Privacy Policy

Privacy Policy

Effective Date: May 22, 2023

This Privacy Policy applies to the website or mobile application that is linked to this Privacy Policy (the “Services”) provided by The Cleveland Clinic Foundation or its affiliates (“Cleveland Clinic,” “we,” “us,” or “our”).

IMPORTANT NOTE: This Privacy Policy applies to individually identifiable information that you provide to us for purposes of obtaining medical care through the Services (such information is also referred to as “Protected Health Information” or “PHI”), which is subject to our Health Insurance Portability and Accountability Act Notice of Privacy Practices (the “HIPAA Notice”), and information that is not PHI. The HIPAA Notice describes how we can use and share your PHI and also describes your rights with respect to your PHI. This Privacy Policy supplements the HIPAA Notice for PHI. If there is ever any conflict between this Privacy Policy and the HIPAA Notice, the HIPAA Notice will apply. The HIPAA Notice does not apply to information that is not PHI.

The Cleveland Clinic Notice of Privacy Practices is a separate document that governs how PHI about you may be used and disclosed by Cleveland Clinic.

I. Collection of Information

We may collect the following kinds of information when you use a Service:

Information you provide directly to us. For certain Services or activities, such as when you register with a Service, subscribe to our alerts, or contact us directly, we may collect some or all of the following types of information:

  • Contact information, such as your full name, email address, mobile phone number, and address;
  • Username and password;
  • Payment information, such as your credit card number, expiration date, and credit card security code;
  • Personal health information, including information about your diagnosis, previous treatments, general health, and health insurance;
  • Doctor reviews; and
  • Any other information you provide to us.

We may combine such information with information we already have about you.

Information we collect automatically. We may collect certain information automatically when you use our Services, such as your computer’s Internet protocol (IP) address, device and advertising identifiers, browser type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, information about the links you click and pages you view within the Services, and other standard server log information. We may also collect certain location information when you use our Services, such as your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers.

We may use cookies, pixel tags, Local Shared Objects, and similar technologies to automatically collect this information. Cookies are small bits of information that are stored by your computer’s web browser. Pixel tags are very small images or small pieces of data embedded in images, also known as “web beacons” or “clear GIFs,” that can recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device. Local Shared Objects (sometimes referred to as “Flash Cookies”) are similar to standard cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. By using the Services, you consent to our use of cookies and similar technologies.

We may also collect technical data to address and fix technical problems and improve our Services. Your device or browser settings may permit you to control the collection of this technical data. By using the Services, you are consenting to us or any party acting on our behalf collecting this technical data.

Information from Third-Party Services. If you access the Services from an advertisement on a third-party website, application, or other service (a “Third-Party Service”) we may receive information from the owner of the Third-Party Service related to you or that advertisement.

Information we obtain from your health care providers and other sources. In connection with Services that involve medical treatment, we may collect medical records from your past, current, and future health care providers. This may include information about your diagnosis, previous treatments, general health, laboratory and pathology test results and reports, social histories, any family history of illness, and records about phone calls and emails related to your illness.

We may also receive information about you from other sources, including through third-party services and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (e.g. through direct mail). For example, if you access third-party services, such as Facebook, Google, or Twitter, through the Services to login to the Services or to share information about your experience on the Services with others, we may collect information from these third-party services.

II. Use of Information

We may use the information we collect online to:

  • Provide and improve the Services;
  • Contact you;
  • Fulfill your requests for products, services, and information;
  • Send you information about additional clinical services or general wellness from us or on behalf of our affiliates;
  • Analyze the use of the Services and user data to understand and improve the Services;
  • Conduct research using your information, which may be subject to your separate written authorization;
  • Prevent potentially prohibited or illegal activities and otherwise in accordance with our Terms of Use; and
  • For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.

III. Sharing of Information

We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.

