United States Website Privacy Policy

United States Notice of Privacy Practices
United States Website Privacy Policy
European Website Privacy Policy
GDPR Commitment

United States Notice of Privacy Practices

Effective May 1, 2016.

Updated August 2018.

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.


As participants in your health care we are required by applicable law to maintain the privacy of your Protected Health Information (PHI). As used in this notice, the terms “Protected Health Information” or “PHI” includes any information that we maintain that reasonably can be used to identify you and that relates to your physical or mental health condition, the provision of health care to you, or the payment for such health care. We are required by applicable law to provide you with notice of our legal duties and privacy practices. This notice describes our privacy practices, our legal duties, and your rights concerning your PHI. We are required to follow the privacy practices described in this notice while it is in effect. We reserve the right to revise this notice and to make the new notice provisions effective for all PHI we maintain. If we revise this notice, we will post the revised notice on this page. We are also required by applicable law to notify you if you are affected by a breach of unsecured PHI.



In providing diagnostic services, the types of PHI we collect may include:

  • Name
  • Gender
  • Date of Birth
  • Medicare and Secondary Insurance Information
  • Address and Phone Number
  • Email address, password, login
  • Payment information
  • Prescribing Physician and Office
  • Primary Indication
  • ECG Recording
  • Symptoms and Activities You Report, by Time and Date
  • Activity Level During Monitoring
  • Patient Identification Number
  • Clinical Information and Diagnostic Results.


By providing diagnostic services to our patients, we regularly collect information through:

  • Phone conversations
  • Patient submitted documents
  • Prescribing physician submitted documents
  • Return of Zio devices


We have the right to use and disclose PHI for your treatment, to secure payment for your health care, and to operate our business.




Does iRhythm Share?

Can You Limit This Sharing?

To You

We must disclose your PHI to you, as described in the “Your Rights” section of this notice.



For Payment

We may use and disclose PHI to obtain payment for services provided to you. We may also disclose your PHI to a health care provider or plan to obtain payment of a claim or engage in other payment activities.



For Treatment

We may use and disclose PHI to provide and manage diagnostic services for you. Our use and disclosure may include consulting with other health care providers about the diagnostic services we provide. For example, we will release the results of diagnostic services to your prescribing physician treating you, or in a medical emergency, if applicable.



For Health Care Operations

We may use or disclose PHI to conduct quality assessment and improvement activities, to conduct fraud and abuse investigations, to engage in care coordination or case management, to communicate with you about health related benefits and services or treatment alternatives that may be of interest to you, and to communicate with your health care provider or health plan. If you are located in the U.S., we may disclose your PHI to a health care provider or health plan subject to federal privacy laws, as long as the provider or plan has or had a relationship with you and the PHI is disclosed only for certain health care operations of that provider or plan. We may also disclose PHI to other entities with which we have contracted to perform or provide certain services on our behalf (e.g., business associates).



For Business Operations

We may use both De-Identified and Limited Data Sets (a data set that, per the Health Insurance Portability and Accountability Act of 1996 regulations, has had thirteen defined categories of identifiable information removed) for development of future products, devices or services.

Once information is De-Identified through an approved method, the data is stripped of individual identifiers, at which point iRhythm may share this information without restriction externally to support research, market development, trend analysis, etc.

Information containing Limited Data Sets may be provided externally to support market and product development. However, iRhythm will obtain the required data use agreements when transferring Limited Data Sets to external parties.



Business Associates

We may use or disclose your PHI to business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. Our business associates are required, under contract with us and pursuant to applicable law, to protect the privacy of your PHI and are not allowed to use or disclose any PHI other than as specified in our contract with them and as permitted by applicable law.



For Public Health And Safety

We may use or disclose PHI to the extent necessary to avert a serious and imminent threat to the health or safety of you or others. We may also disclose PHI for public health and government health care oversight activities and to report suspected abuse, neglect or domestic violence to government authorities



As Required By Law

We may use or disclose PHI when we are required to do so by law.



For Process And Proceedings

We may disclose PHI in response to a court or administrative order, subpoena, discovery request or other lawful process.



In Case Of A Reorganization, Merger, Sale Or Similar Proceeding

We may disclose your PHI to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.



For Law Enforcement

We may disclose PHI to a law enforcement official with regard to crime victims and criminal activities.



Special Government Functions

We may disclose the PHI of military personnel or inmates or other persons in lawful custody under certain circumstances. We may disclose PHI to authorized officials for lawful national security activities, as permitted under applicable law.



For Research, Death, And Organ Donation

We may use or disclose PHI in certain circumstances related to research, death or organ donation.



