MyHealthONE Privacy: What You Need to Know

We respect your privacy and take internet privacy and information security very seriously. Please read the following information in this privacy policy (“Privacy Policy”) carefully.

This Privacy Policy covers our online privacy practices with respect to the use and/or disclosure of information we may collect from you when you access or use MyHealthONE. “MyHealthONE” is a website and mobile application designed to offer you access to some of your records at affiliated facilities.

As well as certain internet-based services which may include assistance in finding a doctor, assistance in scheduling appointments, the ability to register for classes, and pre-register for procedures, and health and patient education materials.

This Privacy Policy applies only to MyHealthONE and its related services (the “Services” or “MyHealthONE”), which are provided by HCA – HealthONE LLC and its affiliates (“we,” “us,” or “our”).

This Privacy Policy does not apply to information collected through other means, such as by telephone or in person. Please review our privacy practices and email our privacy team or write to us at the address below if you have any questions.

HCA Healthcare
Attention: Privacy Requests
One Park Plaza
Nashville, TN 37203

MyHealthONE Privacy: What You Need to Know

Information Collected through MyHealthONE

The type and amount of Personal Information we collect about you depends on how you use MyHealthONE. As used in this Privacy Policy, “Personal Information” means any information that may be used, either alone or in combination with other information, to personally identify an individual as defined by applicable state law as noted below.

We collect certain information, including Personal Information, from and about MyHealthONE users in three ways:

  • Directly from you;
  • Directly from our web server logs, or
  • Cookies and web beacons.

Information Provided by You

MyHealthONE includes certain features for your benefit that will not function properly unless we collect and use Personal Information. For example, the MyHealthONE app can provide you with access to some of your medical records.

When you seek access to those records on MyHealthONE, we need to make sure it is you. We will ask you for your name, email address, home address, date of birth (which we may also use to make sure you are eligible to use MyHealthONE in accordance with the MyHealthONE Terms of Use (the “Terms”)), the answers to “secret questions” to which only you know the answers, or other similar information. We may need to ask you for the information again when you sign in from a new device.

We may also ask for information about your location and medical needs to assist with finding a physician, and may collect and pass on information to assist you in scheduling appointments, registering for classes, and pre-registering for procedures.

On the other hand, if you only want to use MyHealthONE, for example, to look up educational health information, we may not need to ask you any questions to make sure it is you.

Our service providers, and we may collect Personal Information through mobile applications, including iOS and Android apps (collectively, “Mobile Apps”), with your consent. In connection with your use of the Services through such Mobile Apps, you may elect to provide us with limited access to your device and the content stored on any such device (“Mobile App Content”).

For example, you may grant us access to your device’s camera roll and/or photo library if uploading a profile image, photo ID, or insurance cards. Mobile App Content shared by you will be used by us in support of providing the Service to you.

We make best efforts, in accordance with the Mobile App developer policies and guidelines applicable to each mobile app platform operator, to obtain your prior consent within the applicable Mobile App in each instance; otherwise, this Privacy Policy serves as a general notice with regard to such practices. Any such Mobile App Content will be used in accordance with this Privacy Policy.

Web Server Logs

When you access or use our Services, we may track information to administer our Services and analyze their usage. Examples of information we may track include, without limitation:

  • Your Internet protocol address.
  • The kind of browser or computer you use.
  • Number of links you click within our Services;
  • State or country from which you accessed our Services;
  • Date and time of your visit;
  • Name of your Internet service provider;
  • Third-party websites you linked to from our Services; and
  • Pages or information you viewed on our Services.

We use this information to analyze and improve our Services, monitor traffic and usage patterns for information security purposes, and to help make our Services more useful.

Cookies and Web Beacons

A “cookie” is a small text file that may be transferred to your device’s file system in order to personalize our Services for you and to collect aggregate information regarding usage of our Services by all of our users.

Each device is assigned a different cookie that contains a random, unique number. Our services use cookies and similar technologies to collect data during the user experience, including demographic data. This technology can persist anywhere from six months to two years.

