Get personalized, coordinated care across Northern California through the Sutter network.
View Patient Resources
Make appointments, message your doctor and more through our patient portal.
Enroll NowOur contributions to medical research and education lead to better healthcare outcomes.
Research at Sutter
Join our robust training programs led by nationally known healthcare leaders.
Explore OpportunitiesExplore the ways we provide innovative, compassionate care through our network.
Learn About Sutter Health
Shape the future of healthcare and build your career within our diverse teams.
Find JobsPLEASE NOTE: For information about how Sutter Health and its affiliates may use and disclose medical information about you, including information that is provided through Sutter’s patient portal, My Health Online, how you can get access to this information, and other rights under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), please review our Notice of Privacy Practices.
Sutter Health and its affiliates (“hereafter, “Sutter”) are committed to providing you with quality healthcare and fostering a relationship. This privacy policy (“Policy”) describes how we collect, use, and disclose information that you submit to us or that we collect through any Sutter website or mobile application (collectively, “Sites”). The Section titled Information of California Residents also encompasses certain other information of California residents, including hard copy information and information collected outside of the Sites.
By accessing our Sites, you agree to the terms of this Policy, including the collection, use, and disclosure of your information, as described in this Policy.
Links to External Web Sites
Sutter's Sites have links to external Internet pages, including social media platforms and websites that might have information on health topics of interest to you. Sutter, however, does not make any guarantee, warranty or representation regarding the accuracy of the information contained on the websites. In addition, Sutter has no control over the privacy or security practices of external websites. You should read and understand the policies of all websites with respect to these practices. These links are provided for your general information and education only, and should NOT be relied upon for personal diagnosis or treatment. If you have questions, please contact your clinician.
Information You Provide Us Directly
Sutter may collect certain information from you, such as your name, address, phone number, email address, or other demographic information when you request additional information, search and apply for a job with Sutter, fill out a contact form or webform, submit feedback to Sutter, attend a Sutter event, interact with the chatbot, or otherwise engage with us. When you interact with these features, your interaction may be captured and retained. We may retain any messages you send us through the Sites pursuant to our retention policies. We use this information to operate, maintain, and provide you a superior website user experience as well as provide you information about Sutter.
If you apply for employment at Sutter, you may choose to provide information about yourself as well as information regarding your education, employment history, demographic/equal employment opportunity data, educational history, degrees, certifications, credentials, references, locations, and other information included in your resume and in the application for employment that you submit.
By submitting personal information to Sutter and/or through any of our Sites, you understand that we, and/or our vendors, may process the information obtained through the feature to provide services on our behalf.
Information We May Receive From Third Parties
We also may collect information regarding how you interact with our Sites and other websites, such as Sutter pages and content on social media platforms. For example, if you “like” a photo on one of our social media sites, we may collect information related to that interaction. In some cases, we may receive information about you from third parties. Sutter may receive information about you that you directly provided to a third party. For instance, Sutter may use a third party to manage event registrations. The third party would provide Sutter registrants’ data to facilitate the event.
Analytics Information
Sutter uses website analytics to provide you the best possible experience with our web platforms, Sites and offerings. For example, when we send you emails, we may use technologies to determine whether the email has been opened and whether the links contained in it have been clicked on. We also capture analytics about how you engage with our Sites and services provided to you on those sites. We may combine this data with other information collected to measure your interest in Sutter, improve our offerings to audiences, or our marketing campaigns, as well as tailor our interactions with you.
Some of our Sites may use website analytics vendors to better understand usage of our Sites or to tailor our offerings. These tools collect information directly from your device, including the pages you visit, the links and services you engage with, and other information that assists us in improving our Sites and offerings.
We will not collect this information until you have provided consent. If you consent, you may update your preferences at our Cookies Preferences page or Privacy Request Form.
Cookies
Sutter may place Internet "cookies" or other technologies (including but not limited to Java, JavaScript, Microsoft, DigiCert, Modernizr, RequireJS, CDNJS, Webtrends, Microdata, HTML5, UTF-8, Orbita) on the computer or other devices used by visitors to our Sites. Cookies are small text files that contain small amounts of information and are downloaded to your device. Cookies help us and/or the third parties who provide such cookies obtain information about your use of our Sites and assist us in our offerings. Sutter uses multiple types of cookies including, but not limited to: first-party, session, and persistent cookies.
A first-party cookie is installed by the website. This type of cookie enables us to collect analytics data, remember language setts, and perform other functions that permit us to provide you the best user experience.
A session cookie is temporary and expires after you end a session and close a Web browser. We may use session cookies to help customize visitors' experiences on our Sites, maintain a signed-on status while exploring the Sites, and track which Web pages visitors view on our Sites.
On the other hand, persistent cookies remain on your hard drive. For instance, we use a persistent cookie when we ask you to agree to the use of an educational resource so that when you return to that resource later, you do not need to go through the agreement page again. Persistent cookies will not contain any personal health information about you.