For Workers’ Compensation

We may disclose PHI as permitted by workers' compensation and similar laws.




With Specific Authorization




We are required to obtain your written authorization before we (1) use and disclose PHI for marketing purposes, (2) sell PHI to others, and (3) make most uses of psychotherapy notes (which we do not collect). Uses and disclosures of PHI not described in this notice will also only be made with your written authorization. If you give us such authorization, you may revoke it in writing at any time. Your revocation will not affect any use or disclosure permitted by your authorization while it was in effect.




While the law permits us in certain circumstances to disclose your PHI to family, friends and others, we will do so only with your authorization. In the event you are unable to authorize such disclosure, but emergency or similar circumstances indicate that disclosure would be in your best interest, we may disclose your PHI to family, friends or others to the extent necessary to help with your health care coverage arrangements.





Subject to applicable law, you have the right to receive information about, and review in person, or obtain copies of, PHI we maintain about you. We may charge you a reasonable fee as allowed by law to obtain this information.

Amendment or Deletion

Subject to applicable law, you have the right to request that we amend your PHI.

Disclosure Accounting

Subject to applicable law, you have the right to request and receive a list of certain disclosures made of your PHI. If you request this list more than once in a 12-month period, we may charge you a reasonable fee as allowed by law to respond to any additional request.

Use/ Disclosure Restriction or Objection

You have the right to request that we restrict our use or disclosure of your PHI for certain purposes. Subject to applicable law, you may also have the right to object to the processing of your PHI. We may not be required to agree to a requested restriction or objection, except in the case of a disclosure to a health plan if: (a) the disclosure is for the purpose of carrying out payment of health care operations and is not otherwise required by law; and (b) the PHI pertains solely to a health care item or service for which you, or someone other than the health plan, has paid in full. We will agree to restrict use or disclosure of your PHI provided that the law allows and we determine the restriction does not impact our ability to operate our business, provide diagnostic services, and comply with the law. Subject to applicable law, even when we agree to a restriction request, we may still disclose your PHI in a medical emergency and use or disclose your PHI for public health and safety and other similar public benefit purposes permitted or required by law.

Confidential Communication

You have the right to request that we communicate with you in confidence about your PHI at an alternative address. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to the privacy officer. iRhythm will not ask you the reason for the request and will accommodate all reasonable requests. The request must specify how or where you wish to be contacted.

Privacy Notice

You have the right to request and receive a paper copy of this notice at any time, even if you have previously agreed to receive it electronically. For more information or if you have questions about this notice, please contact us using the information listed at the end of this notice.



If you wish to exercise your rights regarding your PHI, you may contact us using the contact information listed at the end of this notice.


If you are concerned that we may have violated your privacy rights, you may inquire with us using the contact information listed at the end of this notice. You may also submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address for the U.S. Department of Health and Human Services upon request. We support your right to protect the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.


To Limit Our Sharing Or Submit Complaints: Call 1-888-693-2401 - our Customer Service staff will assist you.


Questions? Call 1-888-693-2401 



Who Is Providing This Notice? 

This privacy notice is being provided by iRhythm Technologies, Inc., and applies to the diagnostic services offered in connection with prescribed health care. 



How Does iRhythm Protect My PHI? 

To protect your PHI from unauthorized access and use, iRhythm has implemented security safeguards that comply with applicable law to secure physical and electronic information.



iRhythm Technologies, Inc.
699 8th St
Suite 600
San Francisco, CA 94103
United States
Attn: Privacy Official
Phone: 415.632.5700
Fax: 415.632.5701
Contact Us


United States Privacy Policy

Effective May 2018 

iRhythm Technologies, Inc. ("iRhythm"), values the security of your personal information. This Website Privacy Policy ("WPP") is intended to inform you of what data is gathered through iRhythm's iRhythmtech.com website (the "Website"), how this information is used, and what measures are taken to maintain the privacy of your information.  

To Whom Does This Website Privacy Policy Apply? 

This WPP applies to all users of the Website. This document does not explicitly refer to the privacy policies surrounding protected health information, which are governed by the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act and each Act’s implementing regulations. If you are a patient, please see our Notice of Privacy Practices ("NPP") at www.irhythmtech.com. The NPP addresses our privacy practices, our legal duties, and your rights concerning protected health information, including any protected health information collected through an iRhythm cardiac monitor or provided by your health care provider.  If you are a patient who made or is making use of myZio, the privacy policy located at www.myzio.com/privacy covers our collection, use and disclosure of information collected through that platform. 