When using the web version (as opposed to the app version), your browser software can be set to warn you of cookies or reject all cookies. Most browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar.

If you reject our cookies, this may disable some of the functionality of our Services, and you may not be able to use certain features offered by MyHealthONE.

In addition to cookies, our Services may use similar technologies for similar purposes. A “web beacon,” “clear GIF,” “web bug,” or “pixel tag” is a tiny graphic file with a unique identifier that is similar in function to a cookie, but would allow us to count the number of users that have visited certain pages or screens of our Services, and to help determine the effectiveness of promotional or advertising campaigns.

When used in HTML-formatted email messages, web beacons can tell the sender whether and when the email has been opened. In contrast to cookies, which may be stored on your device’s file system, web beacons are typically embedded invisibly on pages or screens.

We use Google Analytics and Firebase on our Services to help us analyze the traffic and user activity on our Services, which may include the use of mobile device identifiers provided by applicable Apple or Google services (unless a user opts out of interest-based advertising or ad personalization) or similar technologies that are used to collect data.

For more information on Google Analytics and Firebase’s processing of Personal Information, please see Google’s Privacy and Terms and Google Analytics for Firebase. Consult with the mobile device manufacturer and/or operating system developer documentation for information regarding data collection (including opting out of or limiting such practices).

By using a browser plugin provided by Google, you can opt out of Google Analytics for the web. We reserve the right to share aggregated site statistics monitored by cookies and web beacons with our affiliates and partner companies.

We may display content from third-party platforms or services that allow you to view their hosted content directly from the pages of our Site, and interact with them. For example, we use YouTube, a video sharing and social media platform provided by Google LLC, to embed video content on our Site. Google’s Privacy Policy explains how YouTube/Google treats your personal data and protects your privacy when you provide your personal data in connection with your access and use of their services.

Some features on our Services (such as video widgets on the MyHealthONE website used for demonstrations) may use cookies or other methods to gather information regarding your use of MyHealthONE, and may combine the information in these cookies with any Personal Information about you that they may have. The use of such information by a third party depends on the privacy policy of that third party.

We treat the information of everyone who comes to our Services in accordance with this Privacy Policy. We do not honor Do Not Track (DNT) requests. To determine whether any of our third-party service providers (see the How We Disclose Personal Information section below) honor DNT requests, please read their respective privacy policies.

Control of Cookies

Most browsers are set to accept cookies by default. However, you can remove or reject cookies in your browser’s settings. Please be aware that such action could affect the availability and functionality of the Site.

For more information on how to control cookies, check your browser or device’s settings for how you can control or reject cookies, or visit the following links:

Geolocation Data

We do not collect precise information (e.g., GPS data; latitude and longitude) concerning the location from which you access the Services, but we collect information on your region or postal code to help us gather information useful for improving the relevance of our content and securing our Services.

Third Party Advertising

We may allow third-party advertising companies to serve ads when you access or use our Services. These companies use non-personally identifiable information regarding your access and use of our Services and other websites, such as the pages viewed, date and time of your visit, and number of times you have viewed an ad (but not your name, address, or other personal information), to serve ads to you on our Services and other websites that may be of interest to you.

In the course of serving advertisements to our Services, our third-party advertiser may place or recognize a unique cookie on your browser. In addition, other third-party advertisers or we may use web beacons to help manage our online advertising. This allows us or a third-party advertiser to learn which banner ads bring users to our Services.

We use Google Ads, the Google Marketing Platform, and related marketing and advertising services provided by Google, LLC in connection with our Site and general corporate advertising and marketing operations for purposes of, among other things, online advertising, which includes remarketing, re-engagement, or similar audience and advertising and marketing features.

You can control the information Google uses to show you ads by changing your Google Ad Personalization Settings. Additionally, you can learn more about Google Ad personalization and additional controls available to you by visiting Google Ad Help.

