Privacy Policy

Effective December 17, 2020

Saint Luke’s Health System, Inc. (“Saint Luke’s”, “we”, “us” or “our”) respects your privacy and is committed to protecting it through our compliance with this policy.  This Privacy Policy explains how we collect, use, and disclose information that we collect  through the Saint Luke’s website, portals, mobile and desktop applications, email and messaging platforms, and any other websites we may provide that link to this Privacy Policy (collectively, our “Services”).  By using the Services, you agree to accept this Privacy Policy.

Collection of Personally Identifiable Information and Protected Health Information

We and our service providers collect several types of information from users through our Services, including:

  • Personal information that relates to you, identifies you, or can reasonably be expected to identify you, such as name, address, job title, email address, telephone number or payment information, such as your credit card number, expiration date, and credit card security code (we refer to this type of information as “Personally Identifiable Information” or “PII”).
  • Personal information that relates to you, identifies you, or can reasonably be expected to identify you, in relation to past, present, or future health care services provided to you (we refer to this as “Protected Health Information” or “PHI”).

Collection of Personally Identifiable Information from Third Parties

  • If you access the Services from an advertisement on a third-party website, application, or other service (a “Third-Party Service”) we may receive information from the owner of the Third-Party Service related to you or that advertisement.
  • We may also receive information about you from other sources, including through third-party services and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (e.g. through direct mail). For example, if you access third-party services, such as Facebook, LinkedIn, Google, or Twitter, through the Services to login to the Services or to share information about your experience on the Services with others, we may collect information from these third-party services.

Third Party Payment Service

  • We may use a third-party payment service to process payments or donations made through the Services.  If you wish to make a payment or donation through the Services, your Personally Identifiable Information may be collected by such third party and not by us, and will be subject to the third party’s privacy policy, rather than this Privacy Policy.  We are not responsible for the third party’s collection use and disclosure of your Personally Identifiable Information.

Personally Identifiable Information of Others

  • If you disclose any Personally Identifiable Information relating to other people to us or our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

Collection of Other Information

We collect other information you provide to us that doesn’t reveal your specific identity (we refer to this as “Other Information”), which includes:

  • Information we collect automatically such as your computer’s Internet protocol (“IP”) address, device identifiers, browser type, operating system, Internet service provider, and other standard server log information.
  • Information collected through cookies.
  • Demographic or other information provided by you that doesn’t reveal your identity.
  • Aggregate information that doesn’t reveal your identity.
  • Location information such as your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers.

Our Services Use Cookies

In addition to collecting information that you submit to us, we also rely on "cookies." A cookie is a text file that a website transfers to your hard drive for record-keeping purposes. Every computer is assigned a different cookie but our cookie does not contain or collect your name or other personal identifying information. When you revisit our Services, the cookie allows us to recognize you, your age, your gender, your interests and your preferences. We also use cookies to help track the level of interest in different features on our Services and to compile data that can help us improve our content.

Your browser software can be set to reject all cookies, including cookies from our Services. Most browsers offer instructions on how to reset the browser to reject cookies in the help section of the toolbar, such as the Google Analytics Opt-out Browser Add-on. If you would like to learn more about these practices, visit the Network Advertising Initiative.

If you reject our cookie, certain functions and conveniences of the Services may not work properly. By using the Services, you consent to our use of cookies and similar technologies.  We do not currently respond to browser do-not-track signals.

Information Provided through Your Browser or Device

We may also collect technical data to address and fix technical problems and improve our Services. Your device or browser settings may permit you to control the collection of this technical data. By using the Services, you are consenting to us or any party acting on our behalf collecting this technical data.

Information Provided through Your Use of Applications

When you download and use our applications, we and our service providers may track and collect application usage data.

Physical Location

We may collect the physical location of your device by using satellite, cell phone tower or WiFi signals.  We may use your device’s physical location to provide you with personalized location based services and content.  In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you do, we may not be able to provide you with the applicable personalized services and content.

