Managing diabetes is rarely a solo effort. Spouses, adult children, parents, and professional caregivers often play an active role in monitoring glucose levels, recognizing dangerous trends, and providing support during emergencies. Medtronic’s CareLink platform makes this collaboration possible by syncing data from your insulin pump, continuous glucose monitor (CGM), and blood glucose meter to a secure cloud portal. When you share access, your care team can review trends, adjust therapy, and respond to alerts in real time.

However, this convenience carries real privacy risks. CareLink stores deeply personal health information: daily glucose readings, insulin dosages, carbohydrate intake, and even sensor alarms. If an unauthorized person gains access, they could see your medical history, daily routines, and current glucose values. In a worst‑case scenario, identity thieves might use this data to impersonate you or to target you for fraud.

This guide walks you through every step of sharing your CareLink data securely, from hardening your own account to educating your caregivers. By following these practices, you can involve the people you trust without sacrificing your privacy.

Understanding the Risks: What Could Go Wrong?

Before diving into the setup process, it’s helpful to understand the specific threats that can affect your CareLink data. Awareness is the first line of defense.

Password Theft and Credential Stuffing

If you reuse passwords across multiple websites, a breach on a less secure site can expose your CareLink login. Attackers use automated tools to try stolen credentials on popular medical portals. Using a unique, strong password specifically for your CareLink account eliminates this risk.

Phishing Attacks Directed at Caregivers

Your care partners may receive emails that appear to be from Medtronic asking them to “verify” their account or “click here to view your patient’s latest report.” These phishing attempts can trick them into entering their own CareLink credentials, giving attackers access to your data. Educating your family members about suspicious emails is critical.

Data Interception on Public Wi‑Fi

CareLink encrypts data in transit, but using an unsecured public Wi‑Fi network (e.g., at a coffee shop or airport) can still expose your login session to packet sniffing attacks. A virtual private network (VPN) adds an extra layer of encryption that protects your data on any network.

Device Theft or Loss

If a caregiver’s smartphone or laptop is lost or stolen and they remain logged into their CareLink account, the thief could view your data. Teaching your care partners to log out after each session and enable device‑level encryption reduces this risk.

Your own account is the gateway to your data. Before you invite anyone, make sure it’s locked down with these measures.

Use a Password Manager and a Strong, Unique Password

Create a password that is at least 14 characters long and includes uppercase, lowercase, numbers, and symbols. Avoid using any personal information (name, birthday, pump model). A password manager like Bitwarden, 1Password, or LastPass can generate and store a random password so you don’t have to remember it. Never reuse this password on any other site.

Enable Two‑Factor Authentication (2FA)

CareLink supports two‑factor authentication, which adds a one‑time code sent to your phone or generated by an authenticator app whenever you log in from a new device. To enable it:

  1. Log in to your CareLink account.
  2. Go to Account Settings > Security.
  3. Select Two‑Factor Authentication and follow the prompts.
  4. Choose either SMS or an authenticator app (recommended, because SIM swapping can bypass SMS codes).

With 2FA active, even if someone obtains your password, they cannot access your account without the second factor.

Keep Recovery Information Current

Ensure the email address and phone number on your account are ones you control. If you ever lose access to your CareLink account, these will be used for recovery. Update them promptly if you change your email or phone number.

Log Out After Every Session

The CareLink web portal does not automatically log you out after inactivity. On a shared or public computer, always click Log Out and close the browser. On your personal device, consider using a private browsing window.

How to Invite a Care Partner Step by Step

Once your account is secure, you can grant access to family members or caregivers. The invitation system is designed so that you never share your own password.

  1. Log in to your CareLink account at carelink.minimed.com.
  2. Navigate to the “Share” or “Care Partners” section. (The label may vary by region; look for a menu item that mentions sharing.)
  3. Click “Add Care Partner” or “Invite”.
  4. Enter the email address of the person you’re inviting. Use a personal email (not a work email) to avoid workplace monitoring and to ensure they retain access if they change jobs.
  5. Select the permission level:
    • View Only – the caregiver can see your data on the CareLink dashboard but cannot download or print reports. Choose this for most family members.
    • View and Download – the caregiver can export reports as PDFs or print them. Only select this if they need to produce reports for doctor visits or insurance.
  6. Optionally, set an expiration date. This is especially useful if you only need temporary sharing (e.g., during recovery from surgery or for a specific study). The invitation will automatically expire.
  7. Click “Send Invitation”. The recipient will receive an email with a link to create their own free CareLink account. Once they accept, they can view your data from their own dashboard.

