Jump to content

  • Set Your Location
  • Sign in or Enroll
Set Your LocationSet Your Location
  • Sign in or Enroll
    • Open I want to choose my medical group or hospital
    • Clear my location
Change Location
Sutter Health
  • Video Visits
  • Find Doctors
  • Find Locations
  • Treatments & Services
    • Video Visits
    • Find Doctors
    • Find Locations
    • Treatments & Services
    • COVID-19 Resources
    • Pay a Bill
    • Symptom Checker
    • Get Care Today
    • Health & Wellness
    • Classes & Events
    • Research & Clinical Trials
    • For Patients
    • About Sutter Health
    • Giving
    • Volunteering
    • Careers
    • News
    • For Medical Professionals
    • Other Business Services
Close Search
  • Home
  • Privacy
  • Privacy Policy
Content

Privacy Policy

Sutter Health’s Privacy Policy

PLEASE NOTE: For information about how Sutter Health and its affiliates may use and disclose medical information about you, including information that is provided through Sutter’s patient portal, My Health Online, how you can get access to this information, and other rights under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), please review our Notice of Privacy Practices.

Introduction

Sutter Health and its affiliates (“hereafter, “Sutter”) are committed to providing you with quality healthcare and fostering a relationship. This privacy policy (“Policy”) describes how we collect, use, and disclose information that you submit to us or that we collect through any Sutter website or mobile application (collectively, “Sites”). The Section titled Information of California Residents also encompasses certain other information of California residents, including hard copy information and information collected outside of the Sites.

By accessing our Sites, you agree to the terms of this Policy, including the collection, use, and disclosure of your information, as described in this Policy.

Links to External Web Sites

Sutter's Sites have links to external Internet pages, including social media platforms and websites that might have information on health topics of interest to you. Sutter, however, does not make any guarantee, warranty or representation regarding the accuracy of the information contained on the websites. In addition, Sutter has no control over the privacy or security practices of external websites. You should read and understand the policies of all websites with respect to these practices. These links are provided for your general information and education only, and should NOT be relied upon for personal diagnosis or treatment. If you have questions, please contact your clinician.

Information We Collect

Information You Provide Us Directly

Sutter may collect certain information from you, such as your name, address, phone number, email address, or other demographic information when you request additional information, search and apply for a job with Sutter, fill out a contact form, submit feedback to Sutter, attend a Sutter event, or otherwise engage with us. We may retain any messages you send us through the Sites pursuant to our retention policies. We use this information to operate, maintain, and provide you a superior website user experience as well as provide you information about Sutter.

If you apply for employment at Sutter, you may choose to provide information about yourself as well as information regarding your education, employment history, demographic/equal employment opportunity data, educational history, degrees, certifications, credentials, references, locations, and other information included in your resume and in the application for employment that you submit.

Information We May Receive From Third Parties

We also may collect information regarding how you interact with our Sites and other websites, such as Sutter pages and content on social media platforms. For example, if you “like” a photo on one of our social media sites, we may collect information related to that interaction. In some cases, we may receive information about you from third parties. Sutter may receive information about you that you directly provided to a third party. For instance, Sutter may use a third party to manage event registrations. The third party would provide Sutter registrants’ data to facilitate the event.

Analytics Information

Sutter uses website analytics to provide you the best possible experience with our web platforms, Sites and offerings.  For example, when we send you emails, we may use technologies to determine whether the email has been opened and whether the links contained in it have been clicked on. We may combine this data with other information collected to measure your interest in Sutter, improve our offerings to audiences, or our marketing campaigns, as well as tailor our interactions with you.

Some of our Sites may use website analytics vendors to better understand usage of our Sites or for offerings to audiences or general marketing campaigns. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving our Sites and offerings. 

Opt out options are provided on Sutter’s Cookies Preferences page and Privacy Request Form.

Cookies

Sutter may place Internet "cookies" on the computer or other devices used by visitors to our Sites. Cookies are small text files that contain small amounts of information and are downloaded to your device.  Cookies help us and/or the third parties who provide such cookies obtain information about your use of our Sites and assist us in our offerings. Sutter uses two types of cookies: "session" cookies and "persistent" cookies.

A session cookie is temporary and expires after you end a session and close a Web browser. We may use session cookies to help customize visitors' experiences on our Sites, maintain a signed-on status while exploring the Sites, and track which Web pages visitors view on our Sites.

On the other hand, persistent cookies remain on your hard drive. For instance, we use a persistent cookie when we ask you to agree to the use of an educational resource so that when you return to that resource later, you do not need to go through the agreement page again.

