My Health Online Privacy and Security Policy

Sutter Health, or any of Sutter Health's affiliates, is committed to providing you with quality health care and fostering a relationship built on trust. This trust is built, in part, on our commitment to respect the privacy and confidentiality of your medical information. Sutter Health has put into place detailed policies and procedures regarding access to all health records by our staff and employees. We have also carefully outlined the circumstances under which your medical information may be released to parties outside the organization in compliance with state and federal laws.

Web Site Visitor Tracking

Visitor Tracking Software — Sutter Health keeps track of visits to our Web site via an automatic monitoring program that tells us, among other things, how many visits are made to the site; the time of day and date of those visits; and which areas of the Web site individuals visited. The monitoring program does not provide us with any personal information about a visitor. We cannot discern your name or physical address or other personal information about you. This information is used to evaluate the effectiveness of our site.

Web Logs — The visitor tracking software gathers information from standard Web logs and stores it on servers at Sutter Health. These logs may contain the Internet domain from which you access the site; the date and time you visited our site; the areas of our site that you viewed; your computer's IP address that is automatically assigned when you log onto the Internet; the type of browser and operating system you use; and the address of the Web site you linked from, if any. All Web logs are stored securely and may only be accessed by Sutter Health employees or designees on a professional need-to-know basis for a specific purpose. Sutter Health uses Web log information to help us design our Web site; identify popular features; resolve user, hardware and software problems; and make the site more useful to patients and other visitors.

Internet Cookies — Sutter Health may place Internet "cookies" on the computer hard drives of visitors to our Web site. Cookies help us obtain information about your use of our Web site; they do not contain information about you or your health history. Sutter Health uses two types of cookies: "session" cookies and "persistent" cookies.

A session cookie is temporary and expires after you end a session and close a Web browser. We may use session cookies to help customize visitors' experiences on our site, maintain a signed-on status while exploring the site and track which Web pages visitors view on our site.

On the other hand, persistent cookies remain on your hard drive. For instance, we use a persistent cookie when we ask you to agree to the use of the Multum Drug Guide so that when you return to the guide, you do not need to go through the agreement page again. Persistent cookies will not contain any personal information about you.

You may not be able to use or view some features of Sutter Health's Web site if you decline or deactivate Internet cookies. For instructions on how to remove cookies from your hard drive, go to your browser's Web site for detailed instructions. In addition, further information regarding cookies may be available from your Internet service provider.

Collecting and Using Personal Information

Sutter Health collects identifiable information about individuals who visit our Web sites in the following ways:

E-mails — Sutter Health uses a third-party vendor to manage and send e-mails to our patients and others who have requested to be put on our distribution lists. Sutter Health stores these e-mail addresses. This address is never used for any other purpose than to communicate with you. We do not link your e-mail address to any other personal health information you've given us. Sutter Health never shares any information, other than your e-mail address, with the vendor, who is not allowed to share your e-mail address with anyone else. This tracking provides us with information on the usefulness of our communications.

Messages — Sutter Health Web sites contain forms for comments, questions and referrals to certain services. These forms make use of technology to send e-mails to certain Sutter Health staff members who are able to address your needs. These forms should not, however, be used to transmit personal health information or to seek diagnosis for a personal condition. We are not able to respond via e-mail to such inquires.

Third-Party Vendors

Sutter Health may contract with third-party vendors to assist in the delivery of service and/or storage of your record, including your User ID, Password, or Email Address. These third parties have contracted with us to only use your personal data for the agreed upon purpose, and not to sell, use or disclose your information, except as may be required by law. A third-party vendor will be governed by its own privacy statements, and Sutter Health is not liable for any breach or loss of information by a contracted vendor.

Your Online Health Record

Accessing Your Online Health Record through My Health Online — We request a limited set of identifying information from you in order to grant you access to the Web site and to customize your experience. We will not disclose any personal information that might identify you, such as your full name, street address, telephone number, credit card number or e-mail address to any third party other than as allowed or required by state and/or federal regulations.

Electronic Interactions — My Health Online offers our patients secure, encrypted, Web-based electronic interactions. Recording of electronic interaction by patients is prohibited. Messages and attachments you send via your online account or images captured via video interaction with your clinician may be incorporated in your permanent health record. Once a message, attachment or image capture is made part of your record, it will be accessible to current and future Sutter Health staff members who are involved in your care. If your Sutter Health clinician is out of the office or unavailable to respond, messages sent may be routed to other authorized clinicians within Sutter Health in order to facilitate a timely response to your request or question. While you may receive Internet e-mail messages notifying you of new messages in your account Inbox, these e-mails will not contain any personal health information.