A Word about External Websites 

External websites that may be referenced within this Website are not covered by this WPP. These external websites may have their own policies, and we encourage you to review those policies prior to using such external sites. 

What Information Do We Gather About You And What Do We Do With It? 

When using the Website, iRhythm collects any information you provide and automatically collects certain activity and session information from you. What we gather and how we use it is explained below. 

Information You Provide

We collect any information that you provide when you use the Website. For example, the Website may include web pages that give you the opportunity to provide us with information about yourself such as your name and email address. You do not have to provide us with this information if you do not want to. Your decision not to provide this information, however, may limit your ability to use certain functions or to request certain services or information. 

Information Automatically Collected From You

We may automatically collect certain technical information from your computer or mobile device when you visit the Website, such as your Internet Protocol address, your browser type, your operating system, the pages you view, and the search terms you enter.

We and our service providers may collect information using cookies or similar technologies. Cookies are pieces of information that are stored by your browser on the hard drive or memory of your computer or other Internet access device. Cookies may enable us to personalize your experience on the Website, maintain a persistent session, and carry out marketing and other activities. The Website may use different kinds of cookies and other types of local storage (such as browser-based or plugin-based local storage). Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies. Disabling cookies, however, may limit your ability to take advantage of all the features on the Website. 

In addition, we may collect statistical information regarding Website visitors’ navigation on the Website (e.g., IP address, location, browser type, referral source, length of visit and pages viewed). We engage with third-party service providers Hubspot and Google Analytics to collect such information on our behalf. The collection of such information involves the use of cookies and similar technologies, as described above. Google provides some additional privacy options described at www.google.com/policies/privacy/partners

How Do We Use the Information Collected? 

Operation of the Website

We use and store information we collect about and from you to respond to requests that you make, improve and manage the Website, better tailor content, offers and features, and for purposes disclosed at the time you provide your information or otherwise with your consent. 

Marketing and Communications

We may use your information to send you electronic newsletters or promotional emails, unless you have requested not to receive such promotional communications from us or doing so would be prohibited by applicable law. If you fill out a form on the Website to receive a piece of content, we may collect information regarding your interactions with that content (e.g., clicking on content). We may also collect information about you that is publicly available on the Web which is then tied to the information you provided to us (e.g., email address, name) or otherwise collected about you. You can opt-out of receiving further promotional messages from us by following the unsubscribe instructions provided in the promotional email you receive or by contacting us directly

Patients and physicians who provide testimonials for use by iRhythm are required to sign consent and release forms. 

Can Third Parties View Your Information?

We will only share your information with third parties outside the iRhythm group as outlined below or described elsewhere in this WPP and as otherwise permitted by law. 

Merger, Sale or Other Asset Transfer

In the event that iRhythm is acquired by or merged with a third-party entity, we may transfer or assign the information that we have collected as part of such a merger, acquisition, sale, or other change of control as well as in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets. 

As Required By Law and Similar Disclosures

We may disclose information about you: (i) if we are required to do so by law, regulation, or legal process, such as a court order or subpoena; (ii) in response to requests by government agencies, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to protect against or respond to physical, financial or other harm, injury, or loss to property; or (iv) in connection with an investigation of suspected or actual unlawful activity. 

Service Providers

We may also share information we have collected with other third party companies that we work with to perform services on our behalf. For example, we may hire a company to help us send and manage email, and we might provide the company with your email address and certain other information in order for them to send you an email message on our behalf.  

What Measures Are Taken To Protect Your Information? 

We maintain reasonable administrative, technical and physical safeguards designed to protect the information that you provide on the Website. However, no security system is impenetrable, and we cannot guarantee the security of the Website, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the Internet, and we are not liable for the illegal acts of third parties. 

How Can You Access and Edit Your Information? 

You may request to verify and edit any of your personal information by contacting iRhythm Clinical Center Customer Service Department via the contact information listed below.

Children’s Privacy

This Website may not be used by persons under the age of 18. As a result, we do not knowingly collect personally identifiable information from children under the age of 18. If iRhythm is made aware of information collected from a child under 18 we will delete that information.

How Can You Contact Us About This Website Privacy Policy? 

If you have any questions or concerns about this WPP, we encourage you to contact the iRhythm Customer Service Department either at 1-888-693-2401 (24 hours, 7 days a week) or via the Website through our Contact Us form. 

Updates to the Website Privacy Policy 

Any changes to this WPP will be posted on this Website so that you can be aware of our information practices. Your continued use of the Website constitutes your agreement to this WPP. If we make any revisions that materially change the ways in which we use or share the information previously collected from you through the Website, we will give you the opportunity to consent to such changes before applying them to that information.