We take seriously our obligations to safeguard and protect your personal information.
John Muir Health is a not-for-profit integrated healthcare system that includes hospital and other inpatient and outpatient services. John Muir Health is committed to providing patients and users of this Service with authoritative and reliable health information.
This website, including all of its content, look and feel, databases, domain name (collectively the "Service", as defined more fully in our Terms) is owned and maintained by or for John Muir Health, a California non-profit public benefit corporation, on behalf of itself and its hospitals, research institutes, clinics, outreach programs, wellness education programs, and home health agencies, all of which are hereinafter collectively referred to as "John Muir Health," "we", "us," or similar terms. "You" or "your" or similar terms refer to you as a user of our Service.
- Our Promise to You.
The John Muir Health website, www.johnmuirhealth.com (the "Site") is designed to provide useful information about our organization and to connect users with physicians, facilities, services and employment opportunities within John Muir Health.
- Collection and Use of Information – In General.
When using our Service, we may ask you for certain personally identifiable information. This refers to information about you that can be used to contact or identify you, and information on your use or potential use of the Service and related services (collectively, "Personal Information"). Personal Information that we might collect would include things like your name, phone number, credit card or other billing information, your email address and the email address of your contacts, home and business postal addresses, website URLs, certain health information, and any other information or data that you provide when using the Service.
The main reason we collect Personal Information from you is to provide you a safe, smooth, efficient, and customized user experience. You always have the option not to provide some, or any, Personal Information by either choosing not to become a registered user of the Service, or else by skipping the particular feature of the Service for which the Personal Information is being collected. You can use some parts of the Service anonymously, but once you become a registered user of the Service, we will ask you to provide Personal Information, such as:
- Various contact and identity information (e.g., mailing address and phone number)
- Health insurance information (e.g., policy/group number)
- Health information (e.g., date of birth, past medical history, allergies)
- Other personal information as indicated (our forms indicate what information is required, and what information is optional)
- How We Use Your Non-Medical Personal Information.
Some of the Personal Information we collect from you is unrelated to your receipt of healthcare-related information through the Service. We use such non-medical Personal Information to provide, administer, and improve the Service, including to:
- Enable users to easily navigate the Service
- Resolve service problems
- Troubleshoot technical problems
- Better understand users' needs and interests
- Personalize your experience
- Detect and protect us against error, fraud, and other criminal activity
- Enforce our Terms
- Provide you with system or administrative messages, and as otherwise described to you at the time of collection
- How We Use Your Medical Personal Information (PHI).
We are dedicated to maintaining the privacy and integrity of your protected health information ("PHI"). PHI is information about you that may be used to identify you (such as your name, social security number, or address), and that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care. In providing the Service, we may receive and create records containing your PHI. We are required by law to maintain the privacy and confidentiality of your PHI, and we operate the Service consistent with applicable federal and state laws governing patient information privacy and security.
- Log Data.
When you visit the Service, our servers automatically record information that your browser sends whenever you visit a website ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, or the webpage you were visiting before you came to our Service, pages of our website and the Service that you visit, the time spent on those pages, information you search for on our Service, access times and dates, and other statistics. We use this information to monitor and analyze use of the Service (including to detect error, fraud and criminal activity) and for the Service's technical administration, to increase our Service's functionality and user-friendliness, and to better tailor it to our visitors' needs. For example, some of this information is collected so that when you visit the Service again, it will recognize you and serve information appropriate to your interests. We also use this information to verify that visitors to the Service meet the criteria required to process their requests.
- Web Beacons.
We may also occasionally use "web beacons" (also known as "clear gifs," "web bugs," "1-pixel gifs," etc.) that allow us to collect non-personal information about your response to our email communications, and for other purposes. Web beacons are tiny images, placed on a Web page or e-mail, that can tell us if you have visited a particular area of the Service. For example, if you have given us permission to send you emails, we may send you an email urging you to use a certain feature of the Service. If you do respond to that email and use that feature, the web beacon will tell us that our email communication with you has been successful. We do not collect any PHI with a web beacon, and do not link web beacons with any other PHI you have given us. Because web beacons are used in conjunction with persistent cookies (described above), if you set your browser to decline or deactivate cookies, web beacons cannot function.
- How We Respond to "Do Not Track" Signals.
Some web browsers have "Do Not Track" or similar features that allow you to tell each website you visit that you do not want your activities on that website tracked. At present, the Site does not respond to such "Do Not Track" or similar features and consequently, the Site will continue to collect information about you even if such "Do Not Track" feature is activated. Further (and except as described in the "Emails" section below with respect to email addresses and links), third parties do not collect personally identifiable information from you while you are on the Site.
We may use a third-party vendor to help us manage some of our email communications with you. While we may supply this vendor with email addresses of those we wish them to contact, your email address is never used for any purpose other than to communicate with you on our behalf. When you click on a link in an email, you may temporarily be redirected through one of the vendor's servers (although this process will be invisible to you) which will register that you have clicked on that link, and have visited our Service. We never share any information about you, other than your email address, with our third-party email vendor, which does not share these email addresses with anyone else. Even if you have given us permission to send emails to you, you may revoke that permission at any time by sending an email to firstname.lastname@example.org. Please note that it may take up to ten (10) business days to remove you from our distribution list.
