blood glucose levels
  • Body measurements such as weight, height, body fat percentage, and body temperature
  • Respiratory rate
  • Sleep sessions and sleep stage information
  • Exercise and workout sessions

Medblocks Connect only reads data from HealthKit and Health Connect; it does not write data to these platforms.

Medicare data (CMS Blue Button API). We obtain Medicare data only after you connect your Medicare account and explicitly authorize the connection through Medicare’s own authorization process. We never ask for, receive, or store your Medicare.gov login credentials, and we cannot access your Medicare account without your authorization. When you authorize the connection, we may obtain your Medicare Parts A, B, and D claims data from the Centers for Medicare & Medicaid Services (CMS), which may include claims for hospital and inpatient services (Part A), claims for doctor visits, outpatient care, and medical services (Part B), prescription drug claims (Part D), and related coverage, provider, and cost information contained in those claims.

We retrieve your Medicare data on an ongoing basis: after you authorize the connection, your Medicare data is refreshed automatically while your Medicare account remains connected to Medblocks, so that the information stays up to date. This continues until you disconnect or revoke access, as described under “Your Choices” below.

How We Use Your Information

General account and website data. We may use this information to operate and improve the Application and to contact you periodically with important information, notices, or marketing promotions.

Health data (Medblocks Connect). Health data is used solely to provide the core functionality of the service — syncing your health information with your Medblocks account to support your health management and to enable you to share it with your healthcare providers. It is not used for advertising, marketing, or use-based data mining, and is not sold or transferred to third parties for advertising or marketing purposes.

Medicare data (CMS Blue Button API). We use your Medicare data only to provide it, at your direction, to the organization that is providing services to you - for example, a law firm representing you - which you authorize when you connect your Medicare account through Medblocks. To do this, we also store, process, transmit, and secure your Medicare data as necessary to operate the service, and we may disclose it when we are legally required to, such as in response to a subpoena or court order. We do not use your Medicare data for advertising, marketing, or use-based data mining, and we do not sell or rent it, or transfer it to third parties for advertising or marketing purposes.

How We Share Your Information

General account and website data. Only aggregated, anonymized website and usage data is periodically transmitted to external services for Application improvement purposes. Beyond that, we share this information only: as required by law (for example, to comply with subpoenas); when disclosure is necessary to protect rights or safety, investigate fraud, or respond to government requests; and with trusted service providers who work on our behalf under strict confidentiality.

Health data (Medblocks Connect). Health data is shared only at your direction - for example, with the healthcare providers you choose. We do not otherwise disclose it to third parties, and we do not sell it.

Medicare data (CMS Blue Button API). Medblocks is used by organizations such as law firms that provide services to you. If you access Medblocks through such an organization, you log in and authorize the connection to your Medicare account yourself, and your Medicare data is then made available to that organization so that it can provide its services to you, such as representing you in a legal matter. We disclose your Medicare data to that organization because you have explicitly authorized this disclosure as part of using the service. We do not disclose your Medicare records to any other individual or third party without your specific, explicit consent, except as required by applicable law, such as in response to a subpoena or court order.

When we use trusted service providers to operate the service (for example, infrastructure hosting and monitoring), they may process Medicare data only on our behalf and are bound by data-protection obligations consistent with applicable law and the sensitivity of the data.

We do not share de-identified or anonymized Medicare data with third parties.

Data Retention and Deletion

General account and website data. User-provided data is retained as long as you use the Application and for a reasonable period thereafter. Automatically collected data is retained for up to 24 months and then stored in aggregate form. To request deletion of your user-provided data, contact privacy@medblocks.com; note that some data may be required for the Application to function.

Health data (Medblocks Connect). Health data is retained on Medblocks servers for as long as your account remains active and you maintain an active connection with Medblocks Connect. You may delete all synced health data at any time using the “Delete My Data” option within the Application, or by contacting privacy@medblocks.com. Deletion from our servers does not affect the original data stored on your device in HealthKit or Health Connect.

Medicare data (CMS Blue Button API). We retain your Medicare data for as long as your account exists. If you delete your account, your Medicare data is permanently deleted from our servers within 7 days, except for any limited information we are required to retain by law. We do not automatically delete Medicare data due to account inactivity; your data remains with us until you delete it or close your account. You may also request deletion of your Medicare data at any time using the “Delete My Data” option or by contacting privacy@medblocks.com.

