Effective December 17, 2020
Collection of Personally Identifiable Information and Protected Health Information
We and our service providers collect several types of information from users through our Services, including:
Personal information that relates to you, identifies you, or can reasonably be expected to identify you, such as name, address, job title, email address, telephone number or payment information, such as your credit card number, expiration date, and credit card security code (we refer to this type of information as “Personally Identifiable Information” or “PII”).
Personal information that relates to you, identifies you, or can reasonably be expected to identify you, in relation to past, present, or future health care services provided to you (we refer to this as “Protected Health Information” or “PHI”).
Collection of Personally Identifiable Information from Third Parties
If you access the Services from an advertisement on a third-party website, application, or other service (a “Third-Party Service”) we may receive information from the owner of the Third-Party Service related to you or that advertisement.
We may also receive information about you from other sources, including through third-party services and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (e.g. through direct mail). For example, if you access third-party services, such as Facebook, LinkedIn, Google, or Twitter, through the Services to login to the Services or to share information about your experience on the Services with others, we may collect information from these third-party services.
Third Party Payment Service
Personally Identifiable Information of Others
Collection of Other Information
We collect other information you provide to us that doesn’t reveal your specific identity (we refer to this as “Other Information”), which includes:
- Information we collect automatically such as your computer’s Internet protocol (“IP”) address, device identifiers, browser type, operating system, Internet service provider, and other standard server log information.
- Information collected through cookies.
- Demographic or other information provided by you that doesn’t reveal your identity.
- Aggregate information that doesn’t reveal your identity.
- Location information such as your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers.
Your browser software can be set to reject all cookies, including cookies from our Services. Most browsers offer instructions on how to reset the browser to reject cookies in the help section of the toolbar, such as the Google Analytics Opt-out Browser Add-on. If you would like to learn more about these practices, visit the Network Advertising Initiative.
Information Provided through Your Browser or Device
We may also collect technical data to address and fix technical problems and improve our Services. Your device or browser settings may permit you to control the collection of this technical data. By using the Services, you are consenting to us or any party acting on our behalf collecting this technical data.
Information Provided through Your Use of Applications
When you download and use our applications, we and our service providers may track and collect application usage data.
We may collect the physical location of your device by using satellite, cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location based services and content. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you do, we may not be able to provide you with the applicable personalized services and content.
How We Use Your Information
We strive to maintain your privacy, confidentiality and security at all times. Saint Luke’s uses the information you provide to us, including any Personally Identifiable Information to:
- Present our Services and its contents to you
- Provide you with information and services that you request from us, including Foundation-related fundraising activities
- Personalize your experience and inform you about the services in which you have indicated an interest
- Contact you and to respond to your questions
- Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection
- Send you information about additional services or general wellness from us or on behalf of our affiliates
- Comply with applicable law
- For purposes of human resources recruiting and processing your employment application
- In other ways we may describe when you provide the information
- For any other purpose with your consent
In addition, we may use, disclose or transfer your information to a third party in the event of any reorganization, merger, sale or other disposition of all or any portion of our business or assets.
Use and Disclosures of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law.
Our Security Measures
We use encryption practices and security controls that meet or exceed industry standards that are designed to help protect the confidentiality and integrity of the Personally Identifiable Information and/or Protected Health Information you provide to us.
You should, however, be aware that there is always some risk involved in transmitting information via the Internet.
Your Role, Responsibilities and Risks
Where you use a Service that is secured with a username and password, you are responsible for taking steps to protect the privacy of such credentials. In order to protect your privacy, you should:
- Never share your username or password;
- Always sign out when you are finished using the Service;
- Use only secure web browsers;
- Employ common anti-virus and anti-malware tools on your system to keep it safe;
- Use a strong password with a combination of letters and numbers;
- Change your password often; and
- If you believe your login and/or password have been compromised change your password immediately and notify us in accordance with the “Contacting Us” section below.
If you share your username and password with another person, this will allow that person to see your confidential medical record information. We have no responsibility concerning any breach of your confidential medical record information due to your sharing or losing your user name or password.