  • Authorized third-party vendors and service providers. We may share your information with third-party vendors and service providers that help us with specialized services, including billing, payment processing, providing medical advice for telemedicine services, management and hosting of telemedicine services, customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct mail, mobile marketing, optimization and retargeting) advertising, performance monitoring, hosting, and data processing. These third-party vendors and service providers may not use your information for purposes other than those related to the services they are providing to us.
  • Corporate affiliates. We may share your information with our affiliates.
  • Legal purposes. We may disclose information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, health, safety, and security of Cleveland Clinic, our affiliates, patients, users, or the public.
  • Business Transfers. HIPAA permits organizations to transfer PHI in certain circumstances. We can transfer your information as part of a transfer of the assets of the organization, merger, or consolidation or in the unlikely event of bankruptcy, if such transfer is permissible under HIPAA and the HIPAA Notice.
  • Protected Health Information. We may transfer your PHI as described in the HIPAA Notice and permitted under HIPAA.
  • With your consent or at your direction. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction.

If you choose to engage in public activities on the third party sites that we link to, you should be aware that any information you share there can be read, collected, or used by other users of these sites and forums. You should use caution in disclosing personal information while participating in these areas. We are not responsible for the information you choose to submit in public areas.

No information provided by patients during medical consultations or requests for medical appointments is ever used for marketing purposes.

IV. Security

We use measures to protect Protected Health Information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction in accordance with HIPAA. We use measures designed to protect other information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure.

V. Your Choices

You may also request that we delete your personal information by sending us an email at privacy@ccf.org. We will delete such information unless we are required to maintain information in accordance with applicable law.

You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). Please note that you may need to take additional steps to refuse or disable Local Shared Objects and similar technologies. For example, Local Shared Objects can be controlled through the instructions on Adobe’s Setting Manager page. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you.

We do not share Protected Health Information with third parties for their own direct marketing purposes.

VI. Third-party Links and Content

Some of the Services may contain links to content maintained by third parties that we do not control. We are not responsible for the privacy practices of these third parties, and the information practices of these third parties are not covered by this Privacy Policy.

VII. Limiting Data Collection and Do Not Track

Opt-Out. To opt out of interest-based advertising across browsers and devices from companies that participate in the Digital Advertising Alliance or Network Advertising Initiative opt-out programs, please visit their respective websites. You may also be able to opt out of interest-based advertising through the settings within the mobile app or your mobile device, but your opt-out choice may apply only to the browser or device you are using when you opt out, so you should opt out on each of your browsers and devices if you want to disable interest-based advertising for those browsers and devices. If you opt out, you will still receive ads but they may not be as relevant to you and your interests, and your experience on our Services may be degraded.

Do-Not-Track Signals and Similar Mechanisms. Some web browsers transmit “do-not-track” signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.

VIII. For Android Users – Required Google Play Disclosures for Certain Health Apps

  • The mobile apps that are part of the Services interact with your microphone only if you choose to use your microphone to navigate such apps. The mobile apps that are part of the Services interact with your camera roll only if you choose to add a profile image to a profile in such apps. This information is not used in connection with COVID-19.
  • The mobile apps that are part of the Services access, collect, use, and share your information (including video, audio, images, files, phone) as stated above in the section titled, “Use of Information” and, as applicable, the HIPAA Notice. We also prominently highlight these uses, describe the type of data being accessed, and obtain your consent for these purposes as you use such mobile apps.
  • The mobile apps were not created specifically for the COVID-19 pandemic. They existed before the COVID-19 pandemic to allow you to access your health information related to healthcare services we have provided. We may allow you to access COVID-19-related vaccination information, laboratory test results, and documents with illness-related information through the Services. You may choose if or how you want to access, display, or use the information – just like you can make those decisions about health information relating to other conditions, services, tests, or vaccinations.
  • We may allow you to use the Services to participate in telehealth appointments. The mobile apps that are part of the Services only provide the technical support for those appointments to happen. The apps do not interact with any health information about you exchanged during any telehealth appointments.

IX. International Users

We maintain information in the United States of America and in accordance with the laws of the United States, which may not provide the same level of protection as the laws in your jurisdiction. By using the Services and providing us with information, you understand and agree that your information may be transferred to and stored on servers located outside your resident jurisdiction and, to the extent you are a resident of a country other than the United States, that you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy.

X. Children

We do not knowingly allow individuals under the age of 18 to create accounts that allow access to our Services.