- Evaluation and Research.
We will periodically ask users to complete surveys asking about their experiences with features of the Site. Our surveys ask visitors for demographic information such as age, gender, and education, but we will not request in such surveys that users provide specific information about any medical condition. We use survey information for research and quality improvement purposes, including helping John Muir Health to improve information and services offered through the Service. In addition, users giving feedback who agree to permit us to contact them with further questions may be individually contacted for follow-up due to concerns raised during the course of such evaluation. Demographic information and web log data may be stored for future research and evaluation.
- Messages and Transactions.
Comments or questions sent to us using email or secure messaging forms will be shared with our staff and health professionals who are most able to address your concerns. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response. However, other than as described below, these communications will not become part of your medical record or a designated record set unless and until, in each instance, you are seen and examined in person by a John Muir Health healthcare professional.
When you use a service on the secure section of the Service to interact directly with John Muir Health staff and health professionals, some information you provide may be documented in your medical record, and available for their use to guide your treatment as a patient.
- Information Sharing and Disclosure.
We will not rent, sell, or share Personal Information about you with other people or non-affiliated companies except to provide the Service, when we otherwise have your permission, or under the following circumstances:
- Aggregate Information and Non-Identifying Information. We may share aggregated information that does not include Personal Information and we may otherwise disclose non-identifying Information and Log Data with third parties for industry analysis, demographic profiling, and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.
- Service Providers. We may employ third-party companies and individuals to process your payments, facilitate our Service, to provide the Service on our behalf, to perform Service-related services (including, without limitation, maintenance services, database management, web analytics and improvement of the Service's features), or to assist us in analyzing how our Service is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
- Business Partners and Other Trusted Entities. To the extent permitted by applicable laws, we may also provide Personal Information to our business partners or other trusted entities for the purpose of providing you with information on goods or services we believe will be of interest to you. You can, at any time, opt out of receiving such communications by setting the appropriate option in your user profile or by contacting us as described below.
- Compliance with Laws and Law Enforcement. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of John Muir Health or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
- Business Transfers. We may sell, transfer or otherwise share some or all of our assets to a third party in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy. In such event, your Personal Information may be transferred to that third party.
- Changing or Deleting Your Information.
All registered users may review, update, correct or delete the Personal Information in their registration profile by contacting us at email@example.com or by making the appropriate modifications in your user account preferences. If you completely delete all such information, then your account may become deactivated. If you would like us to remove your records from our system, please contact us and we will attempt to accommodate your request if we do not have any legal obligation to retain the records.
We employ administrative, physical, and technical measures designed to safeguard and protect information under our control from unauthorized access, use, and disclosure. These measures include encrypting your communications by utilizing Secure Sockets Layer ("SSL") software, and using a secured messaging service when we send your Personal Information electronically. In addition, when we collect, maintain, access, use, or disclose your Personal Information, we will do so using systems and processes consistent with information privacy and security requirements under applicable federal and state laws, including, without limitation, HIPAA. All electronic PHI will be encrypted when we store it or transmit it, and we will use secure servers that we will back up daily.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your Personal Information, including, without limitation, breaches of your unencrypted electronically stored "personal information" or "medical information" (as defined in applicable state laws on security breach notification). To the extent permitted by applicable laws, we will make such disclosures to you via email or conspicuous posting on the Service in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Service by Internet or email cannot be guaranteed. At your discretion, you may contact us at the mailing address or telephone number listed at the end of this document. In addition, if you have privacy or data security related questions, please feel free to contact the office identified at the end of this document.
- Our Employees.
Every one of our employees, contractors, and consultants whose job might allow them to come into contact with your Personal Information has completed HIPAA training and job-specific training on how to protect and respect your Personal Information, including your PHI. We have clear policies in place in the event of a privacy or security concern regarding your Personal Information, so we can react quickly and resolve the issue appropriately. We will limit access to your Personal Information to personnel who have a need to know it for purposes of delivering our Service. All of our personnel must comply with our restrictions on access, use, and disclosure of PHI or face disciplinary action, up to and including termination.
- International Transfer.
Your information may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, we may transfer your Personal Information to the United States and process it there. Your submission of such information represents your agreement to that transfer.
- Links to Other Sites.
In accordance with the Federal Children's Online Privacy Protection Act of 1998 ("COPPA"), John Muir Health will never knowingly request personally identifiable information from anyone under the age of 13 without verified parental consent. When we do receive information (with verified parental consent) from users under the age of 13, we will not share their personally identifiable information with third parties, regardless of their stated preference given at registration. If we become aware that a user of the Service is under the age of 13 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.
- Agreement and Changes.
- Contacting Us.
Last Revised: September 4, 2014