We use cookies to help us tailor our Sites to our users and in our offerings or for marketing. Some features of our Sites may not work as intended if you decline to allow cookies or deactivate cookies. For instructions on how to remove existing cookies from your hard drive and/or block cookies from all websites, go to your browser's Web site for detailed instructions. Additionally, Sutter has a webpage for you to opt-in or out of the use of certain cookies by Sutter going forward. You may visit this website at sutterhealth.org/privacy/cookie-preference.

In addition, further information regarding cookies may be available from your Internet service provider, operating system, or browser provider. Please review how to delete and remove existing cookies and block future cookies from your device, as well as making your opt-in or opt-out election with regard to future use of certain cookies by Sutter.

Log File Information

Log file information is sent automatically to Sutter by your browser each time you visit our Sites.  This is not dependent on the presence or use of cookies and is unaffected by your opt-in or opt-out election concerning cookies.  These logs may contain information such as the Internet domain from which you access our Sites; the date and time you visited our Sites; the areas of our Sites that you viewed; your computer's IP address that is automatically assigned when you log onto the Internet; the type of browser and operating system you use; and the address of the Web site you came from, if any.

Sutter uses log file information to help us design our Sites; identify popular features; resolve user, hardware and software problems; and make the Sites more useful to patients and other visitors.

Web Beacon

A web beacon is a small image file on a web page that may be used to collect certain information from your device. This information may include IP address, time of access, browser, and identification of cookies. Sutter, or its vendors, may utilize web beacons to track visitor statistics and manage cookies.

In some of our newsletters or other email communications, we may track recipient actions with the email. This may include opening the email or clicking a link included in the email. This is used to monitor user engagement with our communications.

Location Data

Sutter may utilize a feature that, when you access the Sites by or through a mobile device or through your browser, accesses, collects, monitors and/or remotely stores “location data,” and may include GPS coordinates (longitude and latitude) or similar information regarding the location of your device. This data may be used to convey information about how you browse and use the Sites, as well as provide you personalized information based on that location data (such as the closest Sutter location to you). You may opt-in or opt-out of sharing location data from your computer by clicking the location icon on the top left of the Site.

Use and Disclosure of Information

We may use your information:

  • To contact you (for example, sending you a newsletter or other informational materials, offers, announcements, or surveys);
  • To manage business relationships, employment lifecycle, or other employee-data purposes;
  • To communicate with you about our services, products, and Sites, including to follow up on requests or questions that you may submit;
  • To send you emails or text messages regarding upcoming events, newsletters, etc. (if you do not wish to receive these communications, you may opt out using the “unsubscribe” link in the email or replying “STOP” for text message);
  • To provide marketing and advertising communications;
  • To maintain our philanthropic endeavors and programs;
  • To track and analyze use of our Sites;
  • To prevent, detect, and investigate misuse, fraud, and illegal activities;
  • To enhance and maintain our Sites, services, and products;
  • To complete a transaction;
  • To administer surveys or contests, as applicable;
  • For any lawful, legitimate business purpose; and
  • As otherwise necessary to perform the services Sutter Health provides.

We may disclose your information:

  • With our service providers who perform certain services or functions on our behalf (for example, we may share your information with a hosting service provider who hosts one of our Sites that you have visited, or with a benefits administrator for employment benefit purposes);
  • In the event of a change in ownership or control, such as a sale or merger (in the event of a sale or merger, we would request the new entity adhere to this Policy, however, we may not have control over the new entity's privacy practices); in accordance with your consent or direction, as permitted by law;
  • As required to comply with applicable laws and legal process, including law enforcement requests;
  • To investigate and defend our and others’ rights and property (including intellectual property rights); and
  • To protect the personal safety of us and others.

If you use our Sites from outside the United States, you consent to the transfer of your information to the United States, and the use and disclosure of your information as permitted under United States laws.

We may combine information collected through different Sites or portions of Sites. In the event we combine personal information collected through our Sites with your personal health information, we will use and disclose such combined information as described in our Notice of Privacy Practices, which relates to our collection, use, and disclosure of medical information.

Security Measures

Protecting your information is a top priority at Sutter. In addition to applying confidentiality policies that govern access and use of information by Sutter clinicians and staff, we have implemented physical, administrative, and technical security features and methods designed to safeguard your data in our information systems, including the use of, as appropriate, encryption, firewalls, monitoring, access controls, and other controls where appropriate. While we take reasonable steps to protect your information, we cannot guarantee the security of all systems against any potential incident. If we ever learn of a breach of your information, then we will notify you in accordance with applicable law.

