Sutter Health, or any of Sutter Health's affiliates, is committed to providing you with quality health care and fostering a relationship built on trust. This trust is built, in part, on our commitment to respect the privacy and confidentiality of your medical information. Sutter Health has put into place detailed policies and procedures regarding access to all health records by our staff and employees. We have also carefully outlined the circumstances under which your medical information may be released to parties outside the organization in compliance with state and federal laws.
Web Site Visitor Tracking
Visitor Tracking Software — Sutter Health keeps track of visits to our Web site via an automatic monitoring program that tells us, among other things, how many visits are made to the site; the time of day and date of those visits; and which areas of the Web site individuals visited. The monitoring program does not provide us with any personal information about a visitor. We cannot discern your name or physical address or other personal information about you. This information is used to evaluate the effectiveness of our site.
Web Logs — The visitor tracking software gathers information from standard Web logs and stores it on servers at Sutter Health. These logs may contain the Internet domain from which you access the site; the date and time you visited our site; the areas of our site that you viewed; your computer's IP address that is automatically assigned when you log onto the Internet; the type of browser and operating system you use; and the address of the Web site you linked from, if any. All Web logs are stored securely and may only be accessed by Sutter Health employees or designees on a professional need-to-know basis for a specific purpose. Sutter Health uses Web log information to help us design our Web site; identify popular features; resolve user, hardware and software problems; and make the site more useful to patients and other visitors.
Internet Cookies — Sutter Health may place Internet "cookies" on the computer hard drives of visitors to our Web site. Cookies help us obtain information about your use of our Web site; they do not contain information about you or your health history. Sutter Health uses two types of cookies: "session" cookies and "persistent" cookies.
A session cookie is temporary and expires after you end a session and close a Web browser. We may use session cookies to help customize visitors' experiences on our site, maintain a signed-on status while exploring the site and track which Web pages visitors view on our site.
On the other hand, persistent cookies remain on your hard drive. For instance, we use a persistent cookie when we ask you to agree to the use of the Multum Drug Guide so that when you return to the guide, you do not need to go through the agreement page again. Persistent cookies will not contain any personal information about you.
You may not be able to use or view some features of Sutter Health's Web site if you decline or deactivate Internet cookies. For instructions on how to remove cookies from your hard drive, go to your browser's Web site for detailed instructions. In addition, further information regarding cookies may be available from your Internet service provider.
Collecting and Using Personal Information
My Health Online may collect identifiable information about individuals who use its services in the following ways:
E-mails — My Health Online may use your email address to send you notifications. You may change your communication preferences at any time.
Messages — My Health Online may contain forms for comments, questions, messages and referrals to certain services. Messages sent through My Health Online may become part of your medical record.
Location Services — My Health Online may use your location data to notify front desk staff when you arrive for an appointment or to suggest healthcare providers that are near you. My Health Online will not store your location data. You can always change your location preferences, including ‘background location’, within the My Health Online application under “Account Settings” or on your device. Sharing of location information is not required to use the My Health Online application.
Camera — My Health Online may use your camera to take new photos or to capture and transmit video for video visits. You choose if you want to use photos to personalize your account or send them as file attachments when you send messages to your healthcare providers.
Microphone — My Health Online may use your microphone to capture audio for video visits. My Health Online will not store your audio data.
Storage — My Health Online may access your device's storage to read and write files and photos you choose to use in My Health Online. These files and photos may be used as attachments that are sent to your provider or they may be created from attachments sent to you from your provider. These files or photos may also be used to set your profile photo in My Health Online.
Bluetooth – My Health Online may access your device's Bluetooth to detect other nearby devices. This information will be used to notify front desk staff when you arrive for an appointment. My Health Online will not store your Bluetooth data.
Phone Call – My Health Online may use your phone to call phone numbers displayed in the app. My Health Online will not store your call history or other call data.
For Android Users – Required Google Play Disclosures for Certain Health Apps
My Health Online was not created specifically for the COVID-19 pandemic. My Health Online existed before the COVID-19 pandemic to allow users to access their health information on file with Sutter Health. My Health Online and Sutter Health permits users to access COVID-19 related vaccination information, laboratory test results, and documents with illness-related information maintained by your health care organization. You may choose if or how you want to access, display, or use COVID-19 data, similar to how you use other health related information to make decisions about other conditions, services, tests, or vaccinations.
My Health Online accesses, uses and shares your information as stated in the above section titled “Collecting and Using Personal Information.”
Third-Party Vendors
Sutter Health may contract with third-party vendors to assist in the delivery of the My Health Online service. These third parties have contracted with us to only use your personal data for the agreed upon purpose, and not to sell, use or disclose your information, except as may be permitted by law. A third-party vendor will be governed by its own privacy statements, and Sutter Health is not liable for any breach or loss of information by a contracted vendor.
Your Online Health Record
Accessing Your Online Health Record through My Health Online — We request a limited set of identifying information from you for authentication purposes in order to grant you access to the Web site and to customize your experience. We will not disclose any personal information that might identify you, such as your full name, street address, telephone number, credit card number or e-mail address to any third party other than as allowed or required by state and/or federal regulations.
