Privacy Policy

John Muir Health Website Privacy Policy

We take seriously our obligations to safeguard and protect your personal information.

John Muir Health is a not-for-profit integrated healthcare system that includes hospital and other inpatient and outpatient services. John Muir Health is committed to providing patients and users of this Service with authoritative and reliable health information.

This website, including all of its content, look and feel, databases, domain name (collectively the "Service", as defined more fully in our Terms) is owned and maintained by or for John Muir Health, a California non-profit public benefit corporation, on behalf of itself and its hospitals, research institutes, clinics, outreach programs, wellness education programs, and home health agencies, all of which are hereinafter collectively referred to as "John Muir Health," "we", "us," or similar terms. "You" or "your" or similar terms refer to you as a user of our Service.

THIS PRIVACY POLICY IS BOTH AN AGREEMENT ENTERED INTO BY YOU AND JOHN MUIR HEALTH, AND ALSO THE POLICY OF JOHN MUIR HEALTH IN MAKING THE SERVICE (AS DEFINED BELOW) AVAILABLE TO YOU.

  1. Our Promise to You.

    The John Muir Health website, www.johnmuirhealth.com (the "Site") is designed to provide useful information about our organization and to connect users with physicians, facilities, services and employment opportunities within John Muir Health.

    We are providing this Privacy Policy to inform you of our policies and procedures regarding the collection, use, and disclosure of the information that we collect and receive from users of the Service at and through the Site.

    This Privacy Policy applies only to information that you provide to us through the Service, as well as to information that you authorize other individuals – such as your physician or a family member – to provide to us through the Service. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Service (the "Terms").

    By accepting our Privacy Policy during registration, or by visiting and/or using the Service, you (a) expressly consent to our collection, use, and disclosure of your Personal Information (as defined below) in accordance with this Privacy Policy, and (b) expressly acknowledge that you have read and understood our Notice of Privacy Practices, which provides important information to you about how we may use and disclose health information about you as a patient of John Muir Health. Our Notice of Privacy Practices is available on our website.

    As used in this Privacy Policy, the terms "using" and "processing" information include using cookies on a computer, subjecting the information to statistical or other analysis, and using or handling information in any way, including, without limitation, collecting, storing, evaluating, modifying, deleting, using, combining, disclosing, and transferring information within our organization or among our affiliates within the United States or internationally.

  2. Collection and Use of Information – In General.

    When using our Service, we may ask you for certain personally identifiable information. This refers to information about you that can be used to contact or identify you, and information on your use or potential use of the Service and related services (collectively, "Personal Information"). Personal Information that we might collect would include things like your name, phone number, credit card or other billing information, your email address and the email address of your contacts, home and business postal addresses, website URLs, certain health information, and any other information or data that you provide when using the Service.

    The main reason we collect Personal Information from you is to provide you a safe, smooth, efficient, and customized user experience. You always have the option not to provide some, or any, Personal Information by either choosing not to become a registered user of the Service, or else by skipping the particular feature of the Service for which the Personal Information is being collected. You can use some parts of the Service anonymously, but once you become a registered user of the Service, we will ask you to provide Personal Information, such as:

    • Various contact and identity information (e.g., mailing address and phone number)
    • Health insurance information (e.g., policy/group number)
    • Health information (e.g., date of birth, past medical history, allergies)
    • Other personal information as indicated (our forms indicate what information is required, and what information is optional)
    You are under no obligation to provide us with this Personal Information. We use your Personal Information to provide the Service and administer your inquiries. You may change or delete any information that you provide. Please see "Changing or Deleting Your Information" below for further information.

  3. How We Use Your Non-Medical Personal Information.

    Some of the Personal Information we collect from you is unrelated to your receipt of healthcare-related information through the Service. We use such non-medical Personal Information to provide, administer, and improve the Service, including to:

    • Enable users to easily navigate the Service
    • Resolve service problems
    • Troubleshoot technical problems
    • Better understand users' needs and interests
    • Personalize your experience
    • Detect and protect us against error, fraud, and other criminal activity
    • Enforce our Terms
    • Provide you with system or administrative messages, and as otherwise described to you at the time of collection
    If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or select the appropriate option in your user profile. (See "Changing or Deleting Your Information," below.)

  4. How We Use Your Medical Personal Information (PHI).

    We are dedicated to maintaining the privacy and integrity of your protected health information ("PHI"). PHI is information about you that may be used to identify you (such as your name, social security number, or address), and that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care. In providing the Service, we may receive and create records containing your PHI. We are required by law to maintain the privacy and confidentiality of your PHI, and we operate the Service consistent with applicable federal and state laws governing patient information privacy and security.