XI. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. When we update the Privacy Policy, we will revise the “Effective Date” date above and post the new Privacy Policy. We recommend that you review the Privacy Policy each time you visit the Services to stay informed of our privacy practices.

XII. Questions?

If you have any questions about this Privacy Policy or our practices, please email us at onlineprivacy@ccf.org.

MyChart/MyClevelandClinic Privacy Policy

MyChart/MyClevelandClinic Privacy Policy

Effective Date: August 9, 2023

This Privacy Policy applies to the MyChart and MyClevelandClinic mobile applications or website (the “Services”) provided by The Cleveland Clinic Foundation or its affiliates (“Cleveland Clinic,” “we,” “us,” or “our”).

IMPORTANT NOTE: This Privacy Policy applies to individually identifiable information that you provide to us for purposes of obtaining medical care through the Services (such information is also referred to as “Protected Health Information” or “PHI”), which is subject to our Health Insurance Portability and Accountability Act Notice of Privacy Practices (the “HIPAA Notice”), and information that is not PHI. The HIPAA Notice describes how we can use and share your PHI and also describes your rights with respect to your PHI. This Privacy Policy supplements the HIPAA Notice for PHI. If there is ever any conflict between this Privacy Policy and the HIPAA Notice, the HIPAA Notice will apply. The HIPAA Notice does not apply to information that is not PHI.

The Cleveland Clinic Notice of Privacy Practices is a separate document that governs how PHI about you may be used and disclosed by Cleveland Clinic.

I. Collection of Information

We may collect the following kinds of information when you use a Service:

Information you provide directly to us. For certain Services or activities, such as when you register with a Service, subscribe to our alerts, or contact us directly, we may collect some or all of the following types of information:

  • Contact information, such as your full name, email address, mobile phone number, and address;
  • Username and password;
  • Payment information, such as your credit card number, expiration date, and credit card security code;
  • Personal health information, including information about your diagnosis, previous treatments, general health, and health insurance;
  • Doctor reviews; and
  • Any other information you provide to us.

We may combine such information with information we already have about you.

Information we collect automatically. We may collect certain information automatically when you use our Services, such as your computer’s Internet protocol (IP) address, device and advertising identifiers, browser type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, information about the links you click and pages you view within the Services, and other standard server log information. We may also collect certain location information when you use our Services, such as your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers.

We may use cookies, pixel tags, Local Shared Objects, and similar technologies to automatically collect this information. Cookies are small bits of information that are stored by your computer’s web browser. Pixel tags are very small images or small pieces of data embedded in images, also known as “web beacons” or “clear GIFs,” that can recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device. Local Shared Objects (sometimes referred to as “Flash Cookies”) are similar to standard cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. By using the Services, you consent to our use of cookies and similar technologies.

We may also collect technical data to address and fix technical problems and improve our Services. Your device or browser settings may permit you to control the collection of this technical data. By using the Services, you are consenting to us or any party acting on our behalf collecting this technical data.

Information from Third-Party Services. If you access the Services from an advertisement on a third-party website, application, or other service (a “Third-Party Service”) we may receive information from the owner of the Third-Party Service related to you or that advertisement.

Information we obtain from your health care providers and other sources. In connection with Services that involve medical treatment, we may collect medical records from your past, current, and future health care providers. This may include information about your diagnosis, previous treatments, general health, laboratory and pathology test results and reports, social histories, any family history of illness, and records about phone calls and emails related to your illness.

We may also receive information about you from other sources, including through third-party services and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (e.g. through direct mail). For example, if you access third-party services, such as Facebook, Google, or Twitter, through the Services to login to the Services or to share information about your experience on the Services with others, we may collect information from these third-party services.

