Privacy Policy

Updated as of July 1, 2023

We are committed to the care and improvement of human life. Part of that commitment includes protecting your Personal Information (defined below). We maintain information confidentiality and comply with applicable regulatory requirements.

This privacy policy ("Privacy Policy") covers our online privacy practices with respect to use and/or disclosure of information we may collect from you when you access or use our website ("Website"), Portals (as defined below), and any other websites or applications we may provide that link to this Privacy Policy (collectively, our "Services"). The Services are provided by the Website owner identified on the Website homepage ("we," "us," or "our"). This Privacy Policy does not apply to information collected through other means, such as by telephone or in person or by other third parties that are not part of our Services. Please review our privacy practices, email our privacy team or write to us at the address below if you have any questions.

HCA Healthcare
Attention: Privacy Requests
One Park Plaza
Nashville, TN 37203

This Privacy Policy does not apply to information that would be considered "Protected Health Information" under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). HCA HealthCare's' use and disclosure of Protected Health Information is set forth in the HCA Healthcare Notice of Privacy Practices, which can be accessed at the bottom of the facility website.

Information collected through the website

Our Website may include pages that permit you the opportunity to provide us with Personal Information about yourself. As used in this Privacy Policy, "Personal Information" means any information that may be used, either alone or in combination with other information, to personally identify an individual as defined by applicable state laws as noted below. We collect certain information, including Personal Information, from and about our Website users in three ways:

  • Directly from you;
  • Directly from our web server logs; or
  • Cookies and web beacons.

Information provided by you

We and our service providers collect Personal Information through online forms to provide certain features of the Services to you. For example, if applying for a job through the Website, we may request you to fill out a form with information such as your name, e-mail address, phone number, and work experience. If you do not provide the information required to submit the forms, we may not be able to provide you with related features and services. In some cases, you may have the opportunity to enter into our secure forms any content that you choose. You are responsible for such content and we reserve the right to use such content as part of our Services.

Web server logs

When you access or use our Services, we may track information to administer our Services and analyze its usage. Examples of information we may track include, without limitation:

  • Your Internet protocol address;
  • The kind of browser or computer you use;
  • Number of links you click within our Services;
  • State or country from which you accessed our Services;
  • Date and time of your visit;
  • Name of your Internet service provider;
  • Third party websites you linked to from our Services; and
  • Pages or information you viewed on our Services.

We use this information to analyze and improve our Services, monitor traffic and usage patterns for information security purposes, and to help make our Services more useful.

Cookies and web beacons

A "cookie" is a small text file that may be transferred to your computer's hard drive to personalize our services for you and collect information regarding usage of our Services. Each computer is assigned a different cookie that contains a random, unique identifier. Our Services may use two different types of cookies: a "session" cookie, which is required to track a user session, for example, and which expires shortly after the session ends, and a "persistent" cookie, used to track unique visits to the Portal (defined below), as well as how the user arrived at the Portal (for example, through an email link or from a referral link), and the type of user (patient, provider, consumer, etc.). So that users are not counted twice, this cookie can "persist" anywhere from six months to two years.

Your browser software can be set to warn you of cookies or reject all cookies. Most browsers offer instructions on how to reset the browser to reject cookies in the "Help" section of the toolbar. If you reject our cookies, this may disable some of the functionality of our Services and you may not be able to use certain services.

Cookies, to the best of our knowledge, cannot be used to run programs or deliver viruses to your computer. One of the primary purposes of cookies is to provide a convenience feature to save you time. For example, if you personalize a web page, or navigate within a website, a cookie helps the website to recall your specific information on subsequent visits. This simplifies the process of delivering relevant content and eases website navigation by providing and saving your preferences and login information as well as providing personalized functionality.
We use Google Analytics, a web analytics service provided by Google LLC, on our Site to help us analyze the traffic and user activity on our Site. Please see Google's Privacy and Termsfor more information on how Google Analytics processes Personal Information. By using a browser pluginprovided by Google, you can opt out of Google Analytics for the web.

We may display content from third-party platforms or services that allow you to view their hosted content directly from the pages of our Site, and interact with them. For example, we use YouTube, a video sharing and social media platform provided by Google LLC, to embed video content on our Site. Google's Privacy Policyexplains how YouTube/Google treat your personal data and protect your privacy when you provide your personal data in connection with your access and use of their services.

Some of features of our Services (such as social media widgets that allow you to share content) may use cookies or other methods to gather information regarding your use of the Services, and may combine the information in these cookies with any of Personal Information about you that they may have. The use of such information by a third-party depends on the privacy policy of that third-party.

A "web beacon," "clear GIF," "web bug," or "pixel tag" is a tiny graphic file with a unique identifier that is similar in function to a cookie, but would allow us to count the number of users that have visited certain pages or screens of our websites, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, web beacons can tell the sender whether and when the email has been opened. In contrast to cookies, which may be stored on your computer's hard drive, web beacons are typically embedded invisibly on pages or screens. We may use web beacons in providing the Services.

