Privacy Practices and Terms of Use

Notice of Privacy Practices (HIPAA)
Aviso de Practicas de Privacidad
Disclosure of Health Information
Online Privacy Policy and Cookie Notice
PolíItica de Privacidad en Línea y Aviso de Cookies

Online Privacy Policy and Cookie Notice

1. ONLINE PRIVACY POLICY AND COOKIE NOTICE

This Online Privacy Policy and Cookie Notice addresses the use and disclosure of information Cottage Health and/or its affiliates, including but not limited to Santa Barbara Cottage Hospital, Goleta Valley Cottage Hospital, Cottage Rehabilitation Hospital, Santa Ynez Valley Cottage Hospital, Cottage Children’s Medical Center, and Cottage Health’s specialty care, urgent care, lab services, and other partner or affiliated entities that reference this Privacy Policy and Cookie Notice (collectively, “Cottage Health,” “we,” “us,” or “our”), collect from you when you use or access CottageHealth.org, Cottage Health’s other websites, mobile applications, Cottage Health MyChart application, Cottage Health MyChart and other online services (“Cottage Health’s Online Services” or “Online Services”). This Online Privacy Policy and Cookie Notice supplements Cottage Health’s Online Services Terms of Use. By using or accessing our Online Services, clicking “I Accept,” or creating an account, you are consenting to this Online Privacy Policy and Cookie Notice and the collection of data described in this policy. If you do not consent, you may not use our Online Services.

Please also note that Cottage Health is not responsible for the privacy policies of third parties that operate any other website, application, or platform, even if it is linked from our Online Services. We recommend you review any third party’s privacy policies and cookie notices, if any, before using any third party website, application, or platform.

If you are a patient of Cottage Health, this Online Privacy Policy and Cookie Notice is separate from Cottage Health’s Notice of Privacy Practices, which addresses how Cottage Health collects, uses, and discloses your information that is considered protected health information under the Health Insurance Portability and Accountability Act (“HIPAA”). This Online Privacy Policy and Cookie Notice does not apply to information that is protected health information under HIPAA.

2. NOTICE TO NON-U.S. RESIDENTS AND NON-CALIFORNIA RESIDENTS

Cottage Health provides services in the State of California, in the United States. We are subject to certain United States federal laws and regulations and certain California state laws and regulations that govern the privacy and security of patient healthcare information. The data protection laws of other countries and other states may differ as to how your personal information is protected. As a non-U.S. resident or non-California resident, when you use our Online Services, provide your personal or other information to us, or direct your healthcare provider to provide your information to us, you consent that Cottage Health may process your information in the State of California, in the United States, subject to the applicable state laws of California and federal laws of the United States.

3. SITE SECURITY DISCLOSURE

Cottage Health’s Online Services have reasonable security measures in place to protect against the loss, misuse, and alteration of the information under our control; however, our online forms are not encrypted unless otherwise noticed, and information you input may be accessed by unauthorized users prior to you sending it to us. PLEASE NOTE THAT, BY ITS VERY NATURE, NO DATA STORAGE SYSTEM OR TRANSMISSION OF DATA OVER THE INTERNET OR OTHER PUBLIC NETWORK CAN BE ABSOLUTELY SECURE. COTTAGE HEALTH, ACCORDINGLY, CANNOT AND DOES NOT GUARANTEE THE COMPLETE SECURITY OF ELECTRONIC INFORMATION.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a login or password for access to certain parts of our Online Services, you are responsible for keeping this login and password confidential. We ask you not to share your login and password information with anyone.

4. WHAT TYPES OF INFORMATION DO WE COLLECT?

When you use our Online Services, we may collect information from or about you, as well as the device you have used to access and use the Online Services, in a variety of ways.

