Website Privacy Notice
Purpose
This notice aims to assist Sansum Clinic (“Sansum”) website users understand the types of data and information that may be captured while on a visit and how such data and information are carefully managed and possibly used. Personal privacy being a priority in today’s digital world, optimum protection and effective safeguards are our ongoing concern. We are aware of the need for complete confidentiality and are dedicated to protecting your personal information and safeguarding your individual privacy whenever you are accessing the website to partake or simply to search. As within any Sansum Clinic healthcare environment, we remain always committed to those we serve along their path to good health. Part of our mission as an organization is to promote trustworthy healthcare partnerships, and to be sure we value the partnership we have with patients and with all our website users. Hence, we encourage you to read this Notice carefully and to rest assured that we are doing our best to preserve the integrity and secure the privacy of your personal information.
Your Privacy
More than ever privacy matters. With security breaches, computer hacking, and identity theft seemingly a commonplace occurrence, we take the privacy of every single patient and the confidentiality of personal information very seriously. Our commitment to securing all data and information and our dedication to safeguarding our systems and services, including the protective maintenance of this website, are at their highest possible levels. When visitors and other users obtain or provide information while navigating and reviewing its contents and features, they can be assured that their individual privacy is respected. Whether incoming or outgoing, individually identifiable information is displayed only when necessary. In maintaining the website and in handling information, we make every effort to keep processes on a need-to-know basis. Hence, only website administrators are allowed access to data or information captured within the website. Moreover, communications and transactions between website users and website administrators are kept to a minimum. As a rule we do not intentionally interact with patients and other users, and we do not knowingly communicate with minors via this website. We value the trust our patients and associates have given us and are therefore steadfast in earning, preserving – and deserving – that trust.
Data and Information Security
Computer networks and software systems that drive Sansum Clinic operations, including our practice management system, electronic health record, and all clinical, operational, and financial applications, are secured from unauthorized uses, unwarranted disclosures, and unnecessary access. We maintain physical, technical, and administrative safeguards designed and implemented to protect all these networks and systems from unwanted intrusions and to secure our databases and personal information while complying with applicable Federal regulations (e.g. HIPAA Privacy and Security Rules) and State statutes concerning electronic information and computerized systems security. While we take reasonable steps to protect your information, we cannot guarantee the security of all systems against any potential incident. If we ever learn of a breach of your information, then we will notify you in accordance with applicable law.
Collection, Use and Sharing of Information
Information You Provide Us Directly
Sansum may collect certain information from you, such as your name, address, phone number, email address, or other demographic information when you request additional information, search and apply for a job with Sansum, fill out a contact form, submit feedback to Sansum, attend a Sansum event, or otherwise engage with us. We may retain any messages you send us through the websites pursuant to our retention policies. We use this information to operate, maintain, and provide you a superior website user experience as well as provide you information about Sansum.
If you apply for employment at Sansum, you may choose to provide information about yourself as well as information regarding your education, employment history, demographic/equal employment opportunity data, educational history, degrees, certifications, credentials, references, locations, and other information included in your resume and in the application for employment that you submit.
Information We May Receive From Third Parties
Sansum may collect information regarding how you interact with our websites and other websites, such as Sansum pages and content on social media platforms. For example, if you “like” a photo on one of our social media sites, we may collect information related to that interaction. In some cases, we may receive information about you from third parties. Sansum may receive information about you that you directly provided to a third party. For instance, Sansum may use a third party to manage event registrations. The third party would provide Sansum registrants’ data to facilitate the event.
Analytics Information
Sansum uses website analytics to provide you the best possible experience with our web platforms, websites and offerings. For example, when we send you emails, we may use technologies to determine whether the email has been opened and whether the links contained in it have been clicked on. We may combine this data with other information collected to measure your interest in Sansum, improve our offerings to audiences, or our marketing campaigns, as well as tailor our interactions with you.
Some of our websites may use website analytics vendors to better understand usage of our websites or for offerings to audiences or general marketing campaigns. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving our websites and offerings.
Log File Information
Log file information is sent automatically to Sansum by your browser each time you visit our websites. This is not dependent on the presence or use of cookies and is unaffected by your opt-in or opt-out election concerning cookies. These logs may contain information such as the Internet domain from which you access our websites; the date and time you visited our websites; the areas of our websites that you viewed; your computer's IP address that is automatically assigned when you log onto the Internet; the type of browser and operating system you use; and the address of the Web site you came from, if any.
Sansum uses log file information to help us design our websites; identify popular features; resolve user, hardware and software problems; and make the websites more useful to patients and other visitors.
Web Beacon
A web beacon is a small image file on a web page that may be used to collect certain information from your device. This information may include IP address, time of access, browser, and identification of cookies. Sansum, or its vendors, may utilize web beacons to track visitor statistics and manage cookies.
In some of our newsletters or other email communications, we may track recipient actions with the email. This may include opening the email or clicking a link included in the email. This is used to monitor user engagement with our communications.
