Updated as of June 30, 2020
We are committed to the care and improvement of human life. Part of that commitment includes protecting your Personal Information (defined below). We maintain information confidentiality and comply with applicable regulatory requirements.
Acceptance of Terms
We collect certain information, including Personal Information, from and about our users in three ways:
- directly from you;
- directly from our web server logs; or
- cookies and web beacons.
Information Provided by You
We and our service providers collect Personal Information through online forms to provide certain features of the Services to you. For example, if applying for a job through the website, we may request you to fill out a form with information such as your name, e-mail address, phone number, and work experience. If you do not provide the information required to submit the forms, we may not be able to provide you with related features and services.
In some cases, you may have the opportunity to enter into our secure forms any content that you choose. You are responsible for such content and we reserve the right to use such content as part of our Services.
Web Server Logs
When you access or use our Services, we may track information to administer our Services and analyze its usage. Examples of information we may track include, without limitation:
- Your Internet protocol address;
- The kind of browser or computer you use;
- Number of links you click within our Services;
- State or country from which you accessed our Services;
- Date and time of your visit;
- Name of your Internet service provider;
- Third party websites you linked to or from our Services; and
- Pages or information you viewed on our Services.
We use this information to analyze and improve our Services, monitor traffic and usage patterns for information security purposes, and to help make our Services more useful.
Cookies and Web Beacons
A “cookie” is a small text file that may be transferred to your computer’s hard drive to personalize our services for you and collect information regarding usage of our Services. Each computer is assigned a different cookie that contains a random, unique identifier. Our Services may use two different types of cookies: a “session” cookie, which is required to track a user session, for example, and which expires shortly after the session ends, and a “persistent” cookie, used to track unique visits to the Portal (defined below), as well as how the user arrived at the Portal (for example, through an email link or from a referral link), and the type of user (patient, provider, consumer, etc.). So that users are not counted twice, this cookie can “persist” anywhere from six months to two years.
Your browser software can be set to warn you of cookies or reject all cookies. Most browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. If you reject our cookie, this may disable some of the functionality of our Services and you may not be able to use certain services.
Cookies, to the best of our knowledge, cannot be used to run programs or deliver viruses to your computer. One of the primary purposes of cookies is to provide a convenience feature to save you time. For example, if you personalize a web page, or navigate within a website, a cookie helps the website to recall your specific information on subsequent visits. This simplifies the process of delivering relevant content and eases website navigation by providing and saving your preferences and login information as well as providing personalized functionality.
We may use Google Analytics on our site to help us analyze the traffic on our site. For more information on Google Analytics’ processing of Personal Information, please see http://www.google.com/policies/privacy/partners/.” By using a browser plugin provided by Google, you can opt out of Google Analytics.
A “web beacon,” “clear GIF,” “web bug,” or “pixel tag” is a tiny graphic file with a unique identifier that is similar in function to a cookie, but would allow us to count the number of users that have visited certain pages or screens of our websites, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, web beacons can tell the sender whether and when the email has been opened. In contrast to cookies, which may be stored on your computer’s hard drive, web beacons are typically embedded invisibly on pages or screens. We may use web beacons in providing the Services.
We reserve the right to share aggregated site statistics monitored by cookies and web beacons with our affiliates and partner companies.
We do not collect precise information (e.g., GPS data; latitude and longitude) concerning the location from which you access the Services, but we collect information on your region or postal code to help us gather information useful for improving the relevance of our content and securing our Services.
Third Party Advertising
We may allow third party advertising companies to serve ads when you access or use our Services. These companies use non-personally identifiable information regarding your access and use of our Services and other websites, such as pages viewed, date and time of your visit, and number of times you have viewed an ad (but not your name, address, or other personal information), to serve ads to you on our Services and other websites that may be of interest to you. In the course of serving advertisements to our Services, our third party advertiser may place or recognize a unique cookie on your browser. In addition, we or other third party advertiser, may use web beacons to help manage our online advertising. This allows us or a third party advertiser to learn which banner ads bring users to our Services.