Information you provide directly to us: We collect and store information that you provide directly to us on or through the Online Services. For example, we collect information about you when you pay a bill, sign up for a newsletter or email bulletins, take a survey, make a donation, create an account or register for our Online Services, post comments on our sites, fill out a form, schedule an appointment, or otherwise communicate with us. Depending on the service, we may collect the following types of information from you, and we may use this information to contact you or combine that information with other information we have about you or your device:

Account information, such as your name, email address, password, postal address, billing address, shipping address, phone numbers, age, date of birth, drivers’ license number, and any other information you provide;
Transaction information, such as your health insurance information and limited payment information from you, such as payment method and payment card information;
Information about others, such as the names and the contact information of your providers, your representatives, and any dependents in your care;
Health information, that is not protected health information under HIPAA, such as your past and present medical condition, medication information, and treatment history; and
Other information you choose to provide, such as when you fill out a form; request an appointment; participate in a survey, assessment, contest, promotion or interactive area of the online services; live audio and video interactions; or request technical or customer support.

Browser or device information: We also collect certain information automatically when you use or navigate our Online Services, such as the following types of information. Cottage Health does not consider this information to be protected health information or personally identifying information:

Log File information, including where our servers record certain log file and usage information such as your computer’s Internet protocol (IP) address, browser type and language, operating system, referring URLs, date and time of your visit, pages viewed, links clicked, movements through the Online Services, and other information about your sessions activities on our Online Services.
Device information, such as the device used to access or use the Online Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information. If your device settings permit, we may also collect information about the precise location of your device and access and collect information from certain native applications on your device (such as your device’s camera, photo album and phonebook applications) to facilitate your use of certain features of the Online Services.

Cookies and similar tools: We may also use cookies, pixel tags, web beacons, embedded scripts, local objects, and similar tracking technologies to automatically collect and share the types of Log File and Device information described above. By using our Online Services, you consent to our use of cookies and similar technologies. See paragraph 8 below for additional information about our use of cookies.

Third parties and their tools: We may allow others to provide analytics, marketing, or other services on our behalf using cookies or other technologies to collect information about your use of our Online Services and other websites. We also place cookies of third parties, such as Google, Snapchat, DoubleClick, Facebook, LinkedIn, and HotJar, in the Online Services that track your interactions with the third party’s website, content, advertisements, website links, and/or other online services. Some of this information may be used for re-identification. Re-identification is a process by which anonymized data collected on our Online Services (for example, cottagehealth.org) are matched with personally identifiable information. Re-identified data are used, among other ways, to provide website users with a more relevant and user-friendly online experience.

5. HOW DO WE USE YOUR INFORMATION?

We use information we collect to, among other things, communicate with you, provide you with information, make features and functions in the Online Services available for your use, optimize your web experience or provide customer service, conduct research and analysis, market and advertise to you, enforce or apply our terms of use and other agreements, and improve, evaluate, or enhance our services and operations, including the Online Services. We may also de-identify or aggregate your data or otherwise combine information collected through different Online Services or portions of our Online Services.

With your permission, certain versions of our Applications can connect to Apple HealthKit or Google Fit to receive health information and to share that information with your healthcare providers.

6. HOW DO WE SHARE YOUR INFORMATION?

We share your information in the following ways: (1) with our third-party service providers, consultants, and vendors to maintain, improve, and protect our Online Services; (2) with other entities that are affiliates or subsidiaries of Cottage Health; (3) with our advertising partners in order to display advertisements that we think are relevant or of interest to you; (4) with a social media network platform when you access our Online Services while logged into a social network platform or when you post content from our Online Services to your social network platform; (5) in the course of legal proceedings or in response to legal orders or government requests, and as otherwise required by law; (6) as needed to support compliance and corporate governance functions; and (7) in connection with a transfer of ownership or assets, a corporate reorganization, merger, or acquisition. When you use the Online Services, you agree to our sharing of your information as described in this Online Privacy Policy and Cookie Notice.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We may retain the information identified above for an indefinite period of time, unless retention is prohibited or a different retention period for this information is required under applicable law.

8. COOKIES NOTICE

Please read this Cookies Notice carefully. It describes how we collect and store information, including through cookies, pixel tags, web beacons, embedded scripts, local objects, and similar tracking technologies (collectively referred to as “Cookies”) on our Online Services, the reasons we use Cookies, and how you can manage settings related to Cookies.

A. What are Cookies and why does Cottage Health use them?

A Cookie is a text file that is stored on your computer, mobile, or other device by your web browser when you visit or use an Online Service, and that your browser provides to us each time you return to the Online Service. Almost every website uses these files. Cookies may store certain information such as your internet protocol (“IP”) address, operating system, device information, browser type and language, referring URLs, access times, pages viewed, links clicked, movements through the Online Services, and other information about your activities or use of the Online Service.