Protecting Your Username and Password

It is extremely important that you keep any of your usernames and passwords for Sutter Sites completely confidential. Anyone with access to your username and password will be able to assume your online identity and view your information. It is your responsibility to prevent disclosure of your usernames and passwords and to change your usernames and passwords if you feel that their security has been compromised. 

Please note that no one from Sutter will ever ask you for your passwords.

Information of California Residents

The California Consumer Privacy Act (“CCPA”) grants California residents certain additional privacy rights. The CCPA does not encompass “protected health information” that is governed by HIPAA or “medical information” that is governed by the California Confidentiality of Medical Information Act. Accordingly, our HIPAA Notice of Privacy Practices generally will govern HIPAA protected health information. This section, in contrast, will cover information on California residents who are employees, who visit the Sites but are not identifiable as patients, and information on California residents that Sutter otherwise creates or receives but that is not subject to HIPAA or the California Confidentiality of Medical Information Act. This section applies to both information that Sutter collects through the Sites and information it creates or receives offline, including hard copy information.

Information of California Residents that We Collect, How We Use It, and Who We May Share it With

The following lists the categories of information we collect about California residents, describes how we use the information, and lists the categories of third-parties with whom information has been shared with during the previous twelve months.

Category of Personal Information Category of Source of Personal Information Business Purpose for Which the Information Will be Used Categories of Third Parties with Whom the Information May be Sold, Shared or Disclosed Personal Information Sold or Shared Personal Information Disclosed to Third Parties and Purpose
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, signature, physical characteristics or description, telephone number, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number or other similar identifiers. Consumer, Service Providers Used for marketing communication purposes.

Used for philanthropic communications and recording keeping.

Used for account maintenance in accounts created for apps.

Used for legal and regulatory obligations.

Used to perform employment contracts.

Used for compliance, auditing, and quality assurance purposes.

Used for employment and business functions.
Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, legal, compliance, employment management, information technology, payment, quality assurance, document exchange, auditing, managed services, financial, feedback and security services. No. For data analysis, customer experience, marketing, compliance, investigations, communications, delivery of goods, troubleshooting, recording-keeping payment processing.
Biometric information Consumer Used for post offer, pre-placement assessments.

Used for legal and regulatory obligations.

Used to perform employment contracts.

Used for a limited number of positions that required fingerprinting upon hire and verification on a recurring basis.
Employment management and security services. No. For employment contracts.
Professional or Employment Consumer, Service Providers, third parties Used for evaluation for evaluation of candidates for employment. 

Used for management of employment relationship and operations, administration of employee payroll, tax, benefit, accommodation, leave-of-absence, workers’ compensation, and similar programs, and maintaining compliance with applicable laws and employment-related requirements.

Used for identification of business represented by an individual, including title and role with that business or organization.

Used for legal and regulatory obligations.

Used to perform employment contracts.
Employment management, security services, transaction completion, due diligence, legal. No. For data analysis, customer experience, marketing, compliance, investigations, communications, recording-keeping.
Characteristics of Protected Classifications Consumer Used for Equal Opportunity reporting to government in compliance with regulations.

Used for legal and regulatory obligations.

Used to perform employment contracts.
Government entities, legal, compliance, employment management. No. For government and employment management purposes.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. Consumer, Service providers Used for cookies and other web technologies to assist with navigation, improve our products and services, assist with marketing efforts, and provide content from third parties.

Used for administering compliance with policies governing appropriate use of Sutter technology and equipment.

Used for legal and regulatory obligations.

Used to perform employment contracts.
Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks,  legal, compliance, employment management, information technology, payment, quality assurance, document exchange, auditing, managed services, financial, feedback and security services. No. For data analysis, customer experience, marketing, compliance, investigations, communications, delivery of goods, troubleshooting.
Education Information Consumer, Service Providers Used for monitoring compliance with regulatory requirements and evaluating candidates for jobs.

Used for legal and regulatory obligations.

Used to perform employment contracts.
Government entities, legal, compliance, employment management. No. For government and employment management purposes.
Geolocation Data Consumer, Electronic Devices, Browsers Used to provide customized content based on location from a device.

Used within premises for integrating with call light response systems, hand hygiene systems, and personal duress button safety response measures.
Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks. No. For marketing purposes and quality assurance.
Audio, electronic, visual, or similar information. Consumer, Service Providers Used to provide internal security services and customer service interactions and or advertising and marketing. Advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks. No. For marketing and quality assurance purposes.
Sensitive Personal Information Consumer, Service Providers Used for legal and regulatory obligations.

