Privacy and Disclosure Statements
Sutter Health’s Privacy Policy
PLEASE NOTE: For information about how Sutter Health and its affiliates may use and disclose medical information about you, including information that is provided through Sutter’s patient portal, My Health Online, how you can get access to this information, and other rights under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), please review our Notice of Privacy Practices.
Introduction
Sutter Health and its affiliates (“hereafter, “Sutter”) are committed to providing you with quality healthcare and fostering a relationship. This privacy policy (“Policy”) describes how we collect, use, and disclose information that you submit to us or that we collect through any Sutter website or mobile application (collectively, “Sites”). The Section titled Information of California Residents also encompasses certain other information of California residents, including hard copy information and information collected outside of the Sites.
By accessing our Sites, you agree to the terms of this Policy, including the collection, use, and disclosure of your information, as described in this Policy.
Links to External Web Sites
Sutter's Sites have links to external Internet pages, including social media platforms, event registration platforms, and websites that might have information on health topics of interest to you. Sutter, however, does not make any guarantee, warranty or representation regarding the accuracy of the information contained on the websites. In addition, Sutter has no control over the privacy or security practices of external websites. You should read and understand the policies of all websites with respect to these practices. These links are provided for your general information and education only, and should NOT be relied upon for personal diagnosis or treatment. If you have questions, please contact your clinician.
Information We Collect
Information You Provide Us Directly
Sutter may collect certain information from you, such as your name, address, phone number, email address, or other demographic information when you request additional information, search and apply for a job with Sutter, fill out a contact form or webform, submit feedback to Sutter, attend a Sutter event, interact with the chatbot, or otherwise engage with us. When you interact with these features, your interaction may be captured and retained. We may retain any messages you send us through the Sites pursuant to our retention policies. We use this information to operate, maintain, and provide you a superior website user experience as well as provide you information about Sutter.
If you apply for employment at Sutter, you may choose to provide information about yourself as well as information regarding your education, employment history, demographic/equal employment opportunity data, educational history, degrees, certifications, credentials, references, locations, and other information included in your resume and in the application for employment that you submit.
By submitting personal information to Sutter and/or through any of our Sites, you understand that we, and/or our vendors, may process the information obtained through the feature to provide services on our behalf.
Information We May Receive From Third Parties
We also may collect information regarding how you interact with our Sites and other websites, such as Sutter pages and content on social media platforms. For example, if you “like” a photo on one of our social media sites or click on an ad for Sutter, we may collect information related to that interaction. In some cases, we may receive information about you from third parties. Sutter may receive information about you that you directly provided to a third party. For instance, Sutter may use a third party to manage event registrations. The third party would provide Sutter registrants’ data to facilitate the event.
Analytics Information
Sutter uses website analytics to provide you the best possible experience with our web platforms, Sites and offerings. For example, when we send you emails, we may use technologies to determine whether the email has been opened and whether the links contained in it have been clicked on. We also capture analytics about how you engage with our Sites and services provided to you on those sites. We may combine this data with other information collected to measure your interest in Sutter, improve our offerings to audiences, or our marketing campaigns, as well as tailor our interactions with you.
Some of our Sites may use website analytics vendors to better understand usage of our Sites or to tailor our offerings. These tools collect information directly from your device, including ads for Sutter that you interacted with, the pages you visit, the links and services you engage with, and other information that assists us in improving our Sites and offerings.
We will not collect this information until you have first provided consent by clicking 'Accept All' on the privacy banner, closing the privacy banner, or by continuing to use our website without closing the banner. You may update your consent preferences at our Tracking Technologies Preference Center page or Privacy Request Form.
Cookies
Sutter may place Internet "cookies" or other technologies on the computer or other devices used by visitors to our Sites. Some of the data these technologies collect may include Device ID, IP address, Web URL, and other data that help us make our Site better for you.