We use cookies and these other technologies to help us tailor our Sites to our users and in our offerings or for marketing. Some features of our Sites may not work as intended if you decline to allow cookies or deactivate cookies.
You may have software on your computer that will allow you to decline or deactivate Internet cookies, but if you do so, some features of the Site may not work properly for you. For instructions on how to remove existing cookies from your hard drive and/or block cookies from all websites, go to your Internet service provider, operating system, or browser’s Web site for detailed instructions. Additionally, Sutter has a webpage for you to opt-in or out of the use of certain cookies by Sutter going forward. You may visit this website at sutterhealth.org/privacy/cookie-preference.
If you opt-out of certain cookies by Sutter, essential cookies will still be used to enable core functionality such as security, network management, and accessibility. Essential cookies are strictly necessary for the site to work properly and cannot be disabled in our systems. We do not always process personal data when we place essential cookies. In the instances we do, they are necessary to make the site function for you to view. Please note that you can set your browser to block these essential cookies, but this may affect how the site functions.
Chatbot
The chatbot technology on our website is operated by a third party, Orbita, which may collect certain information, including, but not limited to IP address, or information provided by you during your interaction, such as your name, email address, location, and other personal and non-personal data. This information is collected and/or processed solely by the third party operating the chatbot technology for the purpose of improving user experience and providing personalized content delivery and is not shared with Sutter except to inform Sutter about total usage of the chatbot function. By using this chatbot you consent to the collection and use of data as described herein.
Log File Information
Log file information is sent automatically to Sutter by your browser each time you visit our Sites. This is not dependent on the presence or use of cookies and is unaffected by your opt-in or opt-out election concerning cookies. These logs may contain information such as the Internet domain from which you access our Sites; the date and time you visited our Sites; the areas of our Sites that you viewed; your computer's IP address that is automatically assigned when you log onto the Internet; the type of browser and operating system you use; and the address of the Web site you came from, if any.
Sutter uses log file information to help us design our Sites; identify popular features; resolve user, hardware and software problems; and make the Sites more useful to patients and other visitors.
Web Beacon
A web beacon (also known as "clear gifs," "Web bugs," "1-pixel gifs," etc.) is a small image file on a web page that may be used to collect certain information from your device. This information may include IP address, time of access, browser, and identification of cookies. Sutter, or its vendors, may utilize web beacons to track visitor statistics and manage cookies. In some of our newsletters or other email communications, we may track recipient actions with the email. This may include opening the email or clicking a link included in the email. This is used to monitor user engagement with our communications.
Since Web beacons are used in conjunction with persistent cookies, as described above, if you set your browser to decline or deactivate cookies, Web beacons cannot function.
We do not collect any personal health information with a Web beacon, and do not link Web beacons with any other personal health information you've given us.
Location Data
Sutter may utilize a feature that, when you access the Sites by or through a mobile device or through your browser, accesses, collects, monitors and/or remotely stores “location data,” and may include GPS coordinates (longitude and latitude), IP address, or similar information regarding the location of your device. This data may be used to convey information about how you browse and use the Sites, as well as provide you personalized information based on that location data (such as the closest Sutter location to you). You may opt-in or opt-out of sharing location data from your computer by adjusting your cookie preferences at sutterhealth.org/privacy/cookie-preference.
We may use your information:
We may disclose your information:
If you use our Sites from outside the United States, you consent to the transfer of your information to the United States, and the use and disclosure of your information as permitted under United States laws.
Protecting your information is a top priority at Sutter. In addition to applying confidentiality policies that govern access and use of information by Sutter clinicians and staff, we have implemented physical, administrative, and technical security features and methods designed to safeguard your data in our information systems, including the use of, as appropriate, encryption, firewalls, monitoring, access controls, and other controls where appropriate. While we take reasonable steps to protect your information, we cannot guarantee the security of all systems against any potential incident. If we ever learn of a breach of your information, then we will notify you in accordance with applicable law.
Protecting Your Username and Password
It is extremely important that you keep any of your usernames and passwords for Sutter Sites completely confidential. Anyone with access to your username and password will be able to assume your online identity and view your information. It is your responsibility to prevent disclosure of your usernames and passwords and to change your usernames and passwords if you feel that their security has been compromised.
Please note that no one from Sutter will ever ask you for your passwords.
The California Consumer Privacy Act (“CCPA”) grants California residents certain additional privacy rights. The CCPA does not encompass “protected health information” that is governed by HIPAA or “medical information” that is governed by the California Confidentiality of Medical Information Act. Accordingly, our HIPAA Notice of Privacy Practices generally will govern HIPAA protected health information. This section, in contrast, will cover information on California residents who are employees, who visit the Sites but are not identifiable as patients, and information on California residents that Sutter otherwise creates or receives but that is not subject to HIPAA or the California Confidentiality of Medical Information Act. This section applies to both information that Sutter collects through the Sites and information it creates or receives offline, including hard copy information.