Additional Privacy Policies for Portal
As a service to our members, we also provide provisional access to a Member Portal which includes, among other things, information and resources regarding HealthTrust agreements, suppliers and communications (the “Portal”). The following additional privacy terms and protections apply to use of the Portal.
If you submit or we collect Personal Information through our Services, then such Personal Information may be used in the following ways: (i) to provide, analyze, administer, and improve our Services; (ii) to contact you in connection with our Services and appointments, events or offerings that you may have registered for; (iii) to identify and authenticate your access to the parts of our Portal or other password-protected Services that you are authorized to access; (iv) to send you surveys; (v) for recruiting and human resources administration purposes; (vi) to protect our rights or our property and to ensure the technical functionality and security of our Services; and (vii) as required to meet our legal and regulatory obligations.
- where the processing is in our legitimate interests such as securing and improving our Services, for example (provided that these aren’t overridden by your interests or rights);
- where the processing is for the provision of healthcare or the management of healthcare services (e.g., health information collected from you or made accessible to you through the Portal in accordance with legal requirements governing the confidentiality of such information); or
- if we otherwise have your consent.
If you have questions about or need further information concerning the legal basis on which we collect and use your information, please contact us using the contact details provided under the “Contact Us” section below or email us at email@example.com.
How Else May Your Information Be Used And Disclosed?
We do not sell, lease, rent or otherwise disclose the Personal Information collected from our Services to third parties unless otherwise stated below or with your consent.
- In the Event of Merger, Sale, Divestitures or Change of Control. We may transfer or assign Personal Information to a third party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control.
In addition to the uses and disclosures of information outlined above, if you use the Portal, your information may also be used and disclosed as follows:
- Authorized Representatives. If another individual is managing your account on your behalf (for example, a mother managing the account of her son), as authorized by you or as a personal representative under applicable law, that person can view all Personal Information about you in the Portal.
In addition to the uses and disclosures of information outlined above, your information may also be used and disclosed as follows:
- If another individual is managing your account on your behalf, as authorized by you or as a personal representative under applicable law, that person can view all of your information in the Portal.
- We may use your information to send you surveys.
- We may use your information to respond to your questions and provide you services.
- We may assign the information we have about you, including PII, in the event that all or part of our assets are sold or acquired by another party, including all or substantially all of our websites, or in the event of a merger for the same.
- We may use or disclose your information as required or allowed by applicable law.
What can I do to protect my Privacy?
In order to protect your privacy, you should:
- Never share your username or password;
- Always sign out when you are finished using the Portal;
- Use only secure web browsers;
- Employ common anti-virus and anti-malware tools on your system to keep it safe;
- Use a strong password with a combination of letters and numbers;
- Change your password often; and
- Notify us immediately if you believe your login and/or password have been compromised at firstname.lastname@example.org.
If you share your Portal username and password with another person, this will allow that person to see your confidential information. We have no responsibility concerning any breach of your confidential information due to your sharing or losing your user name or password.
Third Party Websites
Email communications that you send to us via the email links on our Services may be shared with a customer service representative, employee or agent that is most able to address your inquiry. We make reasonable efforts to respond in a timely fashion once communications are received. Once we have responded to your communication, it is discarded or archived, depending on the nature of the inquiry and all applicable laws, rules and regulations.
The email functionality on our Services does not provide a completely secure and confidential means of communication. It is possible that your email communication may be accessed or viewed by another Internet user while in transit to us. If you wish to keep your communication private, do not use our email.
If you are a Portal user, you may access and amend personal demographic information when logged into the Portal. If you would like to access, amend, erase, export, object to, restrict the processing, or other Personal Information collected via our Services or any other request as described below by state law, you may submit a request to email@example.com or write to us at:
Attention: Privacy Requests
One Park Plaza
Nashville, TN 37203
We will promptly review all such requests in accordance with applicable laws.
Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information about you. We encourage you to first reach out to us at firstname.lastname@example.org so we have an opportunity to address your concerns directly before you do so.
We may send certain messages, including electronic newsletters, notification of account statuses, and marketing communications on a periodic basis. If you wish to be removed from such messages, you may request to discontinue future ones. All such material will have information as to how to opt-out of receiving it, although certain messages (such as an account status update), may be required by law and will not have opt-out capabilities.
Your California Privacy Rights
Under California Law, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of personal information, such as name, e-mail and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us at email@example.com with a reference to California Disclosure Information.
We will endeavor to respond to such requests to information access within 30 days following receipt at the e-mail address stated above. If we receive your request at a different e-mail address, we will respond within a reasonable period of time, but not to exceed 150 days from the date received. Please note that we are only required to respond to each customer once per calendar year.
California Consumer Privacy Act of 2018 (“CCPA”)
At this time, HealthTrust does not engage in collection, handling or use of consumer information. However, in the event HealthTrust does so, the following additional terms apply to California residents (“Consumers”). For the purposes of this section only, “Personal Information” means information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household.
Consumers have the following rights:
- Right to Request Information. You have the right to request that we disclose the following information to you, limited to the preceding twelve (12) months:
- The categories of Personal Information that we collected about you;
- The categories of sources from which the Personal Information is collected;
- The business or commercial purpose for collecting or selling Personal Information;
- The categories of third parties with whom we share Personal Information;
- The specific pieces of Personal Information that we have collected about you;
- The categories of Personal Information that we disclosed about you for a business purpose or sold to third-parties; and
- For each category of Personal Information identified, the categories of third parties to whom the information was disclosed or sold.
Please note, under California Law, that we are only required to respond to such requests from you twice in a twelve-month period.
- Right of Deletion. You have the right to request that we delete any Personal Information about you which we have collected from you. You may exercise your right to deletion by clicking on the following link https://hcahealthcare.com/about/legal/consumer-request-form.dot and completing the request form, emailing us at Personal Information Request or by calling us at 844-422-3282.
- Right to Opt-Out. We do not sell your Personal Information for monetary payments. However, the definitions of ‘personal information’ and ‘sale’ under the CCPA are broad. Because of the breadth of these definitions under the CCPA, we have provided opt-out links. You have the right to direct us not to sell your Personal Information. You may exercise your opt-out rights by clicking on the following link https://hcahealthcare.com/about/legal/consumer-request-form.dot and completing the request form, emailing us Personal Information Request or by calling us at 844-422-3282.
- Right to Opt-In. We do not have actual knowledge that we sell the Personal Information of minors under the age of 16. But in the event that it occurs, if you are at least 13 years of age and less than 16 years of age you have the right to opt-in to the sale of your Personal Information. If you are a Consumer who is less than 13 years of age, then your parent or guardian has the right to opt-in to the sale your Personal Information. Also, you may choose to opt-in after opting-out of the sale of your Personal Information if a Service requires the sale of your Personal Information. You may submit opt-in requests by clicking on this link https://hcahealthcare.com/about/legal/consumer-request-form.dot and completing the request form, emailing us at Personal Information Request or by calling us at 844-422-3282.
- Non-Discrimination. We may not discriminate against you because you exercise any of your rights under the CCPA, including, but not limited to:
- Denying goods or services to you;
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- Providing a different level or quality of goods or services to you; or
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
- Limited Rights of Job Applicants, Employees, Medical Staff Members, and Contractors. If you are a job applicant, employee, medical staff member, or contractor, to the extent that we collect information from you in your role as such, you have the right, at or before the point of collection, to know the categories of Personal Information that we will collect or have collected and the purposes for which we will use the categories of Personal Information.
You may submit requests for information by clicking on this link https://hcahealthcare.com/about/legal/consumer-request-form.dot and completing the request form, by emailing us at Personal Information Request or by calling us at 844-422-3282.