We reserve the right to share aggregated site statistics monitored by cookies and web beacons with our affiliates and partner companies. We treat the information of everyone who comes to our Services in accordance with this Privacy Policy. We do not honor Do Not Track (DNT) requests.

To determine whether any of our third-party service providers honor DNT requests, please read their respective privacy policies.

Control of Cookies

Most browsers are set to accept cookies by default. However, you can remove or reject cookies in your browser's settings. Please be aware that such action could affect the availability and functionality of the Site. For more information on how to control cookies, check your browser or device's settings for how you can control or reject cookies, or visit the following links:

Geolocation data

We do not collect precise information (e.g., GPS data; latitude and longitude) concerning the location from which you access our Services, but we collect information on your region or postal code to help us gather information useful for improving the relevance of our content and securing our Services.

Third party advertising

We may allow third-party advertising companies to serve ads when you access or use our Services. These companies use non-personally identifiable information regarding your access and use of our Services and other websites, such as pages viewed, date and time of your visit, and number of times you have viewed an ad (but not your name, address, or other personal information), to serve ads to you on our Services and other websites that may be of interest to you. In the course of serving advertisements to our Services, our third-party advertiser may place or recognize a unique cookie on your browser. In addition, we or other third-party advertiser, may use web beacons to help manage our online advertising. This allows us or a third-party advertiser to learn which banner ads bring users to our Services.

We use Google Ads, the Google Marketing Platform and related marketing and advertising services provided by Google, LLC in connection with our Site and general corporate advertising and marketing operations for purposes of, among other things, online advertising, which includes remarketing, re-engagement, or similar audience and advertising and marketing features. You can control the information Google uses to show you ads by changing your Google Ad PersonalizationSettings. Additionally, you can learn more about Google ad personalization and additional controls available to you by visiting Google Ad Help.

We use Twitter Ads, an advertising and analytics service provided by Twitter, Inc., in connection with our Site to run advertising and marketing campaigns on Twitter. You can opt out of Twitter's interest-based advertising through anapplicable opt-out mechanismspecified by Twitter.

We use Facebook Ads and related services provided by Facebook, Inc. in connection with our Site to run advertising and marketing campaigns on Facebook. Facebook's Cookie Policyexplains how Facebook uses data to show you ads and how you can control usage.

You can learn about additional steps that you may take to opt out of interest-based advertising when browsing the web by visiting National Advertising Initiative (NAI) Consumer Opt-Out.

Information collected through the portal

As a Service to its customers, we may also provide Portals to offer some customers secure, private access to their own records at our facilities, as well as certain internet-based services which may include, among other things, assistance in finding a doctor, assistance in scheduling appointments, the ability to register for classes and pre-register for procedures, the ability to make payment for medical services rendered, and access to health and patient education materials and secure messaging ("Portal").

The Portal can provide you with access to some of your medical records. When you seek access to those records on the Portal, we need to confirm your identity, so we ask you for information such as your name and email or physical address and other information such as your date of birth (which we may also use to make sure you are eligible to use the Portal in accordance with the Terms) and the answers to "secret questions" to which only you know the answers. This information may be used to help administer your user account and in managing your account. We may need to ask you for the information again when you sign in from a new device.
We may ask for information about your location and medical needs to assist with finding a physician, and may collect and pass on information (which may include, where relevant, health information such as your patient history) to assist you in scheduling appointments, pre-registering for procedures, and registering for classes.

The purposes for which we use personal information

If you submit or we collect Personal Information through our Services, then such Personal Information may be used in the following ways: (i) to provide, analyze, administer, and improve our Services; (ii) to contact you in connection with our Services and appointments, events or offerings that you may have registered for; (iii) to identify and authenticate your access to the parts of our Portal or other password-protected Services that you are authorized to access; (iv) to send you surveys; (v) for recruiting and human resources administration purposes; (vi) to protect our rights or our property and to ensure the technical functionality and security of our Services; and (vii) as required to meet our legal and regulatory obligations.

Please contact our appointed EU representative, if you have questions about or need further information concerning the legal basis on which we collect and use your information. If you are a resident of the European Economic Area, our legal basis for collecting and using the information described in this Privacy Policy will depend on the information concerned and the context in which we collect it. We collect information from you:

  • Where we need it to perform our contract with you (i.e., our Terms);
  • Where the processing is in our legitimate interests such as securing and improving our Services, for example (provided that these aren't overridden by your interests or rights);
  • Where the processing is for the provision of healthcare or the management of healthcare services (e.g., health information collected from you or made accessible to you through the Portal in accordance with legal requirements governing the confidentiality of such information); or
  • If we otherwise have your consent.

If you are a resident of the European Economic Area and you have questions about or need further information concerning the legal basis on which we collect and use your information, please contact our appointed EU representative, at the DPO Centre.

How we disclose personal information

We do not sell, lease, rent or otherwise disclose the Personal Information collected from our Site to third parties unless otherwise stated below or with your consent.