Some of the cookies and other technologies we use include, but are not limited to Java, JavaScript, Tealium, Amplitude, Tag Managers, Microsoft, DigiCert, Modernizr, RequireJS, CDNJS, Webtrends, Microdata, HTML5, UTF-8, Orbita, and Phenom People.
Cookies are small text files that contain small amounts of information and are downloaded to your device. Cookies help us and/or the third parties who provide such cookies obtain information about your use of our Sites and assist us in our offerings. Sutter uses multiple types of cookies including, but not limited to: first-party, session, and persistent cookies.
A first-party cookie is installed by the website. This type of cookie enables us to collect analytics data, remember language sets, and perform other functions that permit us to provide you the best user experience.
A session cookie is temporary and expires after you end a session and close a Web browser. We may use session cookies to help customize visitors' experiences on our Sites, maintain a signed-on status while exploring the Sites, and track which Web pages visitors view on our Sites.
On the other hand, persistent cookies remain on your hard drive. For instance, we use a persistent cookie when we ask you to agree to the use of an educational resource so that when you return to that resource later, you do not need to go through the agreement page again. Persistent cookies will not contain any personal health information about you.
We use cookies and these other technologies to help us tailor our Sites to our users and in our offerings or for marketing. Some features of our Sites may not work as intended if you decline to allow cookies or deactivate cookies.
You may have software on your computer that will allow you to decline or deactivate Internet cookies, but if you do so, some features of the Site may not work properly for you. For instructions on how to remove existing cookies from your hard drive and/or block cookies from all websites, go to your Internet service provider, operating system, or browser’s Web site for detailed instructions. Additionally, Sutter has a webpage for you to opt-in or out of the use of certain cookies by Sutter going forward. You may visit this website cookie Settings.
If you opt-out of certain cookies by Sutter, the strictly necessary cookies will still be used to enable core functionality such as security, network management, and accessibility. These cookies are necessary for the site to work properly and cannot be disabled in our systems. These cookies may collect Device ID and other information that is needed to enable functions, such as consent and session management. Please note that you can set your browser to block these technologies, but this may affect how the site functions.
Career Site Cookies
Please note that your cookie preferences from our main Sutter Health Site (www.sutterhealth.org) do not carry over to our Career Site (jobs.sutterhealth.org). You will need to select your cookie preferences again to ensure your choices are applied.
You can read more about the cookies we use on our Career Site and change your cookie settings here.
Career Site Chatbot
The chatbot technology on our Career Website is operated by a third party, Phenom People, which may collect certain information, including, but not limited to information provided by you during your interaction, such as your name, email address, location, and other personal and non-personal data. The information is collected and/or processed by the third party operating the chatbot for the purpose of improving your experience and providing personalized content delivery, such as job postings that may fir your interests, and may be stored and linked to your account if you choose to apply for a job with us.
Chatbot
The chatbot technology on our website is operated by a third party, Orbita, which may collect certain information, including, but not limited to IP address, or information provided by you during your interaction, such as your name, email address, location, and other personal and non-personal data. This information is collected and/or processed solely by the third party operating the chatbot technology for the purpose of improving user experience and providing personalized content delivery and is not shared with Sutter except to inform Sutter about total usage of the chatbot function. By using this chatbot you consent to the collection and use of data as described herein.
Log File Information
Log file information is sent automatically to Sutter by your browser each time you visit our Sites. This is not dependent on the presence or use of cookies and is unaffected by your opt-in or opt-out election concerning cookies. These logs may contain information such as the Internet domain from which you access our Sites; the date and time you visited our Sites; the areas of our Sites that you viewed; your computer's IP address that is automatically assigned when you log onto the Internet; the type of browser and operating system you use; and the address of the Web site you came from, if any.
Sutter uses log file information to help us design our Sites; identify popular features; resolve user, hardware and software problems; and make the Sites more useful to patients and other visitors.