Our Relationship with Third Parties
Additionally, we work with several types of third party vendors including those that provide products and services that we integrate into our Services and organizations that maintain the Services. These third-party vendors and service providers may not use your information for purposes other than those related to the services they are providing to us.
On occasion, Saint Luke’s may share the personal data you provide to us with other Saint Luke’s entities, affiliates and/or business partners who are acting on our behalf to help us provide you with our services. These relationships differ from our standard business partner relationship in which we license content or a product for integration. These situations include:
Sponsored or co-branded sites
We allow other companies to make services and/or content available to you, sometimes on a sponsored or co-branded basis. To access the services on a sponsored or co-branded website, you may have to complete an online registration form in addition to the registration you completed for us. Whenever you provide registration information on sponsored or co-branded websites, data can be collected. You should read the individual privacy policies of sponsored or co-branded sites and make an informed decision on whether or not you want to use the site.
Health Information Exchange
Health information exchanges make patient health information easily accessible between organizations. Saint Luke’s Health System participates in various electronic health information exchanges. Learn more at saintlukeskc.org/HIE.
The Services are not directed to individuals under the age of 18 and we do not knowingly collect Personally Identifiable Information from individuals under 18. If we learn that we have inadvertently collected information from an individual under the age of 18, that information will be promptly and permanently removed from our servers.
Your Privacy Choices
To opt-out of data collection, make any changes or updates, or request that information be deleted, you have several choices:
We may send you emails with information that we think you might find useful including promotions, announcements of new services and products, and newsletters on particular health topics. You may opt-out of marketing messages at any time by clicking the Unsubscribe link located in the footer of every email sent by Saint Luke’s Marketing Department or by calling Saint Luke’s Concierge at 816-932-5100. You may ask to have your medical record marked as “Do Not Solicit” during clinic or hospital registration. We will try to comply with your requests as soon as reasonably practicable. Please note we may still send you important administrative messages from which you cannot opt-out.
You may also participate in our personalized email reminder system through mySaintLuke’s that sends an email reminding you of certain health-related activities such as a doctor's visit or to schedule tests. If you decide, at any time, that you no longer wish to receive these emails you may update your notification preferences within the mySaintLuke’s patient portal.
You may also receive email notifications from other Saint Luke’s programs, such as patient satisfaction surveying, patient education, online appointment scheduling, Foundation, etc. Each program has a unique opt-out process which is communicated by the program.
For more information on opting-out of a Health Information Exchange (HIE), please visit saintlukeskc.org/HIE.
Remove or delete Personally Identifiable Information
You may remove previously provided Personally Identifiable Information collected in conjunction with our Services at any time by contacting us in writing at 901 E. 104th St., Mailstop 800-NE, Kansas City, Missouri 64131 or email firstname.lastname@example.org.
Users should be aware that it is not always technically possible to remove or delete the information you provide to us. We back-up our systems to protect information from inadvertent loss, and that means a copy of your Personally Identifiable Information may exist in a non-erasable form that may be difficult or impossible for us to locate. Nevertheless, upon receiving your request we will try to remove or delete all Personally Identifiable Information stored in the databases that we use for research and daily business activities. We will not intentionally disclose any Personally Identifiable Information stored in a non-erasable format after receiving your request for removal, except as required by law.
Remove or delete Protected Health Information
Removal of your Protected Health Information is subject to our Notice of Privacy Practices. There are certain restrictions on your ability to correct, update, or remove the Protected Health Information you enter into a personal health record. If your doctor or other health care professional has access to your personal health record and they add information to that record, your personal health record could be considered an official medical record for legal purposes. In this case, information cannot be deleted or removed, only updated or annotated. If you believe information contained in your medical record is incorrect, you may request an Amendment to the information. To request an amendment to your personal medical records, read through the instructions contained within the Request For Amendment form located on the Compliance and Privacy page on the website. You may return the completed form in person to any Saint Luke’s Medical Record Department, submit the form through email at email@example.com or via mail to the mailing address listed on the form.
We will retain your Personally Identifiable Information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have a relationship with you and provide the Services; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position.
Questions or comments?