PLEASE NOTE: For information about how Sutter Health and its affiliates may use and disclose medical information about you, including information that is provided through Sutter’s patient portal, My Health Online, how you can get access to this information, and other rights under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), please review our Notice of Privacy Practices.
Sutter Health and its affiliates (“hereafter, “Sutter”) are committed to providing you with quality healthcare and fostering a relationship. This privacy policy (“Policy”) describes how we collect, use, and disclose information that you submit to us or that we collect through any Sutter website or mobile application (collectively, “Sites”). The Section titled Information of California Residents also encompasses certain other information of California residents, including hard copy information and information collected outside of the Sites.
By accessing our Sites, you agree to the terms of this Policy, including the collection, use, and disclosure of your information, as described in this Policy.
Links to External Web Sites
Sutter's Sites have links to external Internet pages, including social media platforms and websites that might have information on health topics of interest to you. Sutter, however, does not make any guarantee, warranty or representation regarding the accuracy of the information contained on the websites. In addition, Sutter has no control over the privacy or security practices of external websites. You should read and understand the policies of all websites with respect to these practices. These links are provided for your general information and education only, and should NOT be relied upon for personal diagnosis or treatment. If you have questions, please contact your clinician.
Information You Provide Us Directly
Sutter may collect certain information from you, such as your name, address, phone number, email address, or other demographic information when you request additional information, search and apply for a job with Sutter, fill out a contact form, submit feedback to Sutter, attend a Sutter event, or otherwise engage with us. We may retain any messages you send us through the Sites pursuant to our retention policies. We use this information to operate, maintain, and provide you a superior website user experience as well as provide you information about Sutter.
If you apply for employment at Sutter, you may choose to provide information about yourself as well as information regarding your education, employment history, demographic/equal employment opportunity data, educational history, degrees, certifications, credentials, references, locations, and other information included in your resume and in the application for employment that you submit.
Information We May Receive From Third Parties
We also may collect information regarding how you interact with our Sites and other websites, such as Sutter pages and content on social media platforms. For example, if you “like” a photo on one of our social media sites, we may collect information related to that interaction. In some cases, we may receive information about you from third parties. Sutter may receive information about you that you directly provided to a third party. For instance, Sutter may use a third party to manage event registrations. The third party would provide Sutter registrants’ data to facilitate the event.
Analytics Information
Sutter uses website analytics to provide you the best possible experience with our web platforms, Sites and offerings. For example, when we send you emails, we may use technologies to determine whether the email has been opened and whether the links contained in it have been clicked on. We may combine this data with other information collected to measure your interest in Sutter, improve our offerings to audiences, or our marketing campaigns, as well as tailor our interactions with you.
Some of our Sites may use website analytics vendors to better understand usage of our Sites or for offerings to audiences or general marketing campaigns. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving our Sites and offerings.
Opt out options are provided on Sutter’s Cookies Preferences page and Privacy Request Form.
Cookies
Sutter may place Internet "cookies" on the computer or other devices used by visitors to our Sites. Cookies are small text files that contain small amounts of information and are downloaded to your device. Cookies help us and/or the third parties who provide such cookies obtain information about your use of our Sites and assist us in our offerings. Sutter uses two types of cookies: "session" cookies and "persistent" cookies.
A session cookie is temporary and expires after you end a session and close a Web browser. We may use session cookies to help customize visitors' experiences on our Sites, maintain a signed-on status while exploring the Sites, and track which Web pages visitors view on our Sites.
On the other hand, persistent cookies remain on your hard drive. For instance, we use a persistent cookie when we ask you to agree to the use of an educational resource so that when you return to that resource later, you do not need to go through the agreement page again.
We use cookies to help us tailor our Sites to our users and in our offerings or for marketing. Some features of our Sites may not work as intended if you decline to allow cookies or deactivate cookies. For instructions on how to remove existing cookies from your hard drive and/or block cookies from all websites, go to your browser's Web site for detailed instructions. Additionally, Sutter has a webpage for you to opt-in or out of the use of certain cookies by Sutter going forward. You may visit this website at sutterhealth.org/privacy/cookie-preference.
In addition, further information regarding cookies may be available from your Internet service provider, operating system, or browser provider. Please review how to delete and remove existing cookies and block future cookies from your device, as well as making your opt-in or opt-out election with regard to future use of certain cookies by Sutter.