Information of California Residents that We Collect, How We Use It, and Who We May Share it With
The following lists the categories of information we collect about California residents, describes how we use the information, and lists the categories of third-parties with whom information has been shared with during the previous twelve months.
| Category of Personal Information | Category of Source of Personal Information | Business Purpose for Which the Information Will be Used | Categories of Third Parties with Whom the Information May be Sold, Shared or Disclosed | Personal Information Sold or Shared | Personal Information Disclosed to Third Parties and Purpose |
|---|---|---|---|---|---|
| Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, signature, physical characteristics or description, telephone number, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number or other similar identifiers. | Consumer, Service Providers | Used for marketing communication purposes. Used for philanthropic communications and recording keeping. Used for account maintenance in accounts created for apps. Used for legal and regulatory obligations. Used to perform employment contracts. Used for compliance, auditing, and quality assurance purposes. Used for employment and business functions. |
Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, legal, compliance, employment management, information technology, payment, quality assurance, document exchange, auditing, managed services, financial, feedback and security services. | No. | For data analysis, customer experience, marketing, compliance, investigations, communications, delivery of goods, troubleshooting, recording-keeping payment processing. |
| Biometric information | Consumer | Used for post offer, pre-placement assessments. Used for legal and regulatory obligations. Used to perform employment contracts. Used for a limited number of positions that required fingerprinting upon hire and verification on a recurring basis. |
Employment management and security services. | No. | For employment contracts. |
| Professional or Employment | Consumer, Service Providers, third parties | Used for evaluation of candidates for employment. Used for management of employment relationship and operations, administration of employee payroll, tax, benefit, accommodation, leave-of-absence, workers’ compensation, and similar programs, and maintaining compliance with applicable laws and employment-related requirements. Used for identification of business represented by an individual, including title and role with that business or organization. Used for legal and regulatory obligations. Used to perform employment contracts. |
Employment management, security services, transaction completion, due diligence, legal. | No. | For data analysis, customer experience, marketing, compliance, investigations, communications, recording-keeping. |
| Characteristics of Protected Classifications | Consumer | Used for Equal Opportunity reporting to government in compliance with regulations. Used for legal and regulatory obligations. Used to perform employment contracts. |
Government entities, legal, compliance, employment management. | No. | For government and employment management purposes. |
| Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. | Consumer, Service providers | Used for cookies and other web technologies to assist with navigation, improve our products and services, assist with marketing efforts, and provide content from third parties. Used for administering compliance with policies governing appropriate use of Sutter technology and equipment. Used for legal and regulatory obligations. Used to perform employment contracts. |
Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, legal, compliance, employment management, information technology, payment, quality assurance, document exchange, auditing, managed services, financial, feedback and security services. | No. | For data analysis, customer experience, marketing, compliance, investigations, communications, delivery of goods, troubleshooting. |
| Education Information | Consumer, Service Providers | Used for monitoring compliance with regulatory requirements and evaluating candidates for jobs. Used for legal and regulatory obligations. Used to perform employment contracts. |
Government entities, legal, compliance, employment management. | No. | For government and employment management purposes. |
| Geolocation Data | Consumer, Electronic Devices, Browsers | Used to provide customized content based on location from a device. Used for administering compliance with policies governing appropriate use of Sutter technology and equipment. Used within premises for integrating with call light response systems, hand hygiene systems, and personal duress button safety response measures. |
Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks. | No. | For marketing purposes and quality assurance. |
| Audio, electronic, visual, or similar information. | Consumer, Service Providers | Used to provide internal security services and customer service interactions and or advertising and marketing. | Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks. | No. | For marketing and quality assurance purposes. |
| Sensitive Personal Information | Consumer, Service Providers | Used for legal and regulatory obligations. Used to perform employment contracts. Used for identity verification purposes. Used for transaction completion purposes. |
Government entities. | No. | For compliance obligations and employment management purposes. |
Rights Regarding Your Personal Information
The following are the rights provided to California residents under the CCPA.
To exercise these CCPA rights, you may visit sutterhealth.org/privacy or call us at (855) 771-4220. For requests of access and deletion, Sutter will use the information you provide in your request to verify your identity and to identify the presence of the requestor in our systems. Information required for a request to access or delete personal information includes: Name, date of birth, email address, phone number, and address.
Consumers may elect to designate an authorized agent to make their request. For more information on authorized agents under the CCPA, please visit the California Attorney General’s website.
We will honor any legal right you may have to access such information, but fees, if permitted by law, may apply.
If you have questions about your rights related to your health information, please visit our Notice of Privacy Practices.
Retention of Your Personal Information
We retain your Personal Information only as long as necessary for the purpose for which it was collected. Sutter may retain your data until the set retention period for the data expires. In some instances, such as to comply with a legal or tax obligation, Sutter may be required to maintain your Personal Information longer.
As state and federal laws change, and as we add new features to our Sites, Sutter may periodically revise this Policy. We will post changes to this policy on our Sites. Your continued use of our Sites following the posting of changes will mean you accept those changes.
For questions about our privacy practices, please contact us at shpi@sutterhealth.org or (855) 771-4220.
Review Date: 8/1/2024
Effective Date: 8/1/2024