  • Our Third-Party Providers. We transfer Personal Information to third-party service providers to perform tasks on our behalf and to assist us in providing our Services. For example, we may use third-party service providers for security, website analytics, and payment processing. We use commercially reasonable efforts to only engage or interact with third-party service providers and partners that post a privacy policy governing their processing of Personal Information, and require our service providers to maintain confidentiality and comply with applicable laws in the processing of Personal Information. Review our list of our current third party service providers.
  • In the Event of Merger, Sale, Divestitures or Change of Control. We may transfer or assign Personal Information to a third-party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control.
  • Other Disclosures. We may disclose Personal Information about you if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our terms of use, including investigations of potential violations thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect against harm to our or third parties' rights, property or safety.

In addition to the uses and disclosures of information outlined above, if you use the Portal, your information may also be used and disclosed as follows:

  • Authorized Representatives. If another individual is managing your account on your behalf (for example, a mother managing the account of her son), as authorized by you or as a personal representative under applicable law, that person can view all Personal Information about you in the Portal.
  • Healthcare Providers. Your healthcare providers may have access to Personal Information for administrative and healthcare services. We may also use Personal Information to respond to and fulfill your orders and requests.
  • Partners. We may share Personal Information with marketing, treatment or health care operations support partners, who are also required to protect the confidentiality of your information, that will enable them to send you targeted messages or serve you targeted advertising, which will occur with your authorization or otherwise in compliance with HIPAA (defined above) and other applicable laws.

Information security

No website can guarantee security, but we maintain industry accepted physical, electronic, and procedural safeguards to protect your personal information collected via our Services in compliance with applicable law. Please see the Terms of Use available via the Website homepage ("Terms") for more specific information about information security and your responsibilities.

What can I do to protect my privacy?

Where you use a Portal or other Service that is secured with a username and password, you are also responsible for taking steps to protect the privacy of Personal Information about you. In order to protect your privacy, you should:

  • Never share your username or password;
  • Always sign out when you are finished using the Portal;
  • Use only secure web browsers;
  • Employ common anti-virus and anti-malware tools on your system to keep it safe;
  • Use a strong password with a combination of letters and numbers; and
  • Change your password often.

If you share your Portal username and password with another person, this will allow that person to see your confidential medical record information. We have no responsibility concerning any breach of your confidential medical record information due to your sharing or losing your user name or password.

Retention of information
We will retain Personal Information for the period necessary to fulfill the purposes for which it has been collected as described in this Privacy Policy unless a longer retention period is required by law, for security, fraud & abuse prevention, to comply with legal or regulatory requirements, to ensure continuity of services or financial record-keeping purposes. Where practical, we dispose of certain categories of information, including Personal Information, on a regular schedule. For example, we dispose of web server logs after 90 days, information submitted through secure forms after 6 months, and information collected for analytics purposes on our Websites after 5 years.

Third party websites and payments

If you use the Portal to link to another third-party website, you may decide to disclose Personal Information at that website. In contacting that third-party website, or in providing information on that website, that third-party may obtain Personal Information about you. This Privacy Policy does not apply when you leave the Portal and go to a third-party website from the Portal. We encourage you to be aware when you leave the Portal and to read the privacy statements of each third-party website that collects personally identifiable information.
Any payments you may make for services you have found on the Portal (such as enrolling in a class) are made exclusively through a third-party website the separate privacy policy of which applies, and not through the Portal. We are not responsible for any fees, charges, or actions provided by such a third-party website.

User communications

  • Email communications that you send to us via the email links on our Services may be shared with a customer service representative, employee, medical expert or agent that is most able to address your inquiry. We make reasonable efforts to respond in a timely fashion once communications are received. Once we have responded to your communication, it is discarded or archived, depending on the nature of the inquiry and all applicable laws, rules and regulations.
  • The email functionality on our Services does not provide a completely secure and confidential means of communication. It is possible that your email communication may be accessed or viewed by another Internet user while in transit to us. If you wish to keep your communication private, do not use our email.

Your Rights - Personal Information

If you are a Portal user, you may access and amend personal demographic information when logged into the Portal. If you would like to access, amend, erase, export, object to, restrict the processing, or other Personal Information collected via our Services or any other request as described below by state law, you may email our privacy team or write to us at:

HCA Healthcare
Attention: Privacy Requests
One Park Plaza
Nashville, TN 37203

We will promptly review all such requests in accordance with applicable laws. Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information about you. We encourage you to first contact us so we have an opportunity to address your concerns directly before you do so.

Communications Opt-Out

We may send certain messages, including electronic newsletters, notification of account statuses, and marketing communications on a periodic basis. If you wish to be removed from such messages, you may request to discontinue future ones. All such material will have information as to how to opt-out of receiving it, although certain messages (such as a secure message sent by a doctor or an account status update via the Portal), may be required by law and will not have opt-out capabilities.

California Direct Marketing Privacy Rights

Under California's "Shine the Light" law (Civil Code Section § 1798.83), California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of personal information, such as name, e-mail and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties' direct marketing purposes; and (b) the names and addresses of all such third parties.  To request the above information, please email our privacy team with a reference to California Disclosure Information.

