The UCSF-John Muir Health Jean and Ken Hofmann Cancer Center at the Behring Pavilion is now open. LEARN MORE >
We take seriously our obligations to safeguard and protect your personal information.
John Muir Health is a not-for-profit integrated healthcare system that includes hospital and other inpatient and outpatient services.
This mobile device application (hereafter, the “App”), including all of its content, look and feel, databases, domain name (collectively the "Service") is provided to you by John Muir Health, a California non-profit public benefit corporation, on behalf of itself and its hospitals, research institutes, clinics, outreach programs, wellness education programs, and home health agencies, all of which are hereinafter collectively referred to as "John Muir Health," "we", "us," or similar terms. "You" or "your" or similar terms refer to you as a user of our Service.
THIS PRIVACY POLICY IS BOTH AN AGREEMENT ENTERED INTO BY YOU AND JOHN MUIR HEALTH, AND ALSO THE POLICY OF JOHN MUIR HEALTH IN MAKING THE SERVICE (AS DEFINED BELOW) AVAILABLE TO YOU.
Our Promise to You.
This App is designed to allow you to manually or automatically upload your health data to the platform and to share it remotely with your healthcare providers. The App also offers the option to interact with other patients via a social network (the “Social Circle”). Your participation in the Social Circle is purely optional and voluntary, and you may terminate your participation at any time.
We are providing this Privacy Policy to inform you of our policies and procedures regarding the collection, use, and disclosure of the information that we collect and receive from users of the Service at and through the App.
This Privacy Policy applies only to information that you provide to us through the Service, as well as to information that you authorize other individuals – such as your physician or a family member – to provide to us through the Service. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Service (the "Terms").
By accepting using the Service, you (a) expressly consent to our collection, use, and disclosure of your Personal Information (as defined below) in accordance with this Privacy Policy, and (b) expressly acknowledge that you have read and understood our Notice of Privacy Practices, which provides important information to you about how we may use and disclose health information about you as a patient of John Muir Health. Our Notice of Privacy Practices is available on our website.
As used in this Privacy Policy, the terms "using" and "processing" information include using cookies on a computer, subjecting the information to statistical or other analysis, and using or handling information in any way, including, without limitation, collecting, storing, evaluating, modifying, deleting, using, combining, disclosing, and transferring information within our organization or among our affiliates within the United States or internationally.
Collection and Use of Information – In General.
When using our Service, we may ask you for certain personally identifiable information. This refers to information about you that can be used to contact or identify you, and information on your use or potential use of the Service and related services (collectively, "Personal Information"). Personal Information that we might collect would include things like your name, phone number, credit card or other billing information, your email address and the email address of your contacts, home and business postal addresses, website URLs, certain health information, and any other information or data that you provide when using the Service.
The main reason we collect Personal Information from you is to provide you a safe, smooth, efficient, and customized user experience. You always have the option not to provide some, or any, Personal Information by either choosing not to become a registered user of the Service, or else by skipping the particular feature of the Service for which the Personal Information is being collected. You can use some parts of the Service anonymously, but once you become a registered user of the Service, we will ask you to provide Personal Information, such as:
You are under no obligation to provide us with this Personal Information. We use your Personal Information to provide the Service and administer your inquiries. You may change or delete any information that you provide. Please see "Changing or Deleting Your Information" below for further information.
How We Use Your Non-Medical Personal Information.
Some of the Personal Information we collect from you is unrelated to your receipt of healthcare-related information through the Service. We use such non-medical Personal Information to provide, administer, and improve the Service, including to:
If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or select the appropriate option in your user profile. (See "Changing or Deleting Your Information," below.)
How We Use Your Medical Personal Information (PHI).
We are dedicated to maintaining the privacy and integrity of your protected health information ("PHI"). PHI is information about you that may be used to identify you (such as your name, social security number, or address), that is created or received by a health care provider or health plan, and that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care. In providing the Service, we may receive and create records containing your PHI. We are required by law to maintain the privacy and confidentiality of your PHI, and we operate the Service consistent with applicable federal and state laws governing patient information privacy and security.