HIPAA Policies

In addition to this Privacy Policy, Protected Health Information provided to us via the Services is also subject to our Notice of Privacy Practices. The Notice of Privacy Practices is a separate document that governs how medical information about you may be used and disclosed by us and also describes your rights with respect to your Protected Health Information. This Privacy Policy supplements the Notice of Privacy Practices. If there is ever any conflict between this Privacy Policy and the Notice of Privacy Practices as it relates to collection and use of Protected Health Information, the Notice of Privacy Practices will apply. The Notice of Privacy Practices does not apply to information that is not Protected Health Information.

How We Use Your Information

We strive to maintain your privacy, confidentiality and security at all times. Saint Luke’s uses the information you provide to us, including any Personally Identifiable Information to:

  • Present our Services and its contents to you
  • Provide you with information and services that you request from us, including Foundation-related fundraising activities
  • Personalize your experience and inform you about the services in which you have indicated an interest
  • Contact you and to respond to your questions
  • Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection
  • Send you information about additional services or general wellness from us or on behalf of our affiliates
  • Prevent potentially prohibited or illegal activities in accordance with our Terms of Use
  • Comply with applicable law
  • Communicate changes to our Privacy Policy and Terms of Use
  • For purposes of human resources recruiting and processing your employment application
  • In other ways we may describe when you provide the information
  • For any other purpose with your consent

In addition, we may use, disclose or transfer your information to a third party in the event of any reorganization, merger, sale or other disposition of all or any portion of our business or assets.

Use and Disclosures of Other Information

We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law.

Our Security Measures

We use encryption practices and security controls that meet or exceed industry standards that are designed to help protect the confidentiality and integrity of the Personally Identifiable Information and/or Protected Health Information you provide to us.

You should, however, be aware that there is always some risk involved in transmitting information via the Internet.

Your Role, Responsibilities and Risks

Where you use a Service that is secured with a username and password, you are responsible for taking steps to protect the privacy of such credentials. In order to protect your privacy, you should:

  • Never share your username or password;
  • Always sign out when you are finished using the Service;
  • Use only secure web browsers;
  • Employ common anti-virus and anti-malware tools on your system to keep it safe;
  • Use a strong password with a combination of letters and numbers;
  • Change your password often; and
  • If you believe your login and/or password have been compromised change your password immediately and notify us in accordance with the “Contacting Us” section below.

If you share your username and password with another person, this will allow that person to see your confidential medical record information. We have no responsibility concerning any breach of your confidential medical record information due to your sharing or losing your user name or password.

Our Relationship with Third Parties

Additionally, we work with several types of third party vendors including those that provide products and services that we integrate into our Services and organizations that maintain the Services. These third-party vendors and service providers may not use your information for purposes other than those related to the services they are providing to us.

On occasion, Saint Luke’s may share the personal data you provide to us with other Saint Luke’s entities, affiliates and/or business partners who are acting on our behalf to help us provide you with our services. These relationships differ from our standard business partner relationship in which we license content or a product for integration. These situations include:

Sponsored or co-branded sites

We allow other companies to make services and/or content available to you, sometimes on a sponsored or co-branded basis. To access the services on a sponsored or co-branded website, you may have to complete an online registration form in addition to the registration you completed for us. Whenever you provide registration information on sponsored or co-branded websites, data can be collected. You should read the individual privacy policies of sponsored or co-branded sites and make an informed decision on whether or not you want to use the site.

External links

We feature external links to other websites that we believe you might find useful; however, we do not endorse these sites. Additionally, unless otherwise noted in this section, links to other sites are provided strictly for informational purposes and are not based on any fees or reimbursements paid to Saint Luke's Health System for “clicks.” We are not responsible for the privacy practices of these external sites. We will make every effort to notify you when you are leaving our site and we encourage you to read the Privacy Policy of each site you visit that may collect information or ask you to disclose personal information and/or health-related personal information.

In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, LinkedIn, Google, Apple, or Twitter or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personally Identifiable Information you disclose to other organizations through or in connection with the Services.

With your permission, our Services may connect to health apps such as Apple HealthKit or Google Fit to receive health information and to share that information with your healthcare providers.  Our Services do not share your Protected Health Information with HealthKit, Google Fit or other software enabled with these health apps.

Health Information Exchange

Health information exchanges make patient health information easily accessible between organizations. Saint Luke’s Health System participates in various electronic health information exchanges. Learn more at saintlukeskc.org/HIE.