We will endeavor to respond to such requests to information access within 30 days following receipt at the e-mail address stated above. If we receive your request at a different e-mail address, we will respond within a reasonable period of time, but not to exceed 150 days from the date received. Please note that we are only required to respond to each customer once per calendar year.

The California Consumer Privacy Act ("CCPA") of 2018 as Amended by the California Privacy Rights Act ("CPRA")

This section only applies to California residents ("Consumers") whose Personal Information is covered by the CCPA/CPRA. For the purposes of this section only, "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household.

Under the CCPA/CPRA and subject to certain exceptions, California residents may have the following rights with respect to our processing of their Personal Information:

  • Right to Know What Personal Information is Being Collected. Right to Access Personal Information. You may have the right to request that we disclose the following information to you:
    • The categories of Personal Information that we collected about you;
    • The categories of sources from which the Personal Information is collected;
    • The business or commercial purpose for collecting, selling or sharing Personal Information;
    • The categories of third parties to whom we disclosed Personal Information;
    • The specific pieces of Personal Information that we have collected about you;
    • The categories of Personal Information that we disclosed about you for a business purpose;
    • The categories of Personal Information that we sold or shared about you; and
    • For each category of Personal Information identified, the categories of third parties to whom the information was disclosed or sold.
    • Right of Deletion. You may have the right to delete any Personal Information about you which we have collected from you.
    • Right to Correct Inaccurate Personal Information. You may have the right to correct inaccurate Personal Information maintained by us.
  • Right to Limit Use or Disclosure of Sensitive Personal Information. You may have the right to limit the use and disclosure of your Sensitive Personal Information.
  • Right to Opt-Out of Sale or Sharing. You may have the right to opt-out of the sale of Personal Information or the sharing of Personal Information. You can exercise your opt-out rights by completing the Consumer Request Form, emailing us at Personal Information Request or by calling us at (844) 422-3282.
  • Right of No Retaliation Following Opt-Out or Exercise of Other Rights. We may not discriminate against you because you exercise any of your rights under the CPRA, including, but not limited to:
    • Denying goods or services to you;
    • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
    • Providing a different level or quality of goods or services to you;
    • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services; or
    • Retaliating against an employee, applicant for employment, or independent contractor.

You may submit requests for information by completing the Consumer Request Form, emailing us at Personal Information Request or by calling us at (844) 422-3282. Please note, under California Law, that we are only required to respond to such requests from you twice in a twelve-month period.

Opt-Out Preference Signals

We do honor opt-out preference signals as a valid consumer request to opt-out of the sale or sharing of Personal Information and to limit the use of Sensitive Personal Information. This is based on your device and browser's settings. One example of an opt-out preference signal is the use of a Global Privacy Control (GPC). GPC is a browser extension that makes it easy for consumers to set privacy preferences for their Personal Information as they browse the web. For more information on managing your privacy controls see the Cookies and Web Beacons section above.

Offline Collection of Personal Information

When we collect your Personal Information offline, for example at an onsite event, a Notice at Collection may be printed on a sign-in sheet, a paper version of the Notice could be available at the entrance of the event or prominent signage will be displayed directing you to where the Notice can be found online. All options will provide information to you so that you can exercise your privacy rights listed above.

Minors

We do not have actual knowledge that we sell or share the Personal Information of Consumers who are less than 16 years of age. However, if we have actual knowledge that the Consumer is less than 16 years of age, we will not sell or share the Consumer's Personal Information unless the Consumer in the case of Consumers who are at least 13 years of age and less than 16 years of age, or the Consumer's parent or guardian, in the case of Consumers who are less than 13 years of age, has affirmatively authorized the disclosure of the Consumer's Personal Information.

The categories of sources from which we collect Personal Information are:

  • Directly from you;
  • Directly from our web server logs; and
  • With cookies and web beacons;

The categories of third parties with whom we share Personal Information are described in detail in the How We Disclose Personal Information
section of this Privacy Policy.

The chart below describes:

  • The categories of Personal Information that we may have collected about Consumers through our Website, Portal, Services and Offline beginning January 1, 2022.
  • The categories of Personal Information that we have disclosed about Consumers for a business purpose beginning January 1, 2022.
  • The categories of Personal Information that we have collected, sold or shared about Consumers beginning January 1, 2022.

Category

Examples

Disclosed for a Business Purpose

Sold or Shared

Identifiers

Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.

Yes

No

Personal Information categories described in Cal. Civ. Code § 1798.80(e)

Name, address, telephone number, insurance policy number, employment history, medical information, health insurance information.

Yes

No

Characteristics of protected classifications under California or federal law

Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Yes

No

Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Yes

No

Biometric information

Voice Recognition, Fingerprint and Palm Print Scanning, Facial Recognition, Iris Recognition, Keystroke, Gait, or other physical patterns, and Sleep, Health, or Exercise Data.