Location Data
Sansum may utilize a feature that, when you access the websites by or through a mobile device or through your browser, accesses, collects, monitors and/or remotely stores “location data,” and may include GPS coordinates (longitude and latitude) or similar information regarding the location of your device. This data may be used to convey information about how you browse and use the websites, as well as provide you personalized information based on that location data (such as the closest Sansum location to you). You may opt-in or opt-out of sharing location data from your computer by clicking the location icon on the website.
Use of Cookies
Sansum may place Internet Cookies (“cookies”) on the computer or other devices used by visitors to our websites. Cookies are small text files that contain small amounts of information and are downloaded to your device. Cookies help us and/or the third parties who provide such cookies obtain information about your use of our websites and assist us in our offerings. Sansum uses two types of cookies: 'session' cookies and 'persistent' cookies.
A session cookie is temporary and expires after you end a session and close a Web browser. We may use session cookies to help customize visitors' experiences on our websites, maintain a signed-on status while exploring the websites, and track which Web pages visitors view on our websites.
On the other hand, persistent cookies remain on your hard drive. For instance, we use a persistent cookie when we ask you to agree to the use of an educational resource so that when you return to that resource later, you do not need to go through the agreement page again.
We use cookies to help us tailor our websites to our users and in our offerings or for marketing. Some features of our websites may not work as intended if you decline to allow cookies or deactivate cookies. For instructions on how to remove existing cookies from your hard drive and/or block cookies from all websites, go to your browser's Web site for detailed instructions.
Most web browsers automatically accept cookies, but provide an option for blocking the acceptance of cookies. By using our website, you consent to the use of cookies as described above in this Privacy Notice.
Use and Disclosure of Information
Behind the scenes, Sansum Clinic staff, assistants, technicians, and associates manage compiled data and handle individual information with the same care and diligence that we exercise when interacting and communicating with Clinic patients, visitors, and the general public – always with safety, privacy, and confidentiality in mind. Accordingly, unless otherwise indicated or specified, the types of information collected from or about you via this Sansum website are very limited. In general, while no protected health information (PHI) is collected or stored through the use of this website, the following exceptions may occur:
a) First names and last names are captured upon voluntary entry, especially with respect to testimonials;
b) Clinic provider names, specialties, and locations are stored in the system and displayed whenever appropriate;
c) In certain specific events and activities email addresses may be captured, e.g. mailouts, clinical trials, etc., although they may not be stored necessarily and only for the express use of the healthcare provider.
With these types of information, only the website administrative staff has control over the decision whether or not to include names and/or locations of individual users for any given event or activity (i.e. published testimonial). And with regard data and information entered by the user while in the website, the same administrative staff also has control over the use, sharing, maintenance, and disposition of such data and information.
Storage and Retention
When captured within the website, data and information are stored and retained depending upon how they are to be used. Typically, they are simply stored in databases and are subsequently destroyed. In the case of customer surveys and patient testimonials, for example, names of individuals submitted voluntarily may be displayed when appropriate or necessary for a certain length of time but are otherwise not retained for any extended period. In the case of clinical trials, research studies, community events, and similar Clinic activities, data and information as may be collected or displayed – whether de-identified or not – are later purged from the system or destroyed in accordance with established procedures. Extended storage of electronic data and information is not advisable as they become subject to unauthorized access, database corruption, and loss of integrity.
Note: The types of personal information about Clinic patients that may be collected, maintained, and shared with business associates and outside organizations and government agencies – as may be appropriate or required by law – are described in detail in the Sansum Clinic Notice of Privacy Practices, which is on display prominently at all sites and branches and outlined in Policy & Procedure 5-050: Notice of Privacy Practices.
Policies, Procedures, and Best Practices
Sansum Clinic physicians, staff, and other providers, as well as administrative volunteers, student interns, and business associates are appropriately trained in – and continuously informed of – all the essentials relating to personal privacy, record confidentiality, and systems security. They are also provided such tools and resources that enable them in a timely manner to comply with privacy laws and security regulations. Sansum policies and procedures involving information management are periodically reviewed and updated, because these documents, along with job performance guidelines, best practice standards, and quality management and improvement activities, are intended to educate Sansum Clinic’s workforce on current HIPAA Rules requirements with an emphasis on protecting privacy and maintaining security throughout the enterprise. We endeavor to attain the highest degrees of awareness possible, so that we enhance our understanding of the organization’s overall values – values based upon the trust our patients and associates have placed upon us and the respect we have for them and their individual privacy.
Revisions to this Policy Notice
As state and federal laws change, and as we add new features to our websites, Sansum may periodically revise this Privacy Notice. We will post changes to this Privacy Notice on our websites. Your continued use of our websites following the posting of changes will mean you accept those changes.
Contacting the Sansum Clinic Privacy Office
For any questions about our privacy practices, please contact us at (855) 771-4220.
Address: Sansum Clinic, 470 S. Patterson Avenue, Santa Barbara, CA 93111
Email: shpi@sutterhealth.org