Privacy Policy

Introduction and Scope

This Privacy Policy describes how MyChart Patient Portal ("we," "our," or "us") collects, uses, and protects your personal information when you use our website and services. We are committed to protecting your privacy and ensuring the security of your personal health information in accordance with applicable laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and other relevant privacy laws.

This policy applies to all users of our website, including patients, healthcare providers, and visitors. By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically to stay informed about how we protect your information.

Information We Collect

We collect various types of information to provide and improve our services, ensure security, and comply with legal obligations. The information we collect may include personal information, health information, and technical information about your use of our services.

Personal Information

Personal information includes information that can be used to identify you, such as your name, email address, phone number, date of birth, and other contact information. We collect this information when you create an account, contact us for support, or otherwise interact with our services.

Health Information

Health information includes medical records, test results, medication lists, appointment information, and other health-related data that you or your healthcare providers share through our platform. This information is protected under HIPAA and other applicable health privacy laws.

Technical Information

We automatically collect certain technical information when you use our services, including your IP address, browser type, operating system, device information, and usage patterns. This information helps us improve our services and ensure security.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and provide personalized content. You can control cookie settings through your browser preferences, though disabling certain cookies may affect the functionality of our services.

How We Use Your Information

We use the information we collect for various purposes related to providing and improving our services, ensuring security, and complying with legal obligations. We are committed to using your information responsibly and only for legitimate purposes.

Providing Our Services

We use your information to provide access to your patient portal, facilitate communication with healthcare providers, manage appointments, and deliver other healthcare-related services. This includes processing your requests, maintaining your account, and ensuring the functionality of our platform.

Communication and Support

We use your contact information to communicate with you about your account, provide customer support, send important updates about our services, and respond to your inquiries. We may also use this information to send you relevant healthcare information and educational materials.

Security and Fraud Prevention

We use your information to maintain the security of our services, detect and prevent fraud, investigate suspicious activity, and protect against unauthorized access to your account and health information. This includes monitoring login attempts, analyzing usage patterns, and implementing security measures.

Legal Compliance

We use your information to comply with applicable laws and regulations, respond to legal requests, enforce our terms of service, and protect our rights and the rights of others. This may include responding to subpoenas, court orders, and other legal processes.

Information Sharing and Disclosure

We are committed to protecting your privacy and do not sell, rent, or trade your personal information to third parties for marketing purposes. However, we may share your information in certain circumstances as described in this policy.

Healthcare Providers

We share your health information with your healthcare providers and their authorized staff to facilitate your care. This sharing is essential for providing you with access to your medical records and enabling communication with your healthcare team through our platform.

Service Providers

We may share your information with trusted third-party service providers who assist us in operating our platform, providing customer support, processing payments, and performing other essential functions. These service providers are contractually obligated to protect your information and use it only for specified purposes.

Legal Requirements

We may disclose your information when required by law, such as in response to a subpoena, court order, or other legal process. We may also disclose information to protect our rights, investigate fraud or other illegal activity, or prevent harm to you or others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, we may transfer your information to the new entity. We will notify you of any such transfer and ensure that your information continues to be protected in accordance with this Privacy Policy.

Data Security and Protection

We implement comprehensive security measures to protect your personal information and health data from unauthorized access, disclosure, alteration, and destruction. Our security practices are designed to meet or exceed industry standards and regulatory requirements.

Encryption and Technical Safeguards

We use industry-standard encryption technologies to protect your information both during transmission and while stored in our systems. This includes SSL/TLS encryption for data transmission and AES encryption for data storage. We also implement firewalls, intrusion detection systems, and other technical safeguards to protect our infrastructure.

Access Controls and Authentication

We implement strict access controls to ensure that only authorized personnel can access your information. This includes multi-factor authentication, role-based access controls, and regular access reviews. All access to your information is logged and monitored for security purposes.

Employee Training and Policies

We provide regular training to our employees on data protection, privacy practices, and security procedures. All employees are required to sign confidentiality agreements and are subject to disciplinary action for violations of our privacy and security policies.

Regular Security Assessments

We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential security risks. We also maintain incident response procedures and regularly update our security measures based on emerging threats and best practices.

Your Rights and Choices

You have certain rights regarding your personal information and how it is used. We are committed to respecting these rights and providing you with control over your information to the extent required by applicable law.

Access and Portability

You have the right to access the personal information we hold about you and request a copy of your data in a portable format. You can access much of your information directly through your patient portal account, or you can contact us to request additional information.

Correction and Updates

You have the right to request correction of inaccurate or incomplete information. You can update much of your personal information directly through your account settings, or you can contact us to request corrections to information that cannot be updated through your account.

Deletion and Account Closure

You have the right to request deletion of your personal information, subject to certain legal and contractual obligations. You can close your account through your account settings, which will remove your access to our services while maintaining certain records as required by law.

Communication Preferences

You can control how we communicate with you by updating your communication preferences in your account settings. You can opt out of certain types of communications, such as marketing emails, while maintaining essential service-related communications.

Data Retention and Disposal

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention period depends on the type of information and the purpose for which it was collected.

Retention Periods

Health information is typically retained for the period required by applicable healthcare laws and regulations, which may be several years or longer. Account information is retained while your account is active and for a reasonable period after account closure to comply with legal requirements and resolve any outstanding issues.

Secure Disposal

When we no longer need to retain your information, we securely dispose of it using industry-standard methods that ensure the information cannot be recovered or reconstructed. This includes secure deletion of electronic records and secure destruction of physical records.

Legal Holds

In certain circumstances, such as legal proceedings or investigations, we may be required to retain your information for longer periods. We will notify you if your information is subject to a legal hold and explain the reasons for the extended retention period.

International Data Transfers

Our services are primarily provided in the United States, and your information is stored and processed in the United States. If you are located outside the United States, please be aware that your information will be transferred to and processed in the United States.

Data Transfer Safeguards

When we transfer your information internationally, we implement appropriate safeguards to ensure that your information receives adequate protection. This may include standard contractual clauses, adequacy decisions, or other mechanisms recognized by applicable data protection laws.

Compliance with Local Laws

We strive to comply with applicable data protection laws in all jurisdictions where we operate. If you have questions about how your information is handled in your jurisdiction, please contact us for more information.

Children's Privacy

Our services are not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.

Parental Consent

For children between the ages of 13 and 18, we may collect and process their information with appropriate parental consent or as otherwise permitted by applicable law. We encourage parents to monitor their children's online activities and to discuss privacy and security with them.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.

Notification of Changes

For significant changes that affect how we use or share your information, we may also send you an email notification or display a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your information.

Continued Use

Your continued use of our services after any changes to this Privacy Policy constitutes acceptance of the updated policy. If you do not agree with the changes, you should discontinue using our services and contact us to discuss your concerns.

Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us using the information provided below. We are committed to addressing your concerns and providing you with the information you need to make informed decisions about your privacy.

Response Time

We strive to respond to all privacy-related inquiries within 30 days. For complex requests or investigations, we may need additional time and will keep you informed of our progress.

Last Updated

This Privacy Policy was last updated on January 15, 2024. We encourage you to review this policy regularly to stay informed about how we protect your information.