No

No

Internet or Electronic Network Activity Information

Browsing history, search history, Internet protocol address, type of browser, number of links clicked within our Services, state or country from which you accessed our Services, date and time of visit, name of Internet service provider, third party websites you linked to from our Services, pages or information you viewed on our Services, number of times you have viewed an ad.

Yes

Yes

Geolocation data

Region or postal code.

Yes

Yes

Audio, electronic, visual, thermal, olfactory, or similar information

Photographs, video recordings and voice/call recordings.

Yes

No

Professional or employment-related information

Work experience, name, phone number, email address, performance evaluations.

Yes

No

Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34
C.F.R. Part 99)

Educational records such as transcripts, class lists, student course
 schedules, health records, student financial information, and student disciplinary records.

Yes

No

Inferences drawn from any Personal
Information identified to create a profile about a consumer

A profile created about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

No

No

Sensitive personal information

Personal information that reveals:

Social security, driver's license, state identification card, or passport number.

No

No

Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

Yes

No

A consumer's precise geolocation.

No

No

A consumer's racial or ethnic origin, religious or philosophical beliefs, or union membership.

No

No

The contents of a consumer's mail, email, and text messages unless the business is the intended recipient of the communication.

No

No

A consumer's Genetic Data.

No

No

The processing of biometric information for the purpose of uniquely identifying a consumer.

No

No

Personal information collected and analyzed concerning a consumer's health.

Yes

No

Personal information collected and analyzed concerning a consumer's sex life or sexual orientation.

No

No

The purposes for which the categories of Personal Information shall be used, and the business or commercial purposes for collecting or disclosing Personal Information, are described in detail in the following sections of this Privacy Policy:

(i) Web Server Logs
(ii) Cookies and Web Beacons
(iii) Geolocation Data
(iv) Third Party Advertising
(v) Information Collected through the Portal
(vi) The Purposes for Which We Use Personal Information
(vii) How We Disclose Personal Information
(viii) User Communications

Retention of Categories of Personal Information

We will retain Personal Information for the period necessary to fulfill the purposes for which it has been collected. In accordance with internal record retention policies, we dispose of all categories of Personal Information no later than 5 years from the date of collection unless a longer retention period is required by law, for security, fraud & abuse prevention, to comply with legal or regulatory requirements, to ensure continuity of services or financial record-keeping purposes. Consumer accounts in MyHealthOne are only deleted at the request of the Consumer and may exceed the five-year retention period. Information collected from a "Contact Us" webform may exceed the five-year retention period as it is a general communication form that sits on most websites to give website visitors the opportunity to ask general questions about the facility, its services or to leave comments. Employees can find the relevant record series codes in the Retention Schedules under Human Resources (HUM), which can be found in the applicable Workforce Notices posted internally, or by making a privacy rights request by following the instructions in this Privacy Policy.

Colorado Privacy Act (CPA)

This section only applies to Colorado residents ("Consumers") whose Personal Data is covered by the CPA. For the purposes of this section only, "Personal Data" means information that is linked or reasonably linkable to an identified or identifiable individual and does not include de-identified data or publicly available information.

Under the CPA and subject to certain exceptions, Colorado residents may have the following rights with respect to our processing of their Personal Data:

  • Right to Access: You may have the right to know and confirm whether or not we are processing your Personal Data and the right to access such Personal Data.
  • Right to Correction: You may have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.
  • Right to Deletion: You may have the right to delete the Personal Data provided to us by you.
  • Right to Data Portability: You may have the right to obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller without hindrance, where the processing is carried out by automated means.
  • Right to Opt-Out of Sale, Targeted Advertising, and Profiling: You may have the right to opt out of (a) the sale of your Personal Data, (b) or our processing of it for purposes of targeted advertising, or (c) our use of it for profiling in furtherance of decisions that produce legal or similarly significant effect concerning you. To exercise your opt out rights, complete the Consumer Request Form, email us at Personal Information Request or call us at (844) 422-3282. We do not use Personal Data for profiling in furtherance of decisions that produce legal or similarly significant effect concerning you.
  • Right to Appeal: If we decline to take action regarding your request, you may have the right to appeal. We will notify you providing our reasons and instructions for how you can appeal the decision. You have the right to contact the Colorado Attorney General if you have concerns about the result of the appeal.

You may exercise your rights listed above by completing the Consumer Request Form, emailing us at Personal Information Request or by calling us at (844) 422-3282.

Authorized Agent

An Authorized Agent may exercise a Consumer's opt-out right on behalf of the Consumer, so long as we are able to, with commercially reasonable effort, authenticate the identity of the Consumer and the Authorized Agent's authority to act on the Consumer's behalf. In addition to the opt-out link above, an Authorized Agent may exercise a Consumer's opt-out right through a technology indicating the Consumer's intent to opt out such as a web link indicating a preference or browser setting, browser extension, or global device setting.

Verification Process

This is a process to determine that the Consumer making the request is the Consumer about whom we have collected the Personal Data. In order to verify your identity we will, whenever feasible, match the identifying information you provide to the Personal Data we already maintain and/or use a third-party identity verification service.