Important: Never share your CareLink password with anyone. The invitation system exists precisely so that you can give access without compromising your own credentials.

What the Caregiver Sees

After accepting the invitation, the caregiver logs into their own CareLink account. They’ll see a dashboard that includes your name, latest glucose value, trend arrows, and summary reports (such as the Ambulatory Glucose Profile). They cannot change any settings or send commands to your pump – CareLink is a data‑viewing platform only. However, if you use a compatible CGM and have configured real‑time sharing, they may also receive alerts for low or high glucose. Discuss with your healthcare provider which alerts are appropriate to avoid overwhelming your support network.

Managing Permissions and Auditing Access

Access should be regularly reviewed. People’s roles change – a roommate who helped after surgery may no longer need to see your data. To review and adjust permissions:

  • Go to “Care Partners” in your CareLink settings.
  • You’ll see a list of everyone with access, their email, and their permission level.
  • Click “Remove” next to any person you want to revoke access from. They lose access immediately.
  • Click “Edit” to change the permission level (e.g., downgrade from “View and Download” to “View Only”).

Best practice: Schedule a quarterly review. Set a recurring calendar reminder to check your care partner list. Remove anyone who no longer needs access – for example, a parent after you move out, a temporary caregiver after recovery, or an ex‑partner after a relationship ends. Also review the list after any major life change (new job, relocation, change in health status).

Best Practices for You and Your Caregivers

Security is a shared responsibility. Here’s how both you and your care partners can protect your data.

For You (the Patient)

  • Use a dedicated device if possible. Access CareLink only from your personal smartphone or laptop. Avoid public or shared computers. If you must use a shared device, log out completely and clear the browser cache afterward.
  • Monitor your account activity. Check recent logins in your account settings. If you see an unrecognized login location or device, change your password immediately and revoke all care partner invitations, then re‑invite only trusted individuals.
  • Be cautious with mobile app permissions. The CareLink mobile app may request access to your location, camera, or storage. Grant only the permissions it actually needs to function. Deny permissions that aren’t essential.
  • Keep your devices updated. Install operating system security patches and app updates promptly. Outdated software can contain vulnerabilities that attackers exploit to steal credentials.

For Your Caregivers

  • Use strong passwords for their own CareLink account. They should follow the same rules you use: long, unique, and stored in a password manager.
  • Enable 2FA on their account too. This protects your data if their phone or laptop is lost or stolen.
  • Never share your data with third parties. Caregivers should not forward your reports, screenshots, or login credentials to anyone without your explicit permission. If a family member wants access, direct them to you so you can send an official invitation.
  • Log out after each viewing session. Especially if they check your data on a shared device at work, a library, or a clinic.

Network and Device Hygiene

  • Avoid public Wi‑Fi when accessing CareLink. Use your mobile data plan or a trusted home network. If you must use public Wi‑Fi, turn on a VPN with strong encryption.
  • Install antivirus and anti‑malware software on computers that access CareLink. For Android devices, consider a mobile security app.
  • Set devices to lock automatically after a short period of inactivity. Use a strong PIN, password, or biometric (fingerprint / face unlock).

What to Do If You Suspect a Breach

Even with all precautions, incidents can happen. If you suspect your CareLink data has been accessed without permission, follow this incident response plan:

  1. Change your CareLink password immediately. Use a brand‑new, strong password that you haven’t used anywhere else.
  2. Revoke all care partner invitations. Go to your Care Partners list and remove everyone. You can re‑invite trusted individuals later, after you’ve secured the account.
  3. Check your account for any changes. Look for new devices listed, altered profile information (email, phone), or evidence that reports were generated or downloaded.
  4. Contact Medtronic Support. Report the incident at the Medtronic Diabetes Customer Support page. Ask them to audit your account for suspicious activity and to place a security flag on your record.
  5. Inform your healthcare provider. If unauthorized access may have led to changes in your therapy settings (e.g., if someone pretended to be you), your provider should be aware and may need to recalibrate your pump or adjust your care plan.
  6. Monitor your glucose trends. While CareLink does not allow remote pump control, unexpected patterns could indicate tampering with your data. Stay vigilant and report any anomalies to your provider.
  7. Consider a broader identity theft alert. Because health data can be used for medical identity theft, you may want to place a fraud alert on your credit reports and monitor your medical bills for fraudulent charges. The Federal Trade Commission provides guidance at identitytheft.gov.