Web Beacon
A web beacon (also known as "clear gifs," "Web bugs," "1-pixel gifs," etc.) is a small image file on a web page that may be used to collect certain information from your device. In some of our newsletters or other email communications, we may track recipient actions with the email. This may include opening the email or clicking a link included in the email. This is used to monitor user engagement with our communications.
Since Web beacons are used in conjunction with persistent cookies, as described above, if you set your browser to decline or deactivate cookies, Web beacons cannot function.
We do not collect any personal health information with a Web beacon, and do not link Web beacons with any other personal health information you've given us.
Location Data
Sutter may utilize a feature that, when you access the Sites by or through a mobile device or through your browser, accesses, collects, monitors and/or remotely stores “location data,” and may include GPS coordinates (longitude and latitude), IP address, or similar information regarding the location of your device. This data may be used to convey information about how you browse and use the Sites, as well as provide you personalized information based on that location data (such as the closest Sutter location to you). You may opt-in or opt-out of sharing location data from your computer by adjusting your Cookie Preferences.
Use and Disclosure of Information
We may use your information:
- To contact you (for example, sending you a newsletter or other informational materials, offers, announcements, or surveys);
- To manage business relationships, employment lifecycle, or other employee-data purposes;
- To communicate with you about our services, products, and Sites, including to follow up on requests or questions that you may submit;
- To send you emails or text messages regarding upcoming events, newsletters, etc. (if you do not wish to receive these communications, you may opt out using the “unsubscribe” link in the email or replying “STOP” for text message);
- To provide marketing and advertising communications;
- To maintain our philanthropic endeavors and programs;
- To track and analyze use of our Sites;
- To prevent, detect, and investigate misuse, fraud, and illegal activities;
- To enhance and maintain our Sites, services, and products;
- To complete a transaction;
- To administer surveys or contests, as applicable;
- For any lawful, legitimate business purpose; and
- As otherwise necessary to perform the services Sutter Health provides.
We may disclose your information:
- With our service providers who perform certain services or functions on our behalf (for example, we may share your information with a hosting service provider who hosts one of our Sites that you have visited, or with a benefits administrator for employment benefit purposes);
- In the event of a change in ownership or control, such as a sale or merger (in the event of a sale or merger, we would request the new entity adhere to this Policy, however, we may not have control over the new entity's privacy practices); in accordance with your consent or direction, as permitted by law;
- As required to comply with applicable laws and legal process, including law enforcement requests;
- To investigate and defend our and others’ rights and property (including intellectual property rights); and
- To protect the personal safety of us and others.
If you use our Sites from outside the United States, you consent to the transfer of your information to the United States, and the use and disclosure of your information as permitted under United States laws.
Security Measures
Protecting your information is a top priority at Sutter. In addition to applying confidentiality policies that govern access and use of information by Sutter clinicians and staff, we have implemented physical, administrative, and technical security features and methods designed to safeguard your data in our information systems, including the use of, as appropriate, encryption, firewalls, monitoring, access controls, and other controls where appropriate. While we take reasonable steps to protect your information, we cannot guarantee the security of all systems against any potential incident. If we ever learn of a breach of your information, then we will notify you in accordance with applicable law.
Protecting Your Username and Password
It is extremely important that you keep any of your usernames and passwords for Sutter Sites completely confidential. Anyone with access to your username and password will be able to assume your online identity and view your information. It is your responsibility to prevent disclosure of your usernames and passwords and to change your usernames and passwords if you feel that their security has been compromised.
Please note that no one from Sutter will ever ask you for your passwords.
Information of California Residents
The California Consumer Privacy Act (“CCPA”) grants California residents certain additional privacy rights. The CCPA does not encompass “protected health information” that is governed by HIPAA or “medical information” that is governed by the California Confidentiality of Medical Information Act. Accordingly, our HIPAA Notice of Privacy Practices generally will govern HIPAA protected health information. This section, in contrast, will cover information on California residents who are employees, who visit the Sites but are not identifiable as patients, and information on California residents that Sutter otherwise creates or receives but that is not subject to HIPAA or the California Confidentiality of Medical Information Act. This section applies to both information that Sutter collects through the Sites and information it creates or receives offline, including hard copy information.