Log File Information
Log file information is sent automatically to Sutter by your browser each time you visit our Sites. This is not dependent on the presence or use of cookies and is unaffected by your opt-in or opt-out election concerning cookies. These logs may contain information such as the Internet domain from which you access our Sites; the date and time you visited our Sites; the areas of our Sites that you viewed; your computer's IP address that is automatically assigned when you log onto the Internet; the type of browser and operating system you use; and the address of the Web site you came from, if any.
Sutter uses log file information to help us design our Sites; identify popular features; resolve user, hardware and software problems; and make the Sites more useful to patients and other visitors.
Web Beacon
A web beacon is a small image file on a web page that may be used to collect certain information from your device. This information may include IP address, time of access, browser, and identification of cookies. Sutter, or its vendors, may utilize web beacons to track visitor statistics and manage cookies.
In some of our newsletters or other email communications, we may track recipient actions with the email. This may include opening the email or clicking a link included in the email. This is used to monitor user engagement with our communications.
Location Data
Sutter may utilize a feature that, when you access the Sites by or through a mobile device or through your browser, accesses, collects, monitors and/or remotely stores “location data,” and may include GPS coordinates (longitude and latitude) or similar information regarding the location of your device. This data may be used to convey information about how you browse and use the Sites, as well as provide you personalized information based on that location data (such as the closest Sutter location to you). You may opt-in or opt-out of sharing location data from your computer by clicking the location icon on the top left of the Site.
We may use your information:
We may disclose your information:
If you use our Sites from outside the United States, you consent to the transfer of your information to the United States, and the use and disclosure of your information as permitted under United States laws.
We may combine information collected through different Sites or portions of Sites. In the event we combine personal information collected through our Sites with your personal health information, we will use and disclose such combined information as described in our Notice of Privacy Practices, which relates to our collection, use, and disclosure of medical information.
Protecting your information is a top priority at Sutter. In addition to applying confidentiality policies that govern access and use of information by Sutter clinicians and staff, we have implemented physical, administrative, and technical security features and methods designed to safeguard your data in our information systems, including the use of, as appropriate, encryption, firewalls, monitoring, access controls, and other controls where appropriate. While we take reasonable steps to protect your information, we cannot guarantee the security of all systems against any potential incident. If we ever learn of a breach of your information, then we will notify you in accordance with applicable law.
Protecting Your Username and Password
It is extremely important that you keep any of your usernames and passwords for Sutter Sites completely confidential. Anyone with access to your username and password will be able to assume your online identity and view your information. It is your responsibility to prevent disclosure of your usernames and passwords and to change your usernames and passwords if you feel that their security has been compromised.
Please note that no one from Sutter will ever ask you for your passwords.
The California Consumer Privacy Act (“CCPA”) grants California residents certain additional privacy rights. The CCPA does not encompass “protected health information” that is governed by HIPAA or “medical information” that is governed by the California Confidentiality of Medical Information Act. Accordingly, our HIPAA Notice of Privacy Practices generally will govern HIPAA protected health information. This section, in contrast, will cover information on California residents who are employees, who visit the Sites but are not identifiable as patients, and information on California residents that Sutter otherwise creates or receives but that is not subject to HIPAA or the California Confidentiality of Medical Information Act. This section applies to both information that Sutter collects through the Sites and information it creates or receives offline, including hard copy information.
Information of California Residents that We Collect, How We Use It, and Who We May Share it With
The following lists the categories of information we collect about California residents, describes how we use the information, and lists the categories of third-parties with whom information has been shared with during the previous twelve months.