Cookies are used to identify the content you view, the content you provide so that you do not have to re-enter it each time you visit our Online Services, and your preferences and settings. Cookies also help us provide you with customized content, speed navigation through our Online Services, allow us to learn about your visit and use of our Online Services, and to market our products and services to you on our Online Services and non-Cottage Health websites based on your interests and preferences. Cookies vary in duration. Session Cookies, for example, last for as long as your internet browser is open. Once the browser closes, the Session Cookies disappear. Persistent Cookies are stored on your device for longer periods. Both types of Cookies can create an identification that is unique to your device.

B. What types of Cookies does Cottage Health use?

We may use different types of Cookies, depending on the Online Service.

Strictly Necessary Cookies are essential to make the Online Service work. These Cookies are used for technical purposes such as enabling better navigation on the Online Services. Without these Cookies, Online Services cannot be provided or some of its features could be significantly diminished.

Performance Cookies are used for various performance purposes including tracking the number of visitors to the Online Service and information such as the number of views a page gets, how much time a user spends on a page, and other pertinent web statistics. These Cookies are used to improve the performance of the Online Services and the user experience.

Functional Cookies enable the Online Service to save information already entered (such as user names, language choices, and your location), so that it can offer you improved and more personalized functions. Functional Cookies are also used to enable features you request, such as playing videos.

Analytics Cookies are used with our Online Services from third parties, such as Google Analytics. These services use Cookies to collect information such as IP address, device ID, browser information, geolocation, content viewed, or other similar information for the purpose of analyzing and measuring how visitors use the Online Services and specific functions and features.

Marketing Cookies may be used to deliver advertisements to you based on your interests and preferences. These Cookies may also be used to collect data when you have interacted with our online advertisements. Data we may collect for advertising or marketing purposes includes information such as IP address, browser type, location (municipality, not home or street address), date and time of visit, domain type, and activity on the Online Service. We may use and share data from these Cookies with our advertising and marketing partners that enable us to present you with advertising on other sites, or with marketing information, based on your previous interaction with our Online Service. These Cookies also limit the frequency with which an advertisement appears and measure the effectiveness of advertising campaigns by determining whether you have visited an advertised webpage or our Online Service. We may permit selected marketing partners to match and identify you using this information.

We also place Cookies and other plug-ins of third parties, such as Google, Snapchat, DoubleClick, Facebook, LinkedIn, and HotJar, in the Online Services that track your interactions with our Online Services and that third party’s website, content, advertisements, website links, and/or other online services. These Cookies are linked to a user’s use of that third party’s online services. Third-party Cookies are managed by third-party service providers that also provide Cottage Health with statistical or analytical information and help us provide you with advertisements that we believe would be relevant for you. The information collection and use practices by such third parties are described in that third party’s privacy policies and cookies notices, not this Cookies Notice.

C. How to Manage and Disable Cookies

You can manage or disable certain Cookies by adjusting your browser or device settings. Browsers and devices are different, so refer to the settings menu of your browser or device control settings for instructions on how to change your Cookie preferences. If you choose not to receive Cookies, our Online Services, or portions of our Online Services, may not function properly or be available to you.

You may also manage Cookies placed by third parties such as Google by following the instructions provided by the third parties in their Cookie policies and notices. For information about clearing, enabling, and managing cookies in Google Chrome, for example, please visit the Google Chrome Help Center. To learn more about the use of Cookies by Google for analytics and to exercise choice regarding those Cookies, please visit the Google Analytics Opt-out Browser Add-on.

You also may be able to opt-out from having certain of our third-party marketing partners use Cookies on our Online Services to collect data for marketing purposes. Some of these advertising partners are members of the Network Advertising Initiative (“NAI”). To remove yourself from some or all NAI member advertising programs as further described in the NAI Opt-Out Page, please visit the NAI Opt-Out Page, https://optout.networkadvertising.org, and follow the relevant instructions. Please note that if you delete, block, or otherwise restrict Cookies on your computer, or if you use a different computer or Internet browser, you may need to renew your NAI opt-out choice.

