PLEASE NOTE: For information about how Sutter Health and its affiliates may use and disclose medical information about you, including information that is provided through Sutter’s secure portal, MyHealthOnline, how you can get access to this information, and other rights under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), please review our Notice of Privacy Practices.
Sutter Health and its affiliates (“hereafter, “Sutter”) are committed to providing you with quality healthcare and fostering a relationship. This privacy policy (“Policy”) describes how we collect, use, and disclose information that you submit to us or that we collect through any Sutter website or mobile application (collectively, “Sites”). The Section titled Information of California Residents also encompasses certain other information of California residents, including hard copy information and information collected outside of the Sites.
By accessing our Sites, you agree to the terms of this Policy, including the collection, use, and disclosure of your information, as described in this Policy.
Links to Outside Web Sites
Sutter's Sites have links to outside Internet pages, including social media platforms and websites that might have information on health topics of interest to you. Sutter, however, does not make any guarantee, warranty or representation regarding the accuracy of the information contained on the websites. In addition, Sutter has no control over the privacy or security practices of external websites. You should read and understand the policies of all websites with respect to these practices. These links are provided for your general information and education only, and should NOT be relied upon for personal diagnosis or treatment. If you have questions, please contact your clinician.
Information You Provide Us Directly
Sutter may collect certain information from you, such as your name, address, phone number, email address, or other demographic information when you request additional information, fill out a contact form, submit feedback, attend a Sutter event, or otherwise contact us. We may retain any messages you send us through the Sites. We use this information to operate, maintain, and provide you a superior website and user experience as well as provide you information about Sutter.
If you apply for employment at Sutter through our Sites, you may choose to provide information about yourself as well as information regarding your education, employment history, demographic/equal employment opportunity data, educational history, degrees, certifications, credentials, references, locations, and other information included in your resume and in the application for employment that you submit.
Information We May Receive From Third Parties
We also may collect information regarding how you interact with our Sites and other websites, such as Sutter pages and content on social media platforms. For example, if you “like” a photo on one of our social media sites, we may collect information related to that interaction. In some cases, we may receive information about you from third parties. Sutter may receive information about you that you directly provided to a third party. For instance, Sutter may use a third party to manage event registrations. The third party would provide Sutter registrants’ data to facilitate the event.
Analytics Information
Sutter uses website analytics to provide you the best possible experience with our web platforms, Sites and offerings. For example, when we send you emails, we may use technologies to determine whether the email has been opened and whether the links contained in it have been clicked on. We may combine this data with other information collected to measure your interest in Sutter, improve our offerings to audiences, or our marketing campaigns, as well as tailor our interactions with you.
Some of our Sites may use Google Analytics or other website analytics vendors to better understand usage of our Sites or for offerings to audiences or general marketing campaigns. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving our Sites and offerings.
You may opt out of Google Analytics by following the instructions at: https://tools.google.com/dlpage/gaoptout. Additionally, you may opt out of certain tracking by many third party advertisers by following the instructions found on the following Web sites: Network Advertising Initiative and Digital Advertising Alliance. Additional opt out options are provided on Sutter’s Cookies Preferences page and Privacy Request Form.
Cookies
Sutter may place Internet "cookies" on the computer or other devices used by visitors to our Sites. Cookies are small text files that contain small amounts of information and are downloaded to your device. Cookies help us and/or the third parties who provide such cookies obtain information about your use of our Sites and assist us in our offerings. Sutter uses two types of cookies: "session" cookies and "persistent" cookies.
A session cookie is temporary and expires after you end a session and close a Web browser. We may use session cookies to help customize visitors' experiences on our Sites, maintain a signed-on status while exploring the Sites, and track which Web pages visitors view on our Sites.
On the other hand, persistent cookies remain on your hard drive. For instance, we use a persistent cookie when we ask you to agree to the use of an educational resource so that when you return to that resource later, you do not need to go through the agreement page again.
