Website Privacy Notice

Purpose

This notice aims to assist Sansum Clinic website users understand the types of data and information that may be captured while on a visit and how such data and information are carefully managed and possibly used. Personal privacy being a priority in today’s digital world, optimum protection and effective safeguards are our ongoing concern. We are aware of the need for complete confidentiality and are dedicated to protecting your personal information and safeguarding your individual privacy whenever you are accessing the website to partake or simply to search. As within any Sansum Clinic healthcare environment, we remain always committed to those we serve along their path to good health.  Part of our mission as an organization is to promote trustworthy healthcare partnerships, and to be sure we value the partnership we have with patients and with all our website users. Hence, we encourage you to read this Notice carefully and to rest assured that we are doing our best to preserve the integrity and secure the privacy of your personal information.

 

Your Privacy

More than ever privacy matters. With security breaches, computer hacking, and identity theft seemingly a commonplace occurrence, we take the privacy of every single patient and the confidentiality of personal information very seriously.  Our commitment to securing all data and information and our dedication to safeguarding our systems and services, including the protective maintenance of this website, are at their highest possible levels. When visitors and other users obtain or provide information while navigating and reviewing its contents and features, they can be assured that their individual privacy is respected.  Whether incoming or outgoing, individually identifiable information is displayed only when necessary. In maintaining the website and in handling information, we make every effort to keep processes on a need-to-know basis. Hence, only website administrators are allowed access to data or information captured within the website. Moreover, communications and transactions between website users and website administrators are kept to a minimum. As a rule we do not intentionally interact with patients and other users, and we do not knowingly communicate with minors via this website. We value the trust our patients and associates have given us and are therefore steadfast in earning, preserving – and deserving – that trust.

 

Data and Information Security

Computer networks and software systems that drive Sansum Clinic operations,  including our practice management system, electronic health record, and all clinical, operational, and financial applications, are secured from unauthorized uses, unwarranted disclosures, and unnecessary access. We maintain physical, technical, and administrative safeguards designed and implemented to protect all these networks and systems from unwanted intrusions and to secure our databases and personal information while complying with applicable Federal regulations (e.g. HIPAA Privacy and Security Rules) and State statutes concerning electronic information and computerized systems security.

 

Collection, Use and Sharing of Information

Behind the scenes, Sansum Clinic staff, assistants, technicians, and associates manage compiled data and handle individual information with the same care and diligence that we exercise when interacting and communicating with Clinic patients, visitors, and the general public – always with safety, privacy, and confidentiality in mind. Accordingly, unless otherwise indicated or specified, the types of information collected from or about you via this Sansum website are very limited. In general, while no protected health information (PHI) is collected or stored through the use of this website, the following exceptions may occur:

a) First names and last names are captured upon voluntary entry, especially with respect to testimonials;
b) Clinic provider names, specialties, and locations are stored in the system and displayed whenever appropriate;
c) In certain specific events and activities email addresses may be captured, e.g. mailouts, clinical trials, etc., although they may not be stored necessarily and only for the express use of the healthcare provider.

With these types of information, only the website administrative staff has control over the decision whether or not to include names and/or locations of individual users for any given event or activity (i.e. published testimonial).  And with regard data and information entered by the user while in the website, the same administrative staff also has control over the use, sharing, maintenance, and disposition of such data and information.

Note: The types of personal information about Clinic patients that may be collected, maintained, and shared with business associates and outside organizations and government agencies – as may be appropriate or required by law – are described in detail in the Sansum Clinic Notice of Privacy Practices, which is on display prominently at all sites and branches and outlined in Policy & Procedure 1-007: Notice of Privacy Practices.

 

Storage and Retention

When captured within the website, data and information are stored and retained depending upon how they are to be used. Typically, they are simply stored in databases and are subsequently destroyed.  In the case of customer surveys and patient testimonials, for example, names of individuals submitted voluntarily may be displayed when appropriate or necessary for a certain length of time but are otherwise not retained for any extended period. In the case of clinical trials, research studies, community events, and similar Clinic activities, data and information as may be collected or displayed – whether de-identified or not – are later purged from the system or destroyed in accordance with established procedures. Extended storage of electronic data and information is not advisable as they become subject to unauthorized access, database corruption, and loss of integrity.

 

Policies, Procedures, and Best Practices

Sansum Clinic physicians, staff, and other providers, as well as administrative volunteers, student interns, and business associates are appropriately trained in – and continuously informed of – all the essentials relating to personal privacy, record confidentiality, and systems security. They are also provided such tools and resources that enable them in a timely manner to comply with privacy laws and security regulations. Sansum policies and procedures involving information management are periodically reviewed and updated, because these documents, along with job performance guidelines, best practice standards, and quality management and improvement activities, are intended to educate the Clinic workforce on current HIPAA Rules requirements with an emphasis on protecting privacy and maintaining security throughout the enterprise. We endeavor to attain the highest degrees of awareness possible, so that we enhance our understanding of the organization’s overall values – values based upon the trust our patients and associates have placed upon us and the respect we have for them and their individual privacy.

 

Contacting the Sansum Clinic Privacy Office

For any questions or concerns about this Privacy Notice, please contact our HIPAA Privacy Officer.
Address:  Sansum Clinic, 89 South Patterson Avenue, Santa Barbara, CA 93111
Email:  ndiaz@sansumclinic.org
Telephone:  (805) 692-4624
Fax:  (805) 692-4648