This Privacy Policy describes how we protect your privacy as a general user of the Service, not as a patient receiving medical care from John Muir Health personnel or facilities. If you are a patient receiving medical care from John Muir Health, you have other rights with respect to the access, use, and disclosure of PHI. For a more complete description of a patient's rights under HIPAA, please refer to our Notice of Privacy Practices, which provides important information to you about how we may use and disclose your PHI. Our Notice of Privacy Practices is available here.
If you access this service using a user name and password, note that you are solely responsible for keeping those pieces of information strictly confidential.
Social Circle Information
As noted above, your participation in the Social Circle is purely optional and voluntary, and you may terminate your participation at any time. You acknowledge and agree that:
Log Data.
When you visit the Service, our servers automatically record information that your mobile device sends whenever you visit the App ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, mobile device type, pages of our App and the Service that you visit, the time spent on those pages, information you search for on our Service, access times and dates, and other statistics. We use this information to monitor and analyze use of the Service (including to detect error, fraud and criminal activity) and for the Service's technical administration, to increase our Service's functionality and user-friendliness, and to better tailor it to our visitors' needs. For example, some of this information is collected so that when you visit the Service again, it will recognize you and serve information appropriate to your interests. We also use this information to verify that visitors to the Service meet the criteria required to process their requests.
Emails.
We may use a third-party vendor to help us manage some of our email communications with you. While we may supply this vendor with email addresses of those we wish them to contact, your email address is never used for any purpose other than to communicate with you on our behalf. When you click on a link in an email, you may temporarily be redirected through one of the vendor's servers (although this process will be invisible to you) which will register that you have clicked on that link, and have visited our Service. We never share any information about you, other than your email address, with our third-party email vendor, which does not share these email addresses with anyone else. Even if you have given us permission to send emails to you, you may revoke that permission at any time by sending an email to lori.turner@johnmuirhealth.com. Please note that it may take up to ten (10) business days to remove you from our distribution list.
Evaluation and Research.
We may periodically ask users to complete surveys asking about their experiences with features of the Service. Our surveys ask visitors for demographic information such as age, gender, and education, but we will not request in such surveys that users provide specific information about any medical condition. We use survey information for research and quality improvement purposes, including helping John Muir Health to improve information and services offered through the Service. In addition, users giving feedback who agree to permit us to contact them with further questions may be individually contacted for follow-up due to concerns raised during the course of such evaluation. Demographic information and log data may be stored for future research and evaluation.
Messages and Transactions.
Comments or questions sent to us using email or secure messaging forms will be shared with our staff and health professionals who are most able to address your concerns. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response. However, other than as described below, these communications will not become part of your medical record or a designated record set unless and until, in each instance, you are seen and examined in person by a John Muir Health healthcare professional.
When you use a service on the secure section of the Service to interact directly with John Muir Health staff and health professionals, some information you provide may be documented in your medical record, and available for their use to guide your treatment as a patient.
Information Sharing and Disclosure.
We will not rent, sell, or share Personal Information about you with other people or non-affiliated companies except to provide the Service, when we otherwise have your permission, or under the following circumstances:
Aggregate Information and Non-Identifying Information. We may share aggregated information that does not include Personal Information and we may otherwise disclose non-identifying Information and Log Data with third parties for industry analysis, demographic profiling, and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.
Service Providers. We may employ third-party companies and individuals to process your payments, facilitate our Service, to provide the Service on our behalf, to perform Service-related services (including, without limitation, maintenance services, database management, web analytics and improvement of the Service's features), or to assist us in analyzing how our Service is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Business Partners and Other Trusted Entities. To the extent permitted by applicable laws, we may also provide Personal Information to our business partners or other trusted entities for the purpose of providing you with information on goods or services we believe will be of interest to you. You can, at any time, opt out of receiving such communications by setting the appropriate option in your user profile or by contacting us as described below.
Compliance with Laws and Law Enforcement. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of John Muir Health or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
Business Transfers. We may sell, transfer or otherwise share some or all of our assets to a third party in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy. In such event, your Personal Information may be transferred to that third party.