Children's Policy

The Services are not directed to individuals under the age of 18 and we do not knowingly collect Personally Identifiable Information from individuals under 18. If we learn that we have inadvertently collected information from an individual under the age of 18, that information will be promptly and permanently removed from our servers.

Your Privacy Choices

To opt-out of data collection, make any changes or updates, or request that information be deleted, you have several choices:

Communications Opt-out

We may send you emails with information that we think you might find useful including promotions, announcements of new services and products, and newsletters on particular health topics. You may opt-out of marketing messages at any time by clicking the Unsubscribe link located in the footer of every email sent by Saint Luke’s Marketing Department or by calling Saint Luke’s Concierge at 816-932-5100.  You may ask to have your medical record marked as “Do Not Solicit” during clinic or hospital registration.  We will try to comply with your requests as soon as reasonably practicable.  Please note we may still send you important administrative messages from which you cannot opt-out.

You may also participate in our personalized email reminder system through mySaintLuke’s that sends an email reminding you of certain health-related activities such as a doctor's visit or to schedule tests. If you decide, at any time, that you no longer wish to receive these emails you may update your notification preferences within the mySaintLuke’s patient portal.

You may also receive email notifications from other Saint Luke’s programs, such as patient satisfaction surveying, patient education, online appointment scheduling, Foundation, etc. Each program has a unique opt-out process which is communicated by the program.

For more information on opting-out of a Health Information Exchange (HIE), please visit saintlukeskc.org/HIE.

Remove or delete Personally Identifiable Information

You may remove previously provided Personally Identifiable Information collected in conjunction with our Services at any time by contacting us in writing at 901 E. 104th St., Mailstop 800-NE, Kansas City, Missouri 64131 or email webmaster@saint-lukes.org.

Users should be aware that it is not always technically possible to remove or delete the information you provide to us. We back-up our systems to protect information from inadvertent loss, and that means a copy of your Personally Identifiable Information may exist in a non-erasable form that may be difficult or impossible for us to locate. Nevertheless, upon receiving your request we will try to remove or delete all Personally Identifiable Information stored in the databases that we use for research and daily business activities. We will not intentionally disclose any Personally Identifiable Information stored in a non-erasable format after receiving your request for removal, except as required by law.

Remove or delete Protected Health Information

Removal of your Protected Health Information is subject to our Notice of Privacy Practices.  There are certain restrictions on your ability to correct, update, or remove the Protected Health Information you enter into a personal health record. If your doctor or other health care professional has access to your personal health record and they add information to that record, your personal health record could be considered an official medical record for legal purposes. In this case, information cannot be deleted or removed, only updated or annotated. If you believe information contained in your medical record is incorrect, you may request an Amendment to the information. To request an amendment to your personal medical records, read through the instructions contained within the Request For Amendment form located on the Compliance and Privacy page on the website.  You may return the completed form in person to any Saint Luke’s Medical Record Department, submit the form through email at privacy@saintlukeskc.org or via mail to the mailing address listed on the form.

Retention Period

We will retain your Personally Identifiable Information for as long as needed or permitted in light of the purpose(s) for which it was obtained.  The criteria used to determine our retention periods include: (i) the length of time we have a relationship with you and provide the Services; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position.

International Users

The Services are controlled and operated by Saint Luke’s from the United States and are not intended to subject us to the law or jurisdiction of any state, country or territory other than that of the United States.  By using the Services and providing us with information, you understand and agree that your information may be transferred to and stored on servers located outside your resident jurisdiction and, to the extent you are a resident of a country other than the United States, that you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy.

Changes to the Privacy Policy

We may update this Privacy Policy from time to time. When we update the Privacy Policy, we will revise the “Effective Date” date above and post the new Privacy Policy.  Any changes will become effective when we post the revised Privacy Policy.  Your use of the Services following these changes means that you accept the revised Privacy Policy. We recommend that you review the Privacy Policy each time you visit the Services to stay informed of our privacy practices.

Questions or comments?

If you have any questions or comments regarding this Privacy Policy, please contact us at privacy@saintlukeskc.org or write us at Saint Luke's Health System: ATTN: System Privacy Officer, 901 E. 104th Street – Mailstop 3000-S, Kansas City, MO 64131.  Because email messages are not always secure, please do not include sensitive information in your emails to us.