We use cookies to help us tailor our Sites to our users and in our offerings or for marketing. Some features of our Sites may not work as intended if you decline to allow cookies or deactivate cookies. For instructions on how to remove existing cookies from your hard drive and/or block cookies from all websites, go to your browser's Web site for detailed instructions. Additionally, Sutter has a webpage for you to opt-in or out of the use of certain cookies by Sutter going forward. You may visit this website at sutterhealth.org/privacy/cookie-preference.
In addition, further information regarding cookies may be available from your Internet service provider, operating system, or browser provider. Please review how to delete and remove existing cookies and block future cookies from your device, as well as making your opt-in or opt-out election with regard to future use of certain cookies by Sutter.
The collection, use, and disclosure of your information, as described in this Policy, may continue regardless of whether or not you enable “Do Not Track” functionality on your browser or device.
Log File Information
Log file information is sent automatically to Sutter by your browser each time you visit our Sites. This is not dependent on the presence or use of cookies and is unaffected by your opt-in or opt-out election concerning cookies. These logs may contain information such as the Internet domain from which you access our Sites; the date and time you visited our Sites; the areas of our Sites that you viewed; your computer's IP address that is automatically assigned when you log onto the Internet; the type of browser and operating system you use; and the address of the Web site you came from, if any.
The log file information is stored securely and may only be accessed by Sutter employees or designees on a professional need-to-know basis for a specific purpose. Sutter uses log file information to help us design our Sites; identify popular features; resolve user, hardware and software problems; and make the Sites more useful to patients and other visitors.
Web Beacon
A web beacon is a small image file on a web page that may be used to collect certain information from your device. This information may include IP address, time of access, browser, and identification of cookies. Sutter, or its vendors, may utilize web beacons to track visitor statistics and manage cookies.
In some of our newsletters or other email communications, we may track recipient actions with the email. This may include opening the email or clicking a link included in the email. This is used to monitor user engagement with our communications.
Location Data
Sutter may utilize a feature that, when you access the Sites by or through a mobile device or through your browser, accesses, collects, monitors and/or remotely stores “location data,” and shares such data with third-parties such as Google, which may include GPS coordinates (longitude and latitude) or similar information regarding the location of your device. This data may be used to convey information about how you browse and use the Sites, as well as provide you personalized information based on that location data. You may opt-in or opt-out of sharing location data from your computer by clicking the location icon on the top left of the Site. You may clear the location data from the same drop down menu. Most mobile devices allow you to change or disable this functionality by changing the device settings.
We may use your information:
We may share your information, including information collected through our Sites, under the following circumstances:
If you use our Sites from outside the United States, you consent to the transfer of your information to the United States, and the use and disclosure of your information as permitted under United States laws.
We may combine information collected through different Sites or portions of Sites. In the event we combine personal information collected through our Sites with your personal health information, we will use and disclose such combined information as described in our Notice of Privacy Practices, which relates to our collection, use, and disclosure of medical information.
Accessing Your Online Health Record through My Health Online
We request a limited set of identifying information from you in order to grant you access to our Sites branded as My Health Online or My Chart, and to customize your experience. Once logged in to My Health Online, you can access certain information related to your medical care. Your medical information will be used and disclosed in accordance with our Notice of Privacy Practices for health information.
Protecting your information is a top priority at Sutter. In addition to applying confidentiality policies that govern access and use of information by Sutter clinicians and staff, we have implemented physical, administrative, and technical security features and methods designed to safeguard your data in our information systems, including the use of, as appropriate, encryption, firewalls, monitoring, access controls, and other controls where appropriate. While we take reasonable steps to protect your information, we cannot guarantee the security of all systems against any potential breach. If we ever learn of a breach of your information, then we will notify you in accordance with applicable law.
Protecting Your Username and Password
It is extremely important that you keep any of your usernames and passwords for Sutter Sites completely confidential. Anyone with access to your username and password will be able to assume your online identity and view your information. For example, anyone with access to your My Health Online username and password will be able to view your medical information, add comments to your record, and communicate with your Sutter care team. It is your responsibility to prevent disclosure of your usernames and passwords and to change your usernames and passwords if you feel that their security has been compromised.