The categories of sources from which we collect Personal Information are:
- directly from you;
- directly from our web server logs; and
- with cookies and web beacons.
The chart below describes:
- The categories of Personal Information that we have collected about Consumers in the preceding twelve (12) months and may collect about you through our website, Portal, and Services.
- The categories of Personal Information that we have disclosed about Consumers for a business purpose in the preceding twelve (12) months.
- The categories of Personal Information that we have sold about Consumers in the preceding twelve (12) months.
|Category||Examples||Disclosed for a Business Purpose||Sold|
|Identifiers||Name, address, e-mail address, telephone number, date of birth, IP address||Yes||No|
|Personal Information categories described in Cal. Civ. Code § 1798.80(e)||Name, address, telephone number, insurance policy number, employment history, medical information, health insurance information||Yes||No|
|Protected classification characteristics under California or federal law||Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information)||Yes||No|
|Commercial information||Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies||Yes||No|
|Internet or other similar network activity||Internet protocol address, type of browser, number of links clicked within our Services, state or country from which you accessed our Services, date and time of visit, name of Internet service provider, third party websites you linked to from our Services, pages or information you viewed on our Services, number of times you have viewed an ad||Yes||No|
|Geolocation data||Region or postal code||Yes||No|
|Professional or employment-related information||Work experience, performance evaluations||Yes||No|
Your Nevada Privacy Rights
We may collect the following categories of covered information about you through our website, Portals, and Services when you visit the website and Portals or use the Services such as:
- First and Last Name;
- Physical Address;
- Email Address;
- Telephone Number; and
- User Name.
We may share such covered information with categories of third parties such as marketing.
Third parties may collect covered information about your online activities over time and across different Internet websites or online services when you use the website, Portals, or Services.
If you use or visit the website and Portal or use the Services you may review and request changes to any of your covered information that is collected through the website, Portal, or Services by calling 844-422-3282.
You may submit a verified request that we not sell any covered information that we have collected or will collect about you by calling 844-422-3282. After we receive your request and determine that it is a verified request, we will not sell any covered information that we have collected or will collect about you.
What if I am accessing the Portal from outside of the United States?
Protected Health Information
HealthTrust does not solicit, collect or need access to protected health information (“PHI”) to provide access to this site or perform most of our functions. To the extent PHI is not required by HealthTrust, you must refrain from sending us PHI. If you do engage HealthTrust to perform a service that involves HealthTrust having access to the personal information of your patients, each patient’s personal information in our possession will be kept confidential and protected as PHI as required by the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and the applicable provisions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. PHI will only be disclosed as required by state or federal law. This protection extends to PHI that is oral, written, or electronic. HealthTrust is committed to protecting PHI. If there is a breach of PHI, HealthTrust is required by law to notify the member.
Personally Identifiable Information
Use of our Services on the Portal may require or include pages giving you the opportunity to provide us with personal identifying information (“PII”) about yourself. If you choose not to provide this information, it may limit your ability to use certain functions of the site and/or request certain services or information. When you seek access to the Portal, we need to confirm it is you so we ask you for information such as your name and email or physical address and other information such as your date of birth (which we may also use to make sure you are eligible to use the Portal in accordance with the terms) and the answers to “secret questions” to which only you know the answers. This information may be used to help administer your user account and in managing your account. We may need to ask you for the information again when you sign in from a new device.
If collected, we will take reasonable measures to protect the confidentiality of Social Security numbers and limit access to those with a need for such information. We prohibit the unlawful disclosure of Social Security numbers.
Children May Not Use the Portal
We will never ask for or knowingly collect information from children through the Services or Portal. If you are a child, you are not permitted to use this service and should immediately exit our Services or Portal. If you think that we have collected personal information from a child through the Services or Portal, please contact us at firstname.lastname@example.org and we will dispose of the information as required by applicable law.
You may also contact us at:
Data Protection Officer
One Park Plaza
Nashville, TN 37203