Changing or Deleting Your Information.
All registered users may review, update, correct or delete the Personal Information in their registration profile by contacting us at lori.turner@johnmuirhealth.com or by making the appropriate modifications in your user account preferences. If you completely delete all such information, then your account may become deactivated. If you would like us to remove your records from our system, please contact us and we will attempt to accommodate your request if we do not have any legal obligation to retain the records.
Security.
We employ administrative, physical, and technical measures designed to safeguard and protect information under our control from unauthorized access, use, and disclosure. These measures include encrypting your communications by utilizing Secure Sockets Layer ("SSL") software, and using a secured messaging service when we send your Personal Information electronically. In addition, when we collect, maintain, access, use, or disclose your Personal Information, we will do so using systems and processes consistent with information privacy and security requirements under applicable federal and state laws, including, without limitation, HIPAA. All electronic PHI will be encrypted when we store it or transmit it, and we will use secure servers that we will back up daily.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your Personal Information, including, without limitation, breaches of your unencrypted electronically stored "personal information" or "medical information" (as defined in applicable state laws on security breach notification). To the extent permitted by applicable laws, we will make such disclosures to you via email or conspicuous posting on the Service in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Service by Internet or email cannot be guaranteed. At your discretion, you may contact us at the mailing address listed at the end of this document. In addition, if you have privacy or data security related questions, please feel free to contact the office identified at the end of this document.
Our Employees.
Every one of our employees, contractors, and consultants whose job might allow them to come into contact with your Personal Information has completed HIPAA training and job-specific training on how to protect and respect your Personal Information, including your PHI. We have clear policies in place in the event of a privacy or security concern regarding your Personal Information, so we can react quickly and resolve the issue appropriately. We will limit access to your Personal Information to personnel who have a need to know it for purposes of delivering our Service. All of our personnel must comply with our restrictions on access, use, and disclosure of PHI or face disciplinary action, up to and including termination.
International Transfer.
Your information may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, we may transfer your Personal Information to the United States and process it there. Your submission of such information represents your agreement to that transfer.
Links to Other Sites.
We may offer you the opportunity to access third-party content, services, or products by linking to a third party's website. If you choose to visit an advertiser by "clicking on" a banner ad or other type of advertisement, or click on another third party link, you will be directed to that third party's website. The fact that we may link to a website or present a banner ad or other type of advertisement is not an endorsement, authorization, or representation of any affiliation by us with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other services follow different rules regarding the use or disclosure of the Personal Information you submit to them. Our Privacy Policy only applies to the Service and we are not responsible for the privacy practices or the content of other websites. You should check the privacy policies of those sites before providing your Personal Information to them.
Children.
In accordance with the Federal Children's Online Privacy Protection Act of 1998 ("COPPA"), John Muir Health will never knowingly request personally identifiable information from anyone under the age of 13 without verified parental consent. When we do receive information (with verified parental consent) from users under the age of 13, we will not share their personally identifiable information with third parties, regardless of their stated preference given at registration. If we become aware that a user of the Service is under the age of 13 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.
Agreement and Changes.
By using the Service, you agree to the current Privacy Policy and our Terms, into which this Privacy Policy is incorporated. We reserve the right, in our sole discretion, to modify, discontinue, or terminate the Service or to modify this Privacy Policy at any time. If we modify this Privacy Policy, we will notify you of such changes by posting them on the Service or providing you with notice of the modification if you have provided your contact information by registering for an account with us. We will also indicate when such terms are effective below. By continuing to access or use the Service after we have posted a modification or have provided you with notice of a modification, you are indicating that you agree to be bound by the modified Privacy Policy. If the modified Privacy Policy is not acceptable to you, your only recourse is to cease using the Service.
Contacting Us.
We encourage you to contact us if you have any questions concerning our Privacy Policy or if you have any questions or concerns about our access, use, or disclosure of your Personal Information. You may write us at John Muir Health, 1400 Treat Boulevard, Walnut Creek, CA 94597, Attention: Compliance. You can also reach us for help by emailing us at lori.turner@johnmuirhealth.com.
Last Revised: July 1, 2016