You can change your My Health Online password by logging in to your account and clicking the "Password Settings" link in the "Profile" section of the top menu, where applicable. If you have any questions regarding the security of your password, please call our patient services department at (866) 978-8837. For other accounts, such as Sutter’s career portal, please use the “forgot password” link to reset your password.
Please note that no one from Sutter will ever ask you for your passwords.
Sutter does not knowingly collect or solicit information from anyone under the age of 13. The Sites and their content are not directed at children under the age of 13, except as general medical educational information. If Sutter is made aware of collecting information of a child under 13 we will delete this information. Sutter encourages parents and guardians to take an active role in their children’s online and mobile activities and interests.
The California Consumer Privacy Act (“CCPA”) grants California residents certain additional privacy rights. The CCPA does not encompass “protected health information” that is governed by HIPAA or “medical information” that is governed by the California Confidentiality of Medical Information Act. Accordingly, our HIPAA Notice of Privacy Practices generally will govern HIPAA protected health information. This section, in contrast, will cover information on California residents who are employees, who visit the Sites but are not identifiable as patients, and information on California residents that Sutter otherwise creates or receives but that is not subject to HIPAA or the California Confidentiality of Medical Information Act. This section applies to both information that Sutter collects through the Sites and information it creates or receives offline, including hard copy information.
Information of California Residents that We Collect, How We Use It, and Who We May Share it With
The following lists the categories of information we collect about California residents, describes how we use the information, and lists the categories of third-parties with whom information has been shared with during the previous twelve months.
| Category of Personal Information | Business Purpose for which the information will be used | Categories of Third Parties with whom the information may Sold or Disclosed |
|---|---|---|
| Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, signature, physical characteristics or description, telephone number, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number or other similar identifiers. | Used for marketing communication purposes. Used for philanthropic communications and recording keeping. Used for account maintenance in accounts created for apps. |
Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, and consumer data resellers. |
| Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. | Used for cookies and other web technologies to assist with navigation, improve our products and services, assist with marketing efforts, and provide content from third parties. | Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, and consumer data resellers. |
| Geolocation data. | Used to provide customized content based on location from a device. | Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, and consumer data resellers. |
| Audio, electronic, visual, or similar information. | Used to provide internal security services and customer service interactions and or advertising and marketing. | Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, and consumer data resellers. |
Accessing, Deleting, and Opting-out of the Sale of Your Information
The following are the rights provided to California residents under the CCPA.
To exercise these CCPA rights, you may visit sutterhealth.org/privacy or call us at (855) 771-4220. For requests of access and deletion, Sutter will use the information you provide in your request to verify your identity and to identify the presence of the requestor in our systems. Information required for a request to access or delete personal information includes: Name, date of birth, email address, phone number, and address.
Consumers may elect to designate an authorized agent to make their request. For more information on authorized agents under the CCPA, please visit the California Attorney General’s website.
We will honor any legal right you may have to access such information, but fees, if permitted by law, may apply.
If you have questions about your rights related to your health information, please visit our Notice of Privacy Practices.
As state and federal laws change, and as we add new features to our Sites, Sutter may periodically revise this Policy. We will post changes to this policy on our Sites. Your continued use of our Sites following the posting of changes will mean you accept those changes.
For questions about our privacy practices, please contact us at shpi@sutterhealth.org or (855) 771-4220.
For questions, concerns, and suggestions about the content on My Health Online, Contact Us. Note, email to us via this link is not encrypted or secure so please do not include any personal health information or other sensitive information in your email.
Review Date: 12/19/2019
Effective Date: 1/1/2020
Check-ups, screenings and sick visits for adults and children.
Expertise and advanced technologies in all areas of medicine.
For serious accidents, injuries and conditions that require immediate medical care.
After-hours, weekend and holiday services.
Convenient walk-in care clinics for your non-urgent health needs.
We use cookies to give you the best possible user experience. By continuing to use the site, you agree to the use of cookies. Privacy Policy Cookie Preferences.