Electronic Interactions — My Health Online offers our patients secure, encrypted, Web- and mobile-based electronic interactions. Messages and attachments you send to your care team via your online account or images captured via video interaction with your clinician may be incorporated in your permanent health record. Once a message, attachment or image capture is made part of your record, it will be accessible to your care team. If your Sutter Health clinician is out of the office or unavailable to respond, messages you send to them may be routed to other authorized clinicians within Sutter Health in order to facilitate a timely response to your request or question. While you may receive Internet e-mail messages notifying you of new messages in your account Inbox, these e-mails will not contain any personal health information.
Protecting your username and password — It is extremely important that you keep your Login ID and password completely confidential. Anyone with access to your Login ID and password may be able to login to your account and view your medical information, add comments to your record, and communicate with your care team. It is your responsibility to prevent disclosure of your Login ID and password and to change your Login ID and password if you feel that their security has been compromised. You can change your password by logging into your account and clicking the "Password Settings" link in the "Profile" section of the top menu. If you have any questions regarding the security of your password, please call our patient services department at 1-866-978-8837.
Contents of Electronic Messages — It is always best for you and your clinician to agree on the type of electronic communication that may be most appropriate for you. Using electronic communication for solicitation purposes is prohibited. All Sutter Health-generated EHR content is subject to state and federal statutes governing the security and confidentiality of health records.
Surveys - You may occasionally be asked to complete patient surveys. Sutter Health may analyze information submitted via your account as part of descriptive (demographic) studies and reports.
Review & Purpose of Health Content
Content Created by Individual Health Care Professionals at Sutter Health — My Health Online and Sutter Health’s websites may contain content created or written by individual health care professionals at Sutter Health, including answers to frequently asked questions, blogs, other written material or content of streaming audio lectures. This content is the opinion of the author(s) and not necessarily reflect the opinion of your clinician, Sutter Health or any Sutter Health affiliate. This information is provided for your general information and education purposes only, and should not and should not be relied upon for personal diagnosis or treatment.
Purpose of Health Content — All health-related information provided via Sutter Health's Web Site is intended to educate and inform visitors about illnesses, conditions and ways to maintain optimum health. While we try to keep the information as accurate as possible, we disclaim any implied warranty or representation about its accuracy or completeness. You assume full responsibility for using the information on this site. Sutter Health is neither responsible nor liable for any claim, loss or damage resulting from the use of information on this site. Information on Sutter Health's Web Site is not intended to nor should it be used to diagnose personal physical conditions and is not a substitute for consultation with one's own personal clinician or in lieu of seeking emergency services.
Links to Outside Web Sites — Sutter Health's Web site has numerous links to outside Internet pages, which might have information on health topics of interest to you. Sutter Health, however, does not sponsor or endorse any of these sites, nor does Sutter Health make any guarantee, warranty or representation regarding the accuracy of the information contained on the Web sites. In addition, Sutter Health has no control over the privacy or security practices of external Web sites. You should read and understand the policies of all Web sites with respect to these practices. These links are provided for your general information and education only, and should not be relied upon for personal diagnosis or treatment. If you have questions, please contact your clinician.
MedlinePlus — Sutter Health's Web site contains third-party health information and educational material provided by MedlinePlus. MedlinePlus is an online information service produced by the United States National Library of Medicine. The site brings together information from the National Library of Medicine (NLM), the National Institutes of Health (NIH), other U.S. government agencies, and health-related organizations. Sutter Health does not sponsor or endorse MedlinePlus, nor does Sutter Health make any guarantee, warranty or representation regarding the accuracy of the information contained on MedlinePlus.To learn more about the MedlinePlus public service, please read Medline Plus’s Quality Guidelines, Medline Plus’ Disclaimers and Medline Plus’s Privacy Policy.
Security Measures
Protecting your confidential health information is a top priority at Sutter Health. In addition to applying stringent confidentiality policies that govern access and use of information by Sutter Health clinicians and staff, we have implemented security features and methods to protect your data in My Health Online including the following:
- Multi-factor Authentication – We enable the use of multi-factor authentication for My Health Online by default. You may choose to opt out of multi-factor authentication.
- Encryption— We encrypt the communication from your Web browser to our secure Web server.
- Firewall— Personal health information is stored in the secure EHR, protected from the Internet by a firewall.
- Policies and Procedures – We maintain internal policies and procedures that limit access, use, disclosure, and retention of your information by our workforce.
- Session timeout— After a period of inactivity, the logon session will time out.
- Monitoring— We monitor the Web server for evidence of unauthorized break-in attempts. We apply the latest security patches.
Revisions to this Privacy and Security Policy
As state and federal laws change, and as we add new features to our Web site, Sutter Health may periodically revise this Privacy and Security Policy. Any revision of this policy will apply to all information we already have about you at the time of the change and any personal information that is gathered about you after this time. Any future updates to this policy are effective as soon as they are published.
Questions, Concerns and Contact Information
For questions, concerns, and suggestions about the content on My Health Online, Contact Us. Note, email to us via this link is not encrypted or secure so please do not include any personal health information in your email.
For questions or to view Sutter Health’s Notice of Privacy Practices, please visit www.sutterhealth.org/privacy.