Protecting your username and password — It is extremely important that you keep your Login ID and password completely confidential. Anyone with access to your Login ID and password will be able to assume your Login IDentity and view your medical information, add comments to your record, and communicate with your Sutter Health health care team. It is your responsibility to prevent disclosure of your Login ID and password and to change your Login ID and password if you feel that their security has been compromised. You can change your password by logging into your account and clicking the "Password Settings" link in the "Profile" section of the top menu. If you have any questions regarding the security of your password, please call our patient services department at 1-866-978-8837.

Contents of Electronic Messages — It is always best for you and your clinician to agree on the type of electronic communication that is most appropriate in your particular case. Using electronic communication for solicitation purposes is prohibited. All Sutter Health-generated EHR content is subject to state and federal statutes governing the security and confidentiality of health records. Surveys You may occasionally be asked to complete patient surveys. Sutter Health may analyze information submitted via your account as part of descriptive (demographic) studies and reports. In such cases, all patient-identifying information will be removed.

Review & Purpose of Health Content

Content Created by Individual Health Care Professionals at Sutter Health — Our site does contain content that has been created or written by individual health care professionals at Sutter Health, including answers to frequently asked questions, blogs, other written material or content of streaming audio lectures. This content is the opinion of the author(s) and not necessarily that of your clinician, Sutter Health or any Sutter Health affiliate. This information is provided for your general information and education only, and should not be relied upon for personal diagnosis or treatment.

Purpose of Health Content — All health-related information provided via Sutter Health's Web Site is intended to educate and inform visitors about illnesses, conditions and ways to maintain optimum health. While we try to keep the information as accurate as possible, we disclaim any implied warranty or representation about its accuracy or completeness. The reader assumes full responsibility for using the information on this site. Sutter Health is neither responsible nor liable for any claim, loss or damage resulting from the use of information on this site. Information on Sutter Health's Web Site is not intended to diagnose personal physical conditions and is not a substitute for consultation with one's own personal clinician or in lieu of seeking emergency services.

Links to Outside Web Sites — Sutter Health's Web site has numerous links to outside Internet pages, which might have information on health topics of interest to you. Sutter Health, however, does not sponsor or endorse any of these sites, nor does Sutter Health make any guarantee, warranty or representation regarding the accuracy of the information contained on the Web sites. In addition, Sutter Health has no control over the privacy or security practices of external Web sites. The user should read and understand the policies of all Web sites with respect to these practices. These links are provided for your general information and education only, and should NOT be relied upon for personal diagnosis or treatment. If you have questions, please contact your clinician.

MedlinePlus — Sutter Health's Web site contains third-party health information and educational material provided by MedlinePlus. To learn more about the MedlinePlus public service, please read Medline Plus’s Quality Guidelines, Medline Plus’ Disclaimers and Medline Plus’s Privacy Policy.

Security Measures

Protecting your confidential health information is a top priority at Sutter Health. In addition to applying stringent confidentiality policies that govern access and use of information by Sutter Health clinicians and staff, we have implemented security features and methods to protect your data in our information systems, including the following:

• Encryption — We use 128-bit Secure Socket Layer to encrypt the communication from your Web browser to our secure Web server.
• Dedicated Web server — The web browser pages are separate from the data. In the unlikely event that the Web server is compromised, no health information would be exposed because it is not stored on the Web server.
• No caching on the client side — We disable caching of data in the browser and force the Web pages to expire immediately. This prevents a follow-on user from viewing pages that you had previously viewed while using your account.
• Firewall — Personal health information is stored in the secure EHR, protected from the Internet by a firewall.
• Session timeout — After a period of inactivity, the logon session will time out.
• Monitoring — We monitor the Web server for evidence of unauthorized break-in attempts. We apply the latest security patches.

Revisions to this Privacy and Security Policy

As state and federal laws change, and as we add new features to our Web site, Sutter Health may periodically revise this Privacy and Security Policy. Any revision of this policy will apply to all information we already have about you at the time of the change and any personal information that is gathered about you after this time.

Questions, Concerns and Contact Information

For questions, concerns, and suggestions about the content on My Health Online, Contact Us. Note, email to us via this link is not encrypted or secure so please do not include any personal health information in your email.