Sutter Health, or any of Sutter Health's affiliates, is committed to providing you with quality health care and fostering a relationship built on trust. This trust is built, in part, on our commitment to respect the privacy and confidentiality of your medical information. Sutter Health has put into place detailed policies and procedures regarding access to all health records by our staff and employees. We have also carefully outlined the circumstances under which your medical information may be released to parties outside the organization in compliance with state and federal laws.

Collecting and Using Personal Information

My Health Online may collect identifiable information about individuals who use its services in the following ways:

E-mails — My Health Online may use your email address to send you notifications. You may change your communication preferences at any time. 

SMS — My Health Online may use your phone number to send text messages related to your relationship with Sutter Health, including updates related to your visits, My Health Online account, one-time passcode, billing notifications, prescription reminders, and care management.

You may change your communication preferences at any time. You can opt-out of SMS messages by texting STOP in response to a Sutter text message. Your opt-out request will generate one final message confirming that you have been unsubscribed. You will no longer receive SMS messages from the short code you opted out from. If you want to join again, sign up using My Health Online or text HELP to the short code for instructions.

The standard text message and data rates may apply depending on your mobile plan. Carriers are not liable for delayed or undelivered messages. Message frequency may vary.

Messages — My Health Online may contain forms for comments, questions, messages and referrals to certain services. Messages sent through My Health Online may become part of your medical record. 

Location Services — My Health Online may use your location data to notify front desk staff when you arrive for an appointment or to suggest healthcare providers that are near you. My Health Online will not store your location data.  You can always change your location preferences, including ‘background location’, within the My Health Online application under “Account Settings” or on your device. Sharing of location information is not required to use the My Health Online application.

Camera — My Health Online may use your camera to take new photos or to capture and transmit video for video visits. You choose if you want to use photos to personalize your account or send them as file attachments when you send messages to your healthcare providers.  

Microphone — My Health Online may use your microphone to capture audio for video visits. My Health Online will not store your audio data.

Storage — My Health Online may access your device's storage to read and write files and photos you choose to use in My Health Online. These files and photos may be used as attachments that are sent to your provider or they may be created from attachments sent to you from your provider. These files or photos may also be used to set your profile photo in My Health Online.

Bluetooth – My Health Online may access your device's Bluetooth to detect other nearby devices.  This information will be used to notify front desk staff when you arrive for an appointment.  My Health Online will not store your Bluetooth data.

Phone Call – My Health Online may use your phone to call phone numbers displayed in the app. My Health Online will not store your call history or other call data.

Health and Fitness Platforms -- Apple HealthKit and Google Fit integration enables the voluntary sharing of certain medical information from your device to your Sutter provider. Answering questionnaires and surveys about my health conditions enable voluntary sharing of information about your health status or condition. Any shared data and questionnaire answers are not reviewed or monitored on any routine basis. Any received data and questionnaire answers may be evaluated during appointments or other encounters determined by the provider. Shared data cannot be used to determine an emergency – if at any time you feel you are experiencing a medical emergency, please call 911.

For Android Users – Required Google Play Disclosures for Certain Health Apps

My Health Online was not created specifically for the COVID-19 pandemic. My Health Online existed before the COVID-19 pandemic to allow users to access their health information on file with Sutter Health. My Health Online and Sutter Health permits users to access COVID-19 related vaccination information, laboratory test results, and documents with illness-related information maintained by your health care organization. You may choose if or how you want to access, display, or use COVID-19 data, similar to how you use other health related information to make decisions about other conditions, services, tests, or vaccinations.

My Health Online accesses, uses and shares your information as stated in the above section titled “Collecting and Using Personal Information.”

My Health Online may interact with your sensitive data to provide certain features, such as video visits or mobile appointment check-in. The first time you try to use any of these features, we will ask for your consent within the app and will only allow you to use a feature if you give consent. You do not have to provide consent if you do not want to allow My Health Online to interact with your data as requested. My Health Online is developed by Epic Systems Corporation; please refer to Epic’s Mobile Application Privacy Policy for Patients for more detailed information about the limited ways they may interact with your information to make your use of My Health Online possible.

Third-Party Vendors

Sutter Health may contract with third-party vendors to assist in the delivery of the My Health Online service. These third parties have contracted with us to only use your personal data for the agreed upon purpose, and not to sell, use or disclose your information, except as may be permitted by law. A third-party vendor will be governed by its own privacy statements, and Sutter Health is not liable for any breach or loss of information by a contracted vendor.

Your Online Health Record

Accessing Your Online Health Record through My Health Online — We request a limited set of identifying information from you for authentication purposes in order to grant you access to the Web site and to customize your experience. We will not disclose any personal information that might identify you, such as your full name, street address, telephone number, credit card number or e-mail address to any third party other than as allowed or required by state and/or federal regulations.