    This Privacy Policy describes how we protect your privacy as a general user of the Service, not as a patient receiving medical care from John Muir Health personnel or facilities. If you are a patient receiving medical care from John Muir Health, you have other rights with respect to the access, use, and disclosure of PHI. For a more complete description of a patient's rights under HIPAA, please refer to our Notice of Privacy Practices, which provides important information to you about how we may use and disclose your PHI. Our Notice of Privacy Practices is available here.

  5. Log Data.

    When you visit the Service, our servers automatically record information that your browser sends whenever you visit a website ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, or the webpage you were visiting before you came to our Service, pages of our website and the Service that you visit, the time spent on those pages, information you search for on our Service, access times and dates, and other statistics. We use this information to monitor and analyze use of the Service (including to detect error, fraud and criminal activity) and for the Service's technical administration, to increase our Service's functionality and user-friendliness, and to better tailor it to our visitors' needs. For example, some of this information is collected so that when you visit the Service again, it will recognize you and serve information appropriate to your interests. We also use this information to verify that visitors to the Service meet the criteria required to process their requests.

  6. Cookies.

    We also use "cookies" to collect information. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes. We use cookies for two purposes. First, we utilize persistent cookies to save your registration ID and login password for future logins to the Service. Second, we utilize session ID cookies to enable certain features of the Service, to better understand how you interact with the Service and to monitor aggregate usage by users of the Service and web traffic routing on the Service. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Service and then close your browser. Third-party advertisers on the Service may also place or read cookies on your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions or all functionality of the Service.

  7. Web Beacons.

    We may also occasionally use "web beacons" (also known as "clear gifs," "web bugs," "1-pixel gifs," etc.) that allow us to collect non-personal information about your response to our email communications, and for other purposes. Web beacons are tiny images, placed on a Web page or e-mail, that can tell us if you have visited a particular area of the Service. For example, if you have given us permission to send you emails, we may send you an email urging you to use a certain feature of the Service. If you do respond to that email and use that feature, the web beacon will tell us that our email communication with you has been successful. We do not collect any PHI with a web beacon, and do not link web beacons with any other PHI you have given us. Because web beacons are used in conjunction with persistent cookies (described above), if you set your browser to decline or deactivate cookies, web beacons cannot function.

  8. How We Respond to "Do Not Track" Signals.

    Some web browsers have "Do Not Track" or similar features that allow you to tell each website you visit that you do not want your activities on that website tracked. At present, the Site does not respond to such "Do Not Track" or similar features and consequently, the Site will continue to collect information about you even if such "Do Not Track" feature is activated. Further (and except as described in the "Emails" section below with respect to email addresses and links), third parties do not collect personally identifiable information from you while you are on the Site.

  9. Emails.

    We may use a third-party vendor to help us manage some of our email communications with you. While we may supply this vendor with email addresses of those we wish them to contact, your email address is never used for any purpose other than to communicate with you on our behalf. When you click on a link in an email, you may temporarily be redirected through one of the vendor's servers (although this process will be invisible to you) which will register that you have clicked on that link, and have visited our Service. We never share any information about you, other than your email address, with our third-party email vendor, which does not share these email addresses with anyone else. Even if you have given us permission to send emails to you, you may revoke that permission at any time by sending an email to ebusiness@johnmuirhealth.com. Please note that it may take up to ten (10) business days to remove you from our distribution list.

  10. Evaluation and Research.

    We will periodically ask users to complete surveys asking about their experiences with features of the Site. Our surveys ask visitors for demographic information such as age, gender, and education, but we will not request in such surveys that users provide specific information about any medical condition. We use survey information for research and quality improvement purposes, including helping John Muir Health to improve information and services offered through the Service. In addition, users giving feedback who agree to permit us to contact them with further questions may be individually contacted for follow-up due to concerns raised during the course of such evaluation. Demographic information and web log data may be stored for future research and evaluation.

  11. Messages and Transactions.

    Comments or questions sent to us using email or secure messaging forms will be shared with our staff and health professionals who are most able to address your concerns. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response. However, other than as described below, these communications will not become part of your medical record or a designated record set unless and until, in each instance, you are seen and examined in person by a John Muir Health healthcare professional.

    When you use a service on the secure section of the Service to interact directly with John Muir Health staff and health professionals, some information you provide may be documented in your medical record, and available for their use to guide your treatment as a patient.