CareLink is purpose‑built for Medtronic devices, but you may also use other platforms for additional flexibility. Each has its own security model.

  • Dexcom Clarity – for Dexcom CGM users. Supports sharing with up to 10 followers. Offers similar role‑based permissions (view only vs. download). Requires each follower to have a Dexcom account with 2FA available.
  • LibreView – for Abbott FreeStyle Libre users. Allows sharing reports with clinicians and up to 20 caregivers. Has granular control over data visibility (e.g., hide certain metrics).
  • Glooko / Diasend – supports multiple device brands (including Medtronic pumps via USB upload). Primarily designed for clinician sharing, but you can manually export PDF reports for family members. Not ideal for real‑time sharing.
  • Apple Health / Google Fit – aggregate data from various sources but are less secure for medical‑grade sharing. Apple Health encrypts data at rest and in transit, but you lose the structured diabetes‑specific reports that CareLink provides. Use only if you are comfortable with the platform’s privacy policies.

Whichever platform you choose, always follow the same security fundamentals: strong passwords, two‑factor authentication, regular audits of connected accounts, and careful use of sharing features.

Frequently Asked Questions

Can my caregiver see my data in real time?

Yes, if you have a compatible CGM (such as the Guardian Sensor) and your CareLink account is configured for real‑time sharing. The caregiver’s dashboard will show your latest glucose reading and trend arrows. There may be a delay of a few minutes due to network latency. For immediate alerts (e.g., urgent low glucose), they may also receive push notifications if you enable that option.

Can I share data with more than one person?

Yes. CareLink allows you to add multiple care partners. Each person receives their own invitation and creates their own account. You can set different permission levels for each person. For example, you might give your spouse “View and Download” but your sibling “View Only.”

When you delete your CareLink account, all shared data is removed immediately. Caregivers will lose access. Medtronic retains data for a period defined in their privacy policy (typically 90 days after deletion) before permanent purging. You can request immediate deletion by contacting support.

Medtronic states that CareLink is designed to meet HIPAA requirements when used in a healthcare setting. For individual users, the platform provides standard security measures (encryption, access controls), but you are responsible for your own account security. Following the practices in this guide will help you maintain that compliance on your side.

Can I see who has viewed my data?

CareLink does not currently offer a viewing history log. You can only see who has active permissions. If you are concerned about unauthorized viewing, limit access to trusted individuals and perform regular audits of the care partner list. For extra peace of mind, ask your care partners to log out after each session and notify you if they receive any suspicious login attempts.

CareLink is available in many countries, but the sharing features may differ. Some regions allow only one care partner, while others allow multiple. Check the local version of the Medtronic website for specific limits. Data storage and privacy laws (like GDPR in Europe) also affect how long data is retained.

Can a care partner download my data without my knowledge?

If you have given them “View and Download” permission, they can export reports. CareLink does not send you a notification when a report is generated. Therefore, only grant download access to people you fully trust. Review permissions regularly to ensure that level hasn’t been escalated erroneously.

Conclusion: Take Control of Your Diabetes Data

Sharing your CareLink data can be one of the most empowering decisions in your diabetes management – it brings your support network directly into your care plan. By hardening your account with strong authentication, carefully managing who has access, and regularly auditing permissions, you can share important health information without compromising your privacy.

Remember that security is an ongoing process, not a one‑time setup. New threats emerge, relationships change, and software updates introduce new features. Stay proactive: update your passwords annually, enable two‑factor authentication on all accounts, and educate your care partners about their role in protecting your data. The few minutes it takes to review your settings can prevent serious privacy breaches.

For the most current instructions and support, visit the official Medtronic CareLink support page: https://www.medtronicdiabetes.com/products/carelink-software. Additional cybersecurity guidance for health data is available from the U.S. Department of Health and Human Services HIPAA site.