| Category of Personal Information | Category of Source of Personal Information | Business Purpose for Which the Information Will be Used | Categories of Third Parties with Whom the Information May be Sold, Shared or Disclosed | Personal Information Sold or Shared | Personal Information Disclosed to Third Parties and Purpose |
|---|---|---|---|---|---|
| Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, signature, physical characteristics or description, telephone number, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number or other similar identifiers. | Consumer, Service Providers | Used for marketing communication purposes. Used for philanthropic communications and recording keeping. Used for account maintenance in accounts created for apps. Used for legal and regulatory obligations. Used to perform employment contracts. Used for compliance, auditing, and quality assurance purposes. Used for employment and business functions. |
Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, legal, compliance, employment management, information technology, payment, quality assurance, document exchange, auditing, managed services, financial, feedback and security services. | No. | For data analysis, customer experience, marketing, compliance, investigations, communications, delivery of goods, troubleshooting, recording-keeping payment processing. |
| Biometric information | Consumer | Used for post offer, pre-placement assessments. Used for legal and regulatory obligations. Used to perform employment contracts. Used for a limited number of positions that required fingerprinting upon hire and verification on a recurring basis. |
Employment management and security services. | No. | For employment contracts. |
| Professional or Employment | Consumer, Service Providers, third parties | Used for evaluation for evaluation of candidates for employment. Used for management of employment relationship and operations, administration of employee payroll, tax, benefit, accommodation, leave-of-absence, workers’ compensation, and similar programs, and maintaining compliance with applicable laws and employment-related requirements. Used for identification of business represented by an individual, including title and role with that business or organization. Used for legal and regulatory obligations. Used to perform employment contracts. |
Employment management, security services, transaction completion, due diligence, legal. | No. | For data analysis, customer experience, marketing, compliance, investigations, communications, recording-keeping. |
| Characteristics of Protected Classifications | Consumer | Used for Equal Opportunity reporting to government in compliance with regulations. Used for legal and regulatory obligations. Used to perform employment contracts. |
Government entities, legal, compliance, employment management. | No. | For government and employment management purposes. |
| Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. | Consumer, Service providers | Used for cookies and other web technologies to assist with navigation, improve our products and services, assist with marketing efforts, and provide content from third parties. Used for administering compliance with policies governing appropriate use of Sutter technology and equipment. Used for legal and regulatory obligations. Used to perform employment contracts. |
Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, legal, compliance, employment management, information technology, payment, quality assurance, document exchange, auditing, managed services, financial, feedback and security services. | No. | For data analysis, customer experience, marketing, compliance, investigations, communications, delivery of goods, troubleshooting. |
| Education Information | Consumer, Service Providers | Used for monitoring compliance with regulatory requirements and evaluating candidates for jobs. Used for legal and regulatory obligations. Used to perform employment contracts. |
Government entities, legal, compliance, employment management. | No. | For government and employment management purposes. |
| Geolocation Data | Consumer, Electronic Devices, Browsers | Used to provide customized content based on location from a device. Used within premises for integrating with call light response systems, hand hygiene systems, and personal duress button safety response measures. |
Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks. | No. | For marketing purposes and quality assurance. |
| Audio, electronic, visual, or similar information. | Consumer, Service Providers | Used to provide internal security services and customer service interactions and or advertising and marketing. | Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks. | No. | For marketing and quality assurance purposes. |
| Sensitive Personal Information | Consumer, Service Providers | Used for legal and regulatory obligations. Used to perform employment contracts. Used for identity verification purposes. Used for transaction completion purposes. |
Government entities. | No. | For compliance obligations and employment management purposes. |
Rights Regarding Your Personal Information
The following are the rights provided to California residents under the CCPA.
To exercise these CCPA rights, you may visit sutterhealth.org/privacy or call us at (855) 771-4220. For requests of access and deletion, Sutter will use the information you provide in your request to verify your identity and to identify the presence of the requestor in our systems. Information required for a request to access or delete personal information includes: Name, date of birth, email address, phone number, and address.
Consumers may elect to designate an authorized agent to make their request. For more information on authorized agents under the CCPA, please visit the California Attorney General’s website.
We will honor any legal right you may have to access such information, but fees, if permitted by law, may apply.
If you have questions about your rights related to your health information, please visit our Notice of Privacy Practices.
Retention of Your Personal Information
We retain your Personal Information only as long as necessary for the purpose for which it was collected. Sutter may retain your data until the set retention period for the data expires. In some instances, such as to comply with a legal or tax obligation, Sutter may be required to maintain your Personal Information longer.
As state and federal laws change, and as we add new features to our Sites, Sutter may periodically revise this Policy. We will post changes to this policy on our Sites. Your continued use of our Sites following the posting of changes will mean you accept those changes.
For questions about our privacy practices, please contact us at shpi@sutterhealth.org or (855) 771-4220.
Review Date: 12/29/2022
Effective Date: 1/1/2023
Check-ups, screenings and sick visits for adults and children.
Expertise and advanced technologies in all areas of medicine.
For serious accidents, injuries and conditions that require immediate medical care.
After-hours, weekend and holiday services.
Convenient walk-in care clinics for your non-urgent health needs.
We use cookies to give you the best possible user experience. By continuing to use the site, you agree to the use of cookies. Privacy Policy Cookie Preferences