Consent for Children

We do not have actual knowledge that we are collecting or maintaining the Personal Data of Consumers under 13 years of age. However, if we have actual knowledge that the Consumer is under 13 years of age, we will obtain Consent from the parent or lawful guardian of that Consumer before collecting or processing the Consumer's Personal Data.

Categories of Personal Data

The following describes the categories of Personal Data collected or processed by us:

  • Identifiers such as name, date of birth, address, email address or phone number;
  • Internet or electronic network activity information such as browsing history, Internet protocol address, type of browser, number of links clicked within our Services, state or country from which you accessed our Services, date and time of visit, name of Internet service provider, third party websites you linked to from our Services, pages or information you viewed on our Services or number of times you have viewed an ad.
  • We collect information on your region or postal code to help us gather information useful for improving the relevance of our content; and
  • Securing our Services.

The purposes for which the categories of Personal Data shall be used, the business or commercial purposes for collecting or disclosing Personal Data and the categories of third parties with whom we share Personal Data are described in detail in the following sections of this Privacy Policy:

(i) Web Server Logs
(ii) Cookies and Web Beacons
(iii) Geolocation Data
(iv) Third Party Advertising
(v) Information Collected through the Portal
(vi) The Purposes for Which We Use Personal Information
(vii) How We Disclose Personal Information
(viii) User Communications
The following describes the Personal Data that we share with third parties:

  • Internet or electronic network activity information such as browsing history, Internet protocol address, type of browser, number of links clicked within our Services, state or country from which you accessed our Services, date and time of visit, name of Internet service provider, third party websites you linked to from our Services, pages or information you viewed on our Services or number of times you have viewed an ad.
 

Offline Collection of Personal Data

When we collect your Personal Data offline, for example at an onsite event, a hard copy of our Privacy Policy will be provided.

Retention of Categories of Personal Data

We will retain Personal Data for the period necessary to fulfill the purposes for which it has been collected. In accordance with internal record retention policies, we dispose of all categories of Personal Data no later than 5 years from the date of collection unless a longer retention period is required by law, for security, fraud & abuse prevention, to comply with legal or regulatory requirements, to ensure continuity of services or financial record-keeping purposes. Consumer accounts in the MyHealthOne Portal are only deleted at the request of the Consumer and may exceed the five-year retention period.

Your Nevada Privacy Rights

We may collect the following categories of covered information about you through our Website, Portals, and Services when you visit the Website and Portals or use the Services such as:

  • First and Last Name;
  • Physical Address;
  • Email Address;
  • Telephone Number; and
  • User Name.

We may share such covered information with categories of third parties such as marketing. Third parties may collect covered information about your online activities over time and across different Internet websites or online services when you use the Website, Portals, or Services. If you use or visit the Website and Portals or use the Services you may review and request changes to any of your covered information that is collected through the Website, Portals, or Services by calling (844) 422-3282. You may submit a verified request that we not sell any covered information that we have collected or will collect about you by calling (844) 422-3282. After we receive your request and determine that it is a verified request, we will not sell any covered information that we have collected or will collect about you.

What if I am accessing this portal from outside of the United States?

If you are visiting our Portal from outside the United States, your information may be transferred to, stored or processed in the United States, where our servers are located and our central database is operated. Although the data protection and other laws of the United States and other countries might not be as comprehensive as those in your country, we take steps to protect your privacy, including, for transfers of Personal Information from the European Economic Area, the use of contractual clauses (known as "Model Clauses" or "Standard Contractual Clauses") that have been approved by the European Commission. By using our Portal, you understand and agree that your information may be transferred to our facilities and those third parties with whom we share it as described in this Privacy Policy.

Connecticut privacy policy notice

If collected, we will take reasonable measures to protect the confidentiality of Social Security numbers and limit access to those with a need for such information. We prohibit the unlawful disclosure of Social Security numbers.

Children's privacy

We will never ask for or knowingly collect Personal Information from children through the Services or Portal. If you are a child, you are not permitted to use the Portal and should immediately exit our Portal. Parents of un-emancipated minors may set up accounts for themselves to access their children's medical records only as permitted pursuant to the Terms governing the Portal. If you think that we have collected personal information from a child through this Portal, please contact us and we will dispose of the information as required by applicable law.

Policy changes

We reserve the right to change the terms of this Privacy Policy at any time by posting those changes in revisions to this Privacy Policy, so that you are always aware of our processes related to collection, use and disclosure of information. We urge you to check here for any updates to this Privacy Policy from time to time. Unless otherwise indicated, any changes to this Privacy Policy will apply immediately upon posting to the Website.

What if I have questions or concerns regarding this privacy policy?

Email our privacy team if you have any questions or concerns about this Privacy Policy or the information practices of our Services.

If you are a resident of the European Economic Area and have any questions or concerns about this Privacy Policy or the information practices of our Services, please contact our appointed EU representative, at the DPO Centre.