We use Twitter Ads, an advertising and analytics service provided by Twitter, Inc., in connection with our Site to run advertising and marketing campaigns on Twitter. You can opt out of Twitter’s interest-based advertising through an applicable opt-out mechanism specified by Twitter.

We use Facebook Ads and related services provided by Facebook, Inc. in connection with our Site to run advertising and marketing campaigns on Facebook. Facebook’s Cookie Policy explains how Facebook uses data to show you ads and how you can control usage.

You can learn about additional steps that you may take to opt out of interest-based advertising when browsing the web by visiting National Advertising Initiative (NAI) Consumer Opt Out.

Information Collected or Accessed through the Portal

As a Service to its customers, we may also provide Portals to offer some customers secure, private access to their own records at our facilities, as well as certain internet-based services which may include, among other things, assistance in finding a doctor, assistance in scheduling appointments, the ability to register for classes and pre-register for procedures, the ability to make payment for medical services rendered, and access to health and patient education materials and secure messaging (“Portal”).

This may include the ability to access, collect, use, and/or share personal or sensitive data related to, or in support of, public health emergencies, such as the coronavirus disease 2019 (COVID-19), in connection with your medical records and/or treatment at our facilities. For example, the Service may allow you the ability to access, use, and/or share your proof of vaccination status, current infection, or history of infection.

The Portal can provide you with access to some of your medical records. When you seek access to those records on the Portal, we need to confirm your identity, so we ask you for information such as your name and email or physical address and other information such as your date of birth (which we may also use to make sure you are eligible to use the Portal in accordance with the Terms) and the answers to “secret questions” to which only you know the answers.

This information may be used to help administer your user account and manage your account. We may need to ask you for the information again when you sign in from a new device.

We may ask for information about your location and medical needs to assist with finding a physician, and may collect and pass on information (which may include, where relevant, health information such as your patient history) to assist you in scheduling appointments, pre-registering for procedures, and registering for classes.

The Purposes for Which We Use Personal Information

In addition to the uses and disclosures of information outlined above, Personal Information about you may be used:

  • To provide, analyze, administer, and improve our Services;
  • To contact you in connection with our Services and appointments, events or offerings that you may have registered for;
  • To identify and authenticate your access to the parts of MyHealthONE or other password-protected Services that you are authorized to access;
  • To send you surveys;
  • To respond to your requests;
  • to protect our rights or our property and to ensure the technical functionality and security of our Services; and
  • As required to meet our legal and regulatory obligations.

Please contact our appointed EU representative if you have questions about or need further information concerning the legal basis on which we collect and use your information.

If you are a resident of the European Economic Area, our legal basis for collecting and using the information described in this Privacy Policy will depend on the information concerned and the context in which we collect it. We collect information from you:

  • Where we need it to perform our contract with you (i.e., the Terms);
  • Where the processing is in our legitimate interests, such as securing and improving our Services, for example, (provided that these interests are not overridden by your interests or rights);
  • Where the processing is for the provision of healthcare or the management of healthcare services (e.g., health information collected from you or made accessible to you through our Services in accordance with legal requirements governing the confidentiality of such information); or
  • If we otherwise have your consent.

If you are a resident of the European Economic Area and you have questions about or need further information concerning the legal basis on which we collect and use your information, please contact our appointed EU representative at the DPO Centre.

How We Disclose Personal Information

We do not sell, lease, rent, or otherwise disclose the Personal Information collected from our Services (including contact, health, or billing information) to third parties other than as provided below, unless we obtain your consent.