Used to perform employment contracts.

Used for identity verification purposes.

Used for transaction completion purposes.
Government entities. No. For compliance obligations and employment management purposes.

Rights Regarding Your Personal Information

The following are the rights provided to California residents under the CCPA.

  • Right to Access Information
    • Sutter, upon receipt of a verifiable request, will provide the requestor the pieces of information that it holds about the individual. If Sutter cannot verify the individual, Sutter will provide the requestor a list of categories of the pieces of information Sutter has collected about the individual.
  • Right to Delete Information
    • Sutter, upon receipt of a verifiable request, will delete the information it holds about the individual unless an exception under the CCPA applies.
  • Right to Opt out of the Sale of Information
    • An individual may request that Sutter health not sell or share their personal information.
      • NOTE: Under CCPA, the definition of “sale” is very broad. Sutter Health does not sell personal information for financial gain. However, by using third party services, some information sharing might be considered a “sale,” under the CCPA.  The definition of “sale” under CCPA includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or third party for monetary or other valuable consideration.”
  • Right to Correct Information
    • Sutter, upon receipt of a verifiable request, will correct inaccuracies about the personal information it holds about the individual, taking into consideration the nature of the personal information and processing of the personal information.
  • Right to Limit
    • An individual may request that Sutter limit the use and disclosure of an individual’s sensitive personal information.
  • Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Right
    • You will not receive discriminatory treatment by Sutter by exercising your privacy rights conferred by the CCPA.

To exercise these CCPA rights, you may visit sutterhealth.org/privacy or call us at (855) 771-4220. For requests of access and deletion, Sutter will use the information you provide in your request to verify your identity and to identify the presence of the requestor in our systems. Information required for a request to access or delete personal information includes: Name, date of birth, email address, phone number, and address.

Consumers may elect to designate an authorized agent to make their request. For more information on authorized agents under the CCPA, please visit the California Attorney General’s website.

We will honor any legal right you may have to access such information, but fees, if permitted by law, may apply.

If you have questions about your rights related to your health information, please visit our Notice of Privacy Practices.

Retention of Your Personal Information

We retain your Personal Information only as long as necessary for the purpose for which it was collected. Sutter may retain your data until the set retention period for the data expires. In some instances, such as to comply with a legal or tax obligation, Sutter may be required to maintain your Personal Information longer.

Revisions to this Privacy and Security Policy

As state and federal laws change, and as we add new features to our Sites, Sutter may periodically revise this Policy. We will post changes to this policy on our Sites. Your continued use of our Sites following the posting of changes will mean you accept those changes.

Questions, Concerns and Contact Information

For questions about our privacy practices, please contact us at shpi@sutterhealth.org or (855) 771-4220.

Review Date: 12/29/2022

Effective Date: 1/1/2023

The Sutter Health Network of Care
Expertise to fit your needs
Primary Care

Check-ups, screenings and sick visits for adults and children.

Specialty Care

Expertise and advanced technologies in all areas of medicine.

Emergency Care

For serious accidents, injuries and conditions that require immediate medical care.

Urgent Care

After-hours, weekend and holiday services.

Walk-In Care

Convenient walk-in care clinics for your non-urgent health needs.

  • Contact Us
  • Find Doctors
  • Find Locations
  • Request Medical Records
  • Make a Gift
Sign in to My Health Online

Billing and Insurance

  • Pay a Bill
  • Accepted Health Plans
  • Estimate Costs
  • Medicare Advantage

About Sutter

  • About Our Network
  • Community Benefit
  • Annual Report
  • News

Our Team

  • For Employees
  • For Medical Professionals
  • For Vendors
  • For Volunteers

Careers

  • Jobs at Sutter
  • Physician Jobs
  • Graduate Medical Education

Copyright © 2023 Sutter Health. All rights reserved. Sutter Health is a registered trademark of Sutter Health ®, Reg. U.S. Patent & Trademark office.

  • ADA Accessibility
  • Privacy
  • Do Not Sell My Personal Information
  • LinkedIn Opens new window
  • YouTube Opens new window
  • Facebook Opens new window
  • Twitter Opens new window
  • Instagram Opens new window
  • Glassdoor Opens new window

Cookie Policy

We use cookies to give you the best possible user experience. By continuing to use the site, you agree to the use of cookies. Privacy Policy Cookie Preferences

Privacy Policy Cookie Preferences