Account & Data Deletion

Effective June 2, 2026 · Last updated June 2, 2026

This page explains how to request deletion of your CareBeacon account and the personal data associated with it. CareBeacon is a HIPAA-aware care coordination platform used by home health, hospice, and palliative care organizations. Because CareBeacon is provided to you through a healthcare organization, some data is subject to regulatory record-retention requirements and cannot be deleted on demand. This page is transparent about what gets deleted, what is retained, and how long the process takes.

How to Request Deletion

You can request either full account deletion (closing your CareBeacon account and removing your associated personal data) or partial data deletion (removing specific items — for example a profile photo, a chat message you authored, or your marketing preferences — without closing the account). Both requests use the same channel below and are processed on the same timeline.

Email us

Send an email to privacy@carebeacon.us from the email address associated with your CareBeacon account. Include:

Your full name as it appears on your CareBeacon account
The email address or phone number associated with your account
The name of the healthcare organization that invited you (if known)
Your role (clinician / staff, patient, or authorized family member / POA)
Whether you want full account deletion or specific items deleted (and if specific, a brief description of what)

Compose deletion request

If your account was provided by a healthcare organization (clinician or staff accounts), we recommend you also notify your organization's CareBeacon administrator. They can immediately deactivate your access and trigger the deletion workflow on their end. You do not need to wait for them to email us yourself — we will coordinate.

What Gets Deleted

When we process a deletion request, the following data is removed from CareBeacon's active systems within 30 days of verification:

Your profile information (name, email, phone number, profile photo)
Authentication credentials (password hashes, biometric tokens, session records)
Your direct messages and chat history that you authored
Push notification tokens and device identifiers
Marketing preferences and contact settings
Voice and video call metadata (call durations, participants, timestamps) for calls you participated in, where retention is not separately required by your organization's record-retention policy

What May Be Retained, and Why

CareBeacon operates as a HIPAA Business Associate to healthcare organizations. Certain records cannot be deleted on demand because federal and state law require them to be retained:

Data type	Why retained	Typical retention
Protected Health Information (PHI) authored as part of clinical workflow	HIPAA & state medical-record retention rules; belongs to the covered entity (your organization), not to CareBeacon	6 years minimum (longer per state law)
Electronic Visit Verification (EVV) records	Required for Medicaid/Medicare audit and payer reimbursement	6–10 years per payer
Audit logs of PHI access	HIPAA Security Rule (45 CFR §164.312(b))	6 years
Billing and contract records (organization-level only)	Tax and contract law	7 years

Retained PHI and audit data are controlled by your healthcare organization (the HIPAA Covered Entity), not by CareBeacon. We cannot delete that data without the organization's explicit instruction, even at your request, because doing so would violate their legal obligations. You retain all HIPAA rights with respect to that data — including the right to access, amend, and request an accounting of disclosures — which you exercise with your healthcare organization directly.

Timeline

Within 7 business days: we acknowledge your request and verify the requester's identity.
Within 30 days: the data listed under "What Gets Deleted" is removed from active systems and the account is closed.
Up to 90 days: residual copies are purged from encrypted backups as those backups age out of rotation.

Patients and Authorized Family Members

If you are a patient or an authorized family member / POA, you may request deletion of your CareBeacon account at any time using the email address above. Deletion will remove your access to the app and your personal profile data, but does not delete clinical records held by your healthcare provider — those remain part of the provider's medical record per the table above. To request changes or deletion of the underlying medical record itself, contact the healthcare organization that is providing your care.

Children

CareBeacon is not directed at children under 18. We do not knowingly create accounts for minors. If you believe a minor's data has been collected in error, email privacy@carebeacon.us and we will delete it within 30 days.

Questions

Email privacy@carebeacon.us or call (888) 226-4146. For our complete Privacy Policy see carebeacon.us/privacy; for our Terms of Service see carebeacon.us/terms.