Electronic Interactions — My Health Online offers our patients secure, encrypted, Web- and mobile-based electronic interactions. Messages and attachments you send to your care team via your online account or images captured via video interaction with your clinician may be incorporated in your permanent health record. Once a message, attachment or image capture is made part of your record, it will be accessible to your care team. If your Sutter Health clinician is out of the office or unavailable to respond, messages you send to them may be routed to other authorized clinicians within Sutter Health in order to facilitate a timely response to your request or question. While you may receive Internet e-mail messages notifying you of new messages in your account Inbox, these e-mails will not contain any personal health information.

Protecting your Username and Password — It is extremely important that you keep your Login ID and password completely confidential. Anyone with access to your Login ID and password may be able to login to your account and view your medical information, add comments to your record, and communicate with your care team. It is your responsibility to prevent disclosure of your Login ID and password and to change your Login ID and password if you feel that their security has been compromised. You can change your password by logging into your account and clicking the "Password Settings" link in the "Profile" section of the top menu. If you have any questions regarding the security of your password, please call our patient services department at (800) 4Sutter.

Contents of Electronic Messages — It is always best for you and your clinician to agree on the type of electronic communication that may be most appropriate for you. Using electronic communication for solicitation purposes is prohibited. All Sutter Health-generated EHR content is subject to state and federal statutes governing the security and confidentiality of health records. 

Patient Entered Data and Questionnaires — You may occasionally be asked to complete patient surveys. Sutter Health may analyze information submitted via your account as part of descriptive (demographic) studies and reports.

Review & Purpose of Health Content

Content Created by Individual Health Care Professionals at Sutter Health — My Health Online and Sutter Health’s websites may contain content created or written by individual health care professionals at Sutter Health, including answers to frequently asked questions, blogs, other written material or content of streaming audio lectures. This content is the opinion of the author(s) and not necessarily reflect the opinion of your clinician, Sutter Health or any Sutter Health affiliate. This information is provided for your general information and education purposes only, and should not be relied upon for personal diagnosis or treatment.

Purpose of Health Content — All health-related information provided via Sutter Health's Web Site is intended to educate and inform visitors about illnesses, conditions and ways to maintain optimum health. While we try to keep the information as accurate as possible, we disclaim any implied warranty or representation about its accuracy or completeness. You assume full responsibility for using the information on this site. Sutter Health is neither responsible nor liable for any claim, loss or damage resulting from the use of information on this site. Information on Sutter Health's Web Site is not intended to nor should it be used to diagnose personal physical conditions and is not a substitute for consultation with one's own personal clinician or in lieu of seeking emergency services.

Links to Outside Web Sites — Sutter Health's Web site has numerous links to outside Internet pages, which might have information on health topics of interest to you. Sutter Health, however, does not sponsor or endorse any of these sites, nor does Sutter Health make any guarantee, warranty or representation regarding the accuracy of the information contained on the Web sites. In addition, Sutter Health has no control over the privacy or security practices of external Web sites. You should read and understand the policies of all Web sites with respect to these practices. These links are provided for your general information and education only, and should not be relied upon for personal diagnosis or treatment. If you have questions, please contact your clinician.

MedlinePlus — Sutter Health's Web site contains third-party health information and educational material provided by MedlinePlus. MedlinePlus is an online information service produced by the United States National Library of Medicine. The site brings together information from the National Library of Medicine (NLM), the National Institutes of Health (NIH), other U.S. government agencies, and health-related organizations. Sutter Health does not sponsor or endorse MedlinePlus, nor does Sutter Health make any guarantee, warranty or representation regarding the accuracy of the information contained on MedlinePlus.To learn more about the MedlinePlus public service, please read Medline Plus’s Quality Guidelines, Medline Plus’ Disclaimers and Medline Plus’s Privacy Policy.

Security Measures

Protecting your confidential health information is a top priority at Sutter Health. In addition to applying stringent confidentiality policies that govern access and use of information by Sutter Health clinicians and staff, we have implemented security features and methods to protect your data in My Health Online including the following:

• Multi-factor Authentication — We enable the use of multi-factor authentication for My Health Online by default. You may choose to opt out of multi-factor authentication.
• Encryption — We encrypt the communication from your Web browser to our secure Web server.
• Firewall — Personal health information is stored in the secure EHR, protected from the Internet by a firewall.
• Policies and Procedures — We maintain internal policies and procedures that limit access, use, disclosure, and retention of your information by our workforce. 
• Session timeout — After a period of inactivity, the logon session will time out.
• Monitoring — We monitor the Web server for evidence of unauthorized break-in attempts. We apply the latest security patches.

Revisions to this Privacy and Security Policy

As state and federal laws change, and as we add new features to our Web site, Sutter Health may periodically revise this Privacy and Security Policy. Any revision of this policy will apply to all information we already have about you at the time of the change and any personal information that is gathered about you after this time. Any future updates to this policy are effective as soon as they are published.

Questions, Concerns and Contact Information

For questions, concerns, and suggestions about the content on My Health Online, contact us. Note, email to us via this link is not encrypted or secure so please do not include any personal health information in your email.

For questions or to view Sutter Health’s Notice of Privacy Practices, please visit www.sutterhealth.org/privacy.