Your Choices and Controlling Your Information

Opt-out and marketing. You can use standard uninstall processes via your device or app marketplace, or request to opt out of data collection or marketing emails by emailing privacy@medblocks.com.

Health data (Medblocks Connect). You may review and modify which health data types Medblocks Connect can access at any time through your device settings:

  • On iOS: Settings > Health > Data Access & Devices > Medblocks Connect
  • On Android: Settings > Health Connect > App permissions > Medblocks Connect

Revoking access prevents Medblocks Connect from collecting new data of the specified types. Previously synced data remains on Medblocks servers until you request its deletion.

Medicare data (CMS Blue Button API). You may disconnect your Medicare account from Medblocks at any time by contacting privacy@medblocks.com. Revoking access stops Medblocks from retrieving any new Medicare data. Medicare data already retrieved before you disconnect remains with us and is retained as described under “Data Retention and Deletion” above — that is, until you delete your account, after which it is permanently deleted within 7 days. To have your Medicare data deleted sooner, use the “Delete My Data” option or contact privacy@medblocks.com.

Security

We safeguard your information using physical, electronic, and procedural measures, and limit access to authorized personnel who need it to operate, develop, or improve the Application. No system can guarantee complete security. Health data and Medicare data are transmitted to Medblocks servers over encrypted HTTPS connections and stored in dedicated databases with restricted access. The databases storing this data are encrypted at rest, including the access and refresh tokens used to connect to your Medicare account, and access to those tokens is restricted to the systems and personnel that require it to operate the service.

How HIPAA, the Privacy Act, and Other Laws Apply to Your Medicare Data

You obtain your Medicare data through the CMS Blue Button API by exercising your individual right to access your own health information and directing it to Medblocks. While your Medicare records are held by CMS, they are protected by the Privacy Act of 1974 and other federal law. Once you direct that data to Medblocks, the laws that apply depend on the organization you use Medblocks with and the nature of that organization’s work, and may include the Health Insurance Portability and Accountability Act (HIPAA) and state privacy laws. Where HIPAA applies to a particular engagement, we handle your Medicare data in accordance with its requirements.

Regardless of whether HIPAA applies, we are subject to other applicable laws, including the Federal Trade Commission Act and the FTC Health Breach Notification Rule. We apply administrative, technical, and physical safeguards designed to protect your Medicare data, consistent with the sensitivity of health information and with applicable law. We comply with the privacy and security obligations that apply to us under the CMS Blue Button API terms and applicable law.

Data Breach Notification

If we discover a security or data breach affecting your personal information, we will notify you in accordance with applicable law. For breaches affecting your health data or Medicare data, this includes notification consistent with the Federal Trade Commission’s Health Breach Notification Rule where it applies. Our notification will describe what happened and any steps you can take to help protect yourself.

Children

We do not knowingly collect data from or market to children under 13 years old. If a parent or guardian believes their child has provided us information without consent, contact privacy@medblocks.com for prompt deletion.

Changes to This Policy

This Privacy Policy may change over time. Updates will be posted here, and you may be informed via email or text. For changes affecting your Medicare data, we will notify you, describe what has changed, and give you the opportunity to review the updated terms and to opt out or disconnect before the changes take effect; we will not rely on your continued use alone as acceptance of material changes to how your Medicare data is used.

If Medblocks Is Sold or Transferred

If Medblocks is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy. For your Medicare data specifically, we will give you the opportunity to opt out or delete your data before it becomes subject to a different policy.

By using the Application or visiting our website, you consent to our processing of your information as outlined in this policy. Processing may involve collecting, storing, using, or disclosing information in the United States, regardless of your country of residence. Access to your Medicare data requires your separate, explicit authorization through Medicare’s authorization process, as described above.

Non-Endorsement Notice

This product uses the Blue Button APIs but is not endorsed or certified by the Centers for Medicare & Medicaid Services or the U.S. Department of Health and Human Services.

Contact Us

For privacy-related questions or concerns, contact us at privacy@medblocks.com.

Book a call

We're just one click away. Just pick a slot that suits you, and we'll handle the rest.

Booka Call