We may disclose Personal Information:

  • To MyHealthONE Service Providers. We transfer Personal Information to third-party service providers to perform tasks on our behalf and to assist us in providing our Services. For example, we may use third-party service providers for security, website analytics, and payment processing. We use commercially reasonable efforts to only engage or interact with third-party service providers and partners that post a privacy policy governing their processing of Personal Information, and require our service providers to maintain confidentiality and comply with applicable laws in the processing of Personal Information. Review our list of current third-party service providers in the Appendix below.
  • To Authorized Representatives. If another individual is managing your account on your behalf (for example, a mother managing the account of her son), as authorized by you or as a personal representative under applicable law, that person can view your information in MyHealthONE, as limited by applicable law or the Terms.
  • Healthcare Providers. Your healthcare providers may have access to Personal Information for administrative and healthcare services. We may also use Personal Information to respond to and fulfill your requests.
  • To Partners. We may share information with marketing, treatment or health care operations support partners required to protect the confidentiality of your information that will enable them to send you targeted messages or serve you targeted advertising, with your authorization or otherwise in compliance with HIPAA (defined below) and other applicable laws.
  • In the Event of Merger, Sale, Divestiture, or Change of Control. We may transfer or assign Personal Information to a third-party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control.
  • Other Disclosures. We may disclose Personal Information about you if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our Terms, including investigations of potential violations thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect against harm to our or third parties’ rights, property or safety.

Third-Party Websites and Payments

If you follow a link from our Services to another website, you may decide to disclose Personal Information at that website. In contacting that site, or in providing information on that site, that third party may obtain Personal Information about you.

This Privacy Policy does not apply when you leave MyHealthONE and its related Services and go to a third-party website. We encourage you to be aware when you leave MyHealthONE and to read the privacy statements of each third-party website that collects Personal Information.

Any payments you may make for services you have found on MyHealthONE (such as enrolling in a class) are made exclusively through a third party website, the separate privacy policy of which applies, and not through MyHealthONE. We are not responsible for any fees, charges, or actions provided by such third-party website.

Information Security

No website can guarantee security, but we maintain industry-accepted physical, electronic, and procedural safeguards to protect Personal Information collected via our Services in compliance with applicable law. Please see the MyHealthONE Terms for more specific information about information security and your responsibilities.

What can I do to protect my Privacy?

Where you use a Portal or other Service that is secured with a username and password, you are also responsible for taking steps to protect the privacy of Personal Information about you. To protect your privacy, you should:

  • Never share you sign in name or password;
  • Always sign out when you are finished using MyHealthONE.
    • Use only secure web browsers.
  • Employ common anti-virus and anti-malware tools on your system to keep it safe.
  • Use a strong password with a combination of letters and numbers.
  • Change your password often, and
  • Notify us immediately if you believe your login and/or password have been compromised.

If you share your MyHealthONE user name and password with another person, this will allow that person to see your confidential medical record information and other Personal Information. We have no responsibility concerning any breach of Personal Information due to your sharing or losing your username or password.

Retention of Information

We will retain Personal Information for the period necessary to fulfill the purposes for which it has been collected as described in this Privacy Policy unless a longer retention period is required by law, for security, fraud & abuse prevention, to comply with legal or regulatory requirements, to ensure continuity of services, or for financial record-keeping purposes.

Where practical, we dispose of certain categories of information, including Personal Information, on a regular schedule.

What if I am accessing MyHealthONE from outside of the United States?

If you are visiting our Portal from outside the United States, your Personal Information may be transferred to, stored, or processed in the United States, where our servers are located, and our central database is operated.

Although the data protection and other laws of the United States and other countries might not be as comprehensive as those in your country, we take steps to protect your privacy, including, for transfers of Personal Information from the European Economic Area, the use of contractual clauses (known as “Model Clauses” or “Standard Contractual Clauses”) that have been approved by the European Commission.

By using our Services, you understand and agree that your information may be transferred to our facilities and those third parties with whom we share it as described in this Privacy Policy.

Your Rights In General

If you are a registered user of our Services, you may access and amend personal demographic information when logged into your account.

If you would otherwise like to access, amend, erase, export, object to, restrict the processing, or other Personal Information collected via our Services, or any other request as described below by state law, you may email our privacy team or write to us at:

HCA Healthcare
Attention: Privacy Requests
One Park Plaza
Nashville, TN 37203