You may also write to us at:
HCA Healthcare
Attention: Privacy Requests
One Park Plaza
Nashville, TN 37203  

 

ARA Privacy Policy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

At ARA Health Specialists, P.A. ("ARA Health", "ARA"), we are committed to treating and using protected health information ("PHI") about you responsibly. This Notice of Privacy Practices ("Notice") describes the personal information we collect, and how and when we use or disclose that information. It also describes your rights as they relate to your PHI as defined by federal regulations.

Understanding Your Health Record/Information

Each time you visit ARA Health Specialists; a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, and a plan for future care or treatment. This information may be used or disclosed to:

  • Plan your care and treatment.
  • Communicate with other providers who contribute to your care.
  • Serve as a legal document.
  • Receive payment from you, your plan, or your health insurer.
  • Assess and continually work to improve the care we render and the outcomes we achieve.
  • Comply with state and federal laws that require us to disclose your health information.
  • Students or Residents as part of our healthcare operations training.

Your Health Information Rights

Although your health record is the physical property of ARA Health Specialists, the information belongs to you. You have the right to request to:

  • Access, inspect and copy your health record. ARA Health Specialists maintains an electronic medical record ("EMR"). You have the right to access your health record in a machine-readable electronic format. You have the right to request an electronic copy of your medical record be given to you or transmitted to another individual or entity. ARA Health Specialists may charge you a reasonable, cost-based fee for the labor and supplies associated with copying or transmitting the electronic PHI.
  • Amend your health record which you believe is not correct or complete. ARA Health Specialists is not required to agree to the amendment if you ask us to amend information that is in our opinion: (i) accurate and complete; (ii) not part of the PHI kept by or for ARA Health Specialists; (iii) not part of the PHI which you would be permitted to inspect and copy; or (iv) not created by ARA Health Specialists, unless the individual or entity that created the information is not available to amend the information. If we deny your request, you may submit a written statement of disagreement of reasonable length. Your statement of disagreement will be included in your medical record, but we may also include a rebuttal statement.
  • Obtain an accounting of disclosures of your PHI. We are not required to list certain disclosures, including (i) disclosures made for treatment, payment, and health care operations purposes, (ii) disclosures made with your authorization, (iii) disclosures made to create a limited data set, and (iv) disclosures made directly to you. Upon request a list can be prepared and delivered to you free of cost within a 12-month period. ARA Health Specialists may charge you for additional lists within the same 12-month period. ARA Health Specialists will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.
  • Communications of your health information by alternative means (e.g. e-mail) or at alternative locations (e.g. post office box).
  • Place a restriction to certain uses and disclosures of your information. In most cases ARA Health Specialists is not required to agree to these additional restrictions, but if ARA Health Specialists does, ARA Health Specialists will abide by the agreement (except in certain circumstances where disclosure is required or permitted, such as an emergency, for public health activities, or when disclosure is required by law). ARA Health Specialists must comply with a request to restrict the disclosure of PHI to a health plan for purposes of carrying out payment or health care operations if the PHI pertains solely to a health care item or service for which we have been paid out of pocket in full.
  • Revoke your authorization to use or disclose health information except to the extent that action has already been taken.
  • Obtain a copy of your health care information in paper or a machine-readable electronic format.

Our Responsibilities

ARA Health Specialists is required to:

  • Maintain the privacy of your health information.
  • Provide you with this Notice as to our legal duties and privacy practices with respect to information we collect and maintain about you.
  • Abide by the terms of the Notice currently in effect.
  • Notify you in writing if we are unable to agree to a requested restriction.
  • Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations.
  • Notify you in writing of a breach where your unsecured PHI has been accessed, acquired, used or disclosed to an unauthorized person. "Unsecured PHI" refers to PHI that is not secured through the use of technologies or methodologies that render the PHI unusable, unreadable, or indecipherable to unauthorized individuals.

We reserve the right to change our practices and to make the new provisions effective for all PHI we maintain. Should our information practices change, such revised Notices will be made available to you.

We will not use or disclose your health information without your written authorization, except as described in this Notice.

For More Information or to Report a Problem

If you have questions and would like additional information, you may contact the ARA Health Specialists Privacy Officer at:

ARA Health Specialists, Attn: Privacy Officer
513 McDowell Street
Asheville, NC 28803
Telephone: (828) 436-5500

If you believe your privacy rights have been violated, you can file a written complaint with the ARA Health Specialists Privacy Officer, or with the Office for Civil Rights, U.S. Department of Health and Human Services. Upon request, the Privacy Office will provide you with the address. There will be no retaliation for filing a complaint with either the Privacy Officer or the Office for Civil Rights.

Treatment:

Information obtained by a nurse, physician, or other member of your health care team will be recorded in your medical record and used to determine the course of treatment that should work best for you. To promote quality care, ARA Health Specialists operates an EMR. This is an electronic system that keeps health information about you. ARA Health Specialists may also provide a subsequent healthcare provider with health information about you (e.g., copies of various reports) that should assist him or her in treating you in the future. ARA Health Specialists may also disclose health information about you to, and obtain your health information from, electronic health information networks in which community healthcare providers may participate to facilitate the provision of care to patients such as yourself.