II. The Limited Ways We Use Your Information

These are the limited ways we interact with your information in connection with our Services:

  • We request certain personal information to enable you to sign into your account and receive appointment reminders and other notifications.
  • When you choose to add a profile photo to our mobile apps, you may select an existing photo on your device or take a new photo using the camera app on your device. If you select an existing photo on your device, we store a copy of your chosen photo in app-private storage on your device. If you use the camera app on your device to take a new photo, the photo you take is first saved to your camera app and then also saved to app-private storage on your device. If you remove the photo from your profile or delete our mobile apps, the copy of the photo is deleted from the app-private storage, but the photo saved to your camera app remains available in your camera app until you choose to delete it.
  • When you choose to use Apple’s HealthKit or Google Fit, we create encrypted identifiers to identify recipients of your Apple’s HealthKit or Google Fit data and store them on your device in app-private storage. If you choose to stop using Apple HealthKit or Google Fit or delete our mobile apps, the identifiers are deleted.
  • When you choose to view documents from your healthcare provider (such as letters or images) using our mobile apps, to make the files viewable for you we temporarily store copies on your device in app-private storage. The temporary copies are deleted when you close your session on our mobile apps.
  • When you choose to include a photo or video in a message you send to your healthcare provider using our mobile apps, you may select an existing photo or video from your device or take a new photo or video using the camera app on your device. If you use the camera app on your device to take a new photo or video, it will be saved to your camera app. Any photo or video saved to your camera app remains available in your camera app until you choose to delete it.
  • If you receive telehealth visits using our mobile apps, when you join a visit, we will ask for permission to access your device’s video and audio functionality to make the telehealth visit possible. We do not record or store video or audio data from these visits.
  • If you choose to enable automatic appointment arrival, we temporarily store identifiers and times for your upcoming appointments in app-private storage to detect when you arrive for an upcoming appointment. If you choose to stop using our mobile apps or you disable automatic appointment arrival, the identifiers are deleted.
  • You may choose to allow our mobile apps to interact with your location data for purposes of receiving location-based check in for in-person appointments or to find a healthcare provider near you. We do not store your location data.
  • You may choose to allow our mobile apps to interact with your Bluetooth data to notify the front desk staff electronically when you arrive for an appointment. We do not store your Bluetooth data.
  • While you use our apps, if you choose to call a phone number displayed within the app, we will ask for permission to access your device’s phone to place a call to the phone number. We do not store your call history or data about the call.
  • While you use our apps, we collect non-identifying information so we can provide customer service to you and understand how people use our mobile apps so we can improve our products and how to fix and enhance the functionality of the apps. This information includes the time you began using the app, any error messages or codes, the model of device used and its operating system, and the version of our mobile app used. If you use Android devices, we also collect your connection type (cellular or WiFi) during an error.
  • We may also use your information (a) to otherwise provide you with the Services, (b) contact you, (c) fulfill your requests for products, services, and information, (d) send you information about additional clinical services or general wellness from us or on behalf of our affiliates, (e) analyze the use of the Services and user data to understand and improve the Services, (f) conduct research using your information, which may be subject to your separate written authorization, (g) prevent potentially prohibited or illegal activities and otherwise in accordance with our Terms of Use, and (h) for any other purposes disclosed to you at the time we collect your information or pursuant to your consent.

III. Sharing of Information

We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.

  • Authorized third-party vendors and service providers. We may share your information with third-party vendors and service providers that help us with specialized services, including billing, payment processing, providing medical advice for telemedicine services, management and hosting of telemedicine services, customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct mail, mobile marketing, optimization and retargeting) advertising, performance monitoring, hosting, and data processing. These third-party vendors and service providers may not use your information for purposes other than those related to the services they are providing to us.
  • Corporate affiliates. We may share your information with our affiliates.
  • Legal purposes. We may disclose information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, health, safety, and security of Cleveland Clinic, our affiliates, patients, users, or the public.
  • Business Transfers. HIPAA permits organizations to transfer PHI in certain circumstances. We can transfer your information as part of a transfer of the assets of the organization, merger, or consolidation or in the unlikely event of bankruptcy, if such transfer is permissible under HIPAA and the HIPAA Notice.
  • Protected Health Information. We may transfer your PHI as described in the HIPAA Notice and permitted under HIPAA.
  • With your consent or at your direction. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction.

If you choose to engage in public activities on the third party sites that we link to, you should be aware that any information you share there can be read, collected, or used by other users of these sites and forums. You should use caution