9. MOBILE APPLICATION PRIVACY POLICY

Our mobile applications, including the Cottage Health MyChart App for iOS and Android, connect to servers and systems operated and maintained by Cottage Health to provide users with secure, mobile access to information in those servers and systems. We refer to our mobile applications as “mobile apps” in this policy, and this paragraph 9 supplements the paragraphs above and provides additional information about how we collect, use, and share your information when you use our mobile apps.

A. The Ways We Use Your Information

Our mobile apps may interact with your sensitive data to provide certain features, such as video visits or mobile appointment check-in. The first time you try to use any of these features, we will ask for your consent within the app and will only allow you to use a feature if you give consent. You do not have to provide consent if you do not want to allow our mobile apps to interact with your data as requested. The Cottage Health MyChart app is developed by Epic Systems Corporation; please refer to Epic’s Mobile Application Privacy Policy for Patients [https://www.epic.com/about/privacypolicies#mobile-policy-patient] for more detailed information about the limited ways they may interact with your information to make your use of our mobile apps possible.

The Cottage Health MyChart app may offer location-based check-in for in-person appointments or allow you to find healthcare providers near you. The first time you try to use any features that use your location, we will ask for your consent within the app and will only access your location if you give consent. You do not have to provide consent if you do not want to allow the Cottage Health MyChart app to use your location. We do not store your location data.

You may contact us through the methods listed on our website here. If you contact us, we may keep a record of the communication. You can decide how much information you want to share with us in those cases.

B. How We Protect Your Information

We use technical controls and safeguards to protect the privacy, security, integrity, and availability of your information in our mobile app.

We enable the use of multi-factor authentication for users of our mobile apps by default. Multi-factor authentication is required when you use our mobile apps unless your healthcare organization makes or allows changes to this control.
We use https for secure communication between servers.
When we store data on your mobile device, we store it in app-private storage that cannot be accessed by other apps.
Before data is shared from our mobile apps, we provide in-app notifications so you can choose if you want to share the data.
We disable screen-shot functionality by default for Android devices, and allow Android users to choose if they want to enable the function. We cannot disable this functionality in iOS.
We maintain internal policies and processes that limit access to your information to our staff who need to know the information to perform their jobs.
We maintain internal data retention and deletion policies to help us ensure we only store information about your use of our mobile apps as we describe in this policy.

You can take other steps to protect your information:

Do not share the username and password you use with our mobile apps.
Change your password immediately if you believe any unauthorized access has occurred.
Use the security tools on devices you use with our mobile apps.
Do not root or jailbreak devices you use with our mobile apps. Doing so can create security risks by removing your devices’ built-in security measures and exposing sensitive information on your device.

10. DO NOT TRACK DISCLOSURE

We do not respond to web browser Do Not Track signals at this time.

11. CHILDREN

The Children’s Online Privacy Protection Act of 1998 (COPPA) addresses how information is gathered and used from children under the age of 13. While Cottage Health is a non-commercial, nonprofit organization not subject to COPPA, we are serious about children’s privacy. Cottage Health’s Online Services are directed at an adult audience and are not intended or designed to attract children under the age of 13, and with the exception of certain information in Cottage Health MyChart as authorized by law, we do not knowingly collect, maintain, or use personal information from children under 13 years of age.

If you learn that your child has provided us with personal information through our Online Services without your consent, you may alert us at medicalrecords@cottagehealth.org. If we learn that a child has provided such personal information, except as required and authorized by law, we will take steps to delete such information.

12. MODIFICATION

Cottage Health can modify this Online Privacy Policy and Cookie Notice at any time and such modifications will become effective and binding upon posting online. Also, new services, terms, and specific cookies may be added from time to time without prior notice to you. Please review this Online Privacy Policy and Cookie Notice periodically, as you will be bound and deemed to have notice of any changes with continued use of the Online Services.

13. CONTACT INFORMATION

Should you have any questions or want more information regarding this Online Privacy Policy and Cookies Notice, the Terms of Use, or the collection, retention, or management of any information on Cottage Health’s Online Services, please send an email to: webquestions@sbch.org.

14. REVISION INFORMATION

This Online Privacy Policy and Cookie Notice was last updated on 10/24/2022.