The California Consumer Privacy Act (CCPA) is a state privacy law which protects your rights, as a California resident, to determine how your data is tracked and used. As a consumer, you have the right to ask businesses to provide the personal information collected on you, and to request the data be deleted, and to opt out of the sale of your data, and the right to protection from discrimination for exercising your rights under the CCPA.

Consumers now have the following rights under the CCPA:

• Right to Know and Access
• Right to Delete
• Right to Opt Out
• Right to Non-Discrimination

This means you, the consumer, have the right to ask Sutter Health to provide information we have collected on you, and to opt out of the sale of your data, to have Sutter delete your data, and to protection from discrimination for exercising your rights under the CCPA.

The CCPA defines personal information as information that identifies, describes, or could reasonably be linked with a particular individual or a household.  Some examples listed in the CCPA are your name, address, email address, IP (internet protocol) address, or passport numbers.

Sutter Health does not sell your information for monetary payments.  Sutter complies with HIPAA and with California’s Confidentiality of Medical Information Act. However, the definitions of ‘personal information’ and ‘sale’ under the CCPA are uniquely broad. Because of the breadth of these definitions under the CCPA, Sutter has provided opt out links. If you wish to opt out of third-party sharing, please visit our Privacy Request Form - Do Not Sell My Personal Information.

No. The CCPA does not apply to medical information governed by the Confidentiality of Medical Information Act (CMIA) or protected health information collected by a covered entity or business associate governed by the privacy, security and breach notification rules of Health Insurance Portability and Accountability Act (HIPAA) or Health Information Technology for Economic and Clinical Health Act (HITECH). However, Sutter Health patients have separate rights to their Protected Health Information (PHI) under these laws. To learn more about Sutter Health patients’ separate rights under these laws, please visit our Notice of Privacy Practices. To learn more about your rights under CCPA go to our Privacy Policy.

You have the right to ask Sutter Health to delete personal information that Sutter Health has collected about you. This does not include information collected as protected health information, medical information and nine other categories set forth in Cal. Civ. Code § 1798.105(d).  Other information Sutter Health may have collected about an individual may be subject to other laws and may not be deleted. Once Sutter Health has received your verifiable Request to Delete, we will work to delete all personal information that can be deleted subject to the foregoing exceptions.

As stated in our Privacy Policy, Sutter does not knowingly collect or solicit any information from anyone under the age of 13. The Sites and their content are not directed at children under the age of 13, except as general medical educational information. Sutter does not sell the personal information of minors under 16 years of age. Sutter encourages parents and guardians to take an active role in their children’s online and mobile activities and interests. However, parents generally have the authority to submit a request on behalf of their child. Sutter Health will comply with each valid, verifiable request to the extent possible.

Sutter Health uses cookies for a variety of reasons, including but not limited to delivering the best possible user experience to our website visitors, and tracking and sharing data on users’ website browsing of public information for purposes of better targeting, tracking, and marketing efforts. You have the ability to opt in and opt out of the use of cookies. Please visit Cookie Preferences to manage your preferences.

“Sensitive personal information” is personal information that reveals (a) consumer’s Social Security or other state identification number; (b) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (c) consumer’s geolocation; (d) consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of a consumer’s mail, email, or text messages, unless the business is the intended recipient of the communication; and (f) consumer’s genetic data.

In addition, “sensitive personal information” includes processing of biometric information for purposes of identifying a consumer; personal information collected and analyzed concerning a consumer’s health, and personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.