  12. Information Sharing and Disclosure.

    We will not rent, sell, or share Personal Information about you with other people or non-affiliated companies except to provide the Service, when we otherwise have your permission, or under the following circumstances:

    • Aggregate Information and Non-Identifying Information. We may share aggregated information that does not include Personal Information and we may otherwise disclose non-identifying Information and Log Data with third parties for industry analysis, demographic profiling, and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.
    • Service Providers. We may employ third-party companies and individuals to process your payments, facilitate our Service, to provide the Service on our behalf, to perform Service-related services (including, without limitation, maintenance services, database management, web analytics and improvement of the Service's features), or to assist us in analyzing how our Service is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
    • Business Partners and Other Trusted Entities. To the extent permitted by applicable laws, we may also provide Personal Information to our business partners or other trusted entities for the purpose of providing you with information on goods or services we believe will be of interest to you. You can, at any time, opt out of receiving such communications by setting the appropriate option in your user profile or by contacting us as described below.
    • Compliance with Laws and Law Enforcement. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of John Muir Health or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
    • Business Transfers. We may sell, transfer or otherwise share some or all of our assets to a third party in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy. In such event, your Personal Information may be transferred to that third party.
  13. Changing or Deleting Your Information.

    All registered users may review, update, correct or delete the Personal Information in their registration profile by contacting us at info@johnmuirhealth.com or by making the appropriate modifications in your user account preferences. If you completely delete all such information, then your account may become deactivated. If you would like us to remove your records from our system, please contact us and we will attempt to accommodate your request if we do not have any legal obligation to retain the records.

  14. Security.

    We employ administrative, physical, and technical measures designed to safeguard and protect information under our control from unauthorized access, use, and disclosure. These measures include encrypting your communications by utilizing Secure Sockets Layer ("SSL") software, and using a secured messaging service when we send your Personal Information electronically. In addition, when we collect, maintain, access, use, or disclose your Personal Information, we will do so using systems and processes consistent with information privacy and security requirements under applicable federal and state laws, including, without limitation, HIPAA. All electronic PHI will be encrypted when we store it or transmit it, and we will use secure servers that we will back up daily.

    We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your Personal Information, including, without limitation, breaches of your unencrypted electronically stored "personal information" or "medical information" (as defined in applicable state laws on security breach notification). To the extent permitted by applicable laws, we will make such disclosures to you via email or conspicuous posting on the Service in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

    Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Service by Internet or email cannot be guaranteed. At your discretion, you may contact us at the mailing address or telephone number listed at the end of this document. In addition, if you have privacy or data security related questions, please feel free to contact the office identified at the end of this document.

  15. Our Employees.

    Every one of our employees, contractors, and consultants whose job might allow them to come into contact with your Personal Information has completed HIPAA training and job-specific training on how to protect and respect your Personal Information, including your PHI. We have clear policies in place in the event of a privacy or security concern regarding your Personal Information, so we can react quickly and resolve the issue appropriately. We will limit access to your Personal Information to personnel who have a need to know it for purposes of delivering our Service. All of our personnel must comply with our restrictions on access, use, and disclosure of PHI or face disciplinary action, up to and including termination.

  16. International Transfer.

    Your information may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, we may transfer your Personal Information to the United States and process it there. Your submission of such information represents your agreement to that transfer.

  17. Links to Other Sites.

    We may offer you the opportunity to access third-party content, services, or products by linking to a third party's website. If you choose to visit an advertiser by "clicking on" a banner ad or other type of advertisement, or click on another third party link, you will be directed to that third party's website. The fact that we may link to a website or present a banner ad or other type of advertisement is not an endorsement, authorization, or representation of any affiliation by us with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other services follow different rules regarding the use or disclosure of the Personal Information you submit to them. Our Privacy Policy only applies to the Service and we are not responsible for the privacy practices or the content of other websites. You should check the privacy policies of those sites before providing your Personal Information to them.

  18. Children.

    In accordance with the Federal Children's Online Privacy Protection Act of 1998 ("COPPA"), John Muir Health will never knowingly request personally identifiable information from anyone under the age of 13 without verified parental consent. When we do receive information (with verified parental consent) from users under the age of 13, we will not share their personally identifiable information with third parties, regardless of their stated preference given at registration. If we become aware that a user of the Service is under the age of 13 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.

  19. Agreement and Changes.

    By using the Service, you agree to the current Privacy Policy and our Terms, into which this Privacy Policy is incorporated. We reserve the right, in our sole discretion, to modify, discontinue, or terminate the Service or to modify this Privacy Policy at any time. If we modify this Privacy Policy, we will notify you of such changes by posting them on the Service or providing you with notice of the modification if you have provided your contact information by registering for an account with us. We will also indicate when such terms are effective below. By continuing to access or use the Service after we have posted a modification or have provided you with notice of a modification, you are indicating that you agree to be bound by the modified Privacy Policy. If the modified Privacy Policy is not acceptable to you, your only recourse is to cease using the Service.

  20. Contacting Us.

    We encourage you to contact us if you have any questions concerning our Privacy Policy or if you have any questions or concerns about our access, use, or disclosure of your Personal Information. You may write us at John Muir Health, 1400 Treat Boulevard, Walnut Creek, CA 94597, Attention: Compliance, or reach us by phone at (925) 941-2005. You can also reach us for help by emailing us at info@johnmuirhealth.com.

Last Revised: September 4, 2014