Information of California Residents that We Collect, How We Use It, and Who We May Share it With
The following lists the categories of information we collect about California residents, describes how we use the information, and lists the categories of third-parties with whom information has been shared with during the previous twelve months.
The California Consumer Privacy Act (“CCPA”) grants California residents certain additional privacy rights. The CCPA does not encompass “protected health information” that is governed by HIPAA or “medical information” that is governed by the California Confidentiality of Medical Information Act. Accordingly, our HIPAA Notice of Privacy Practices generally will govern HIPAA protected health information. This section, in contrast, will cover information on California residents who are employees, who visit the Sites but are not identifiable as patients, and information on California residents that Sutter otherwise creates or receives but that is not subject to HIPAA or the California Confidentiality of Medical Information Act. This section applies to both information that Sutter collects through the Sites and information it creates or receives offline, including hard copy information.
Information of California Residents that We Collect, How We Use It, and Who We May Share it With
The following lists the categories of information we collect about California residents, describes how we use the information, and lists the categories of third-parties with whom information has been shared with during the previous twelve months.
Rights Regarding Your Personal Information
The following are the rights provided to California residents under the CCPA.
- Right to Access Information
- Sutter, upon receipt of a verifiable request, will provide the requestor the pieces of information that it holds about the individual. If Sutter cannot verify the individual, Sutter will provide the requestor a list of categories of the pieces of information Sutter has collected about the individual.
- Right to Delete Information
- Sutter, upon receipt of a verifiable request, will delete the information it holds about the individual unless an exception under the CCPA applies.
- Right to Opt out of the Sale of Information
- An individual may request that Sutter health not sell or share their personal information.
- NOTE: Under CCPA, the definition of “sale” is very broad. Sutter Health does not sell personal information for financial gain. However, by using third party services, some information sharing might be considered a “sale,” under the CCPA. The definition of “sale” under CCPA includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or third party for monetary or other valuable consideration.”
- An individual may request that Sutter health not sell or share their personal information.
- Right to Correct Information
- Sutter, upon receipt of a verifiable request, will correct inaccuracies about the personal information it holds about the individual, taking into consideration the nature of the personal information and processing of the personal information.
- Right to Limit
- An individual may request that Sutter limit the use and disclosure of an individual’s sensitive personal information.
- Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Right
- You will not receive discriminatory treatment by Sutter by exercising your privacy rights conferred by the CCPA.
To exercise these CCPA rights, you may visit sutterhealth.org/patient-resources/privacy or call us at 855-771-4220. For requests of access and deletion, Sutter will use the information you provide in your request to verify your identity and to identify the presence of the requestor in our systems. Information required for a request to access or delete personal information includes: Name, date of birth, email address, phone number, and address.
Consumers may elect to designate an authorized agent to make their request. For more information on authorized agents under the CCPA, please visit the California Attorney General’s website.
We will honor any legal right you may have to access such information, but fees, if permitted by law, may apply.
If you have questions about your rights related to your health information, please visit our Notice of Privacy Practices.
Retention of Your Personal Information
We retain your Personal Information only as long as necessary for the purpose for which it was collected. Sutter may retain your data until the set retention period for the data expires. In some instances, such as to comply with a legal or tax obligation, Sutter may be required to maintain your Personal Information longer.
Revisions to this Privacy and Security Policy
As state and federal laws change, and as we add new features to our Sites, Sutter may periodically revise this Policy. We will post changes to this policy on our Sites. Your continued use of our Sites following the posting of changes will mean you accept those changes.
Questions, Concerns and Contact Information
For questions about our privacy practices, please contact us at shpi@sutterhealth.org or 855-771-4220.
Review Date: 10/25/2024
Effective Date: 10/25/2024