ARA Health Specialists may use a prescription hub which provides electronic access to your medication history. This will assist ARA Health Specialists health care team in understanding what other medications may have been prescribed for you by other providers.

Payment:

A bill may be sent to you or a third-party payer. The information on or accompanying the bill may include information that identifies you, diagnosis, procedures, and supplies used.

Healthcare Operations:

We may use information in your health record to assess the care and outcomes in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the health care and service we provide.

Business Associates

We may contract with third parties to provide services on our behalf and disclose your health information to our business associate so that they can perform the job we've asked them to do. We require the business associate to appropriately safeguard your information.

Notification:

We may use or disclose information to notify or assist in notifying a family member, personal representative, or another person responsible for your care, your location, and general condition.

Communication from Offices:

We may call your home or other designated location and leave a message on voice mail, or in person, in reference to any items that assist ARA Health Specialists in carrying out Treatment, Payment and Health Care Operations, such as appointment reminders, insurance items and any call pertaining to your clinical care. We may mail to your home or other designated location any items that assist ARA Health Specialists in carrying out Treatment, Payment and Health Care Operations, such as appointment reminders, patient satisfaction surveys and patient statements.

Communication with Family/Personal Friends:

Health professionals, using their best judgment, may disclose to a family member, other relative, friend, or any other person you identify, health information relevant to that person's involvement in your care or payment related to your care. When a family member(s) or a friend(s) accompany you into the exam room, it is considered implied consent that a disclosure of your PHI is acceptable.

Open Treatment Areas:

Sometimes patient care is provided in an open treatment area. While special care is taken to maintain patient privacy, others may overhear some patient information while receiving treatment. Should you be uncomfortable with this, please bring this to the attention of our Privacy Officer.

To Avert a Serious Threat to health or Safety:

We may use your health information or share it with others when necessary to prevent a serious threat to your health or safety, or the health or safety of another person or the public.

Research:

:We may disclose information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI. Even without that special approval, we may permit researchers to look at PHI to help them prepare for research, for example, to allow them to identify patients who may be included in their research project, as long as they do not remove, or take a copy of, any PHI. We may use and disclose a limited data set that does not contain specific readily identifiable information about you for research. But we will only disclose the limited data set if we enter into a data use agreement with the recipient who must agree to (1) use the data set only for the purposes for which it was provided, (2) ensure the security of the data, and (3) not identify the information or use it to contact any individual. ARA Health Specialists may use a single compound authorization to combine conditioned and unconditioned authorizations for research (e.g. participation in research studies, creation or maintenance of a research database or repository), provided the authorization: (i) clearly differentiates between the conditioned (provision of research related treatment is conditioned on the provision of a written authorization) and unconditioned research components; and (ii) provides the individual with an opportunity to opt in to the unconditioned research activities.

Coroners, Medical Examiners and Funeral Director:

In the unfortunate event of your death, we may disclose your health information to a coroner or medical examiner. This may be necessary, for example, to determine the cause of death. We may also release this information to funeral directors as necessary to carry out their duties.

Deceased Individuals:

In the unfortunate event of your death, we are permitted to disclose your PHI to your personal representative and your family members and others who were involved in the care or payment for your care prior to your death, unless inconsistent with any prior expressed preference that you provided to us.

PHI excludes any information regarding a person who has been deceased for more than 50 years.

Organ Procurement Organizations:

Consistent with applicable law, we may disclose health information to organ procurement organizations, federally funded registries, or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.

Marketing:

We may contact you by mail, e-mail or text to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you. However, we must obtain your prior written authorization for any marketing of products and services that are funded by third parties. You have the right to opt-out by notifying us in writing.

Sale of your PHI:

ARA Health Specialists may not "sell" your PHI (i.e., disclose such PHI in exchange for remuneration) to a third party without your written authorization that acknowledges the remuneration unless such an exchange meets a regulatory exception.

Health Oversight Activities:

We may release your health information to government agencies authorized to conduct audits, investigations, and inspections of our facility. These government agencies monitor the operation of the health care system, government benefit programs, such as Medicare and Medicaid, and compliance with government regulatory programs and civil rights laws.

Food and Drug Administration (FDA):

We may disclose to the FDA health information relative to adverse events with respect to food, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.

Public Health:

As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury, or disability.

Workers Compensation:

We may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law.

Law Enforcement:

We may disclose health information for law enforcement purposes as required by law.

Inmates and Correctional Institutions:

If you are an inmate or you are detained by a law enforcement officer, we may disclose your health information to the prison officers or law enforcement officers if necessary to provide you with health care, or to maintain safety at the place where you are confined.

Lawsuits and Disputes:

We may disclose your health information if we are ordered to do so by a court that is handling a lawsuit or other dispute. We may also disclose your information in response to a subpoena, discovery request, or other lawful request by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain a court order protecting the information from further disclosure.

As Required by Law:

We may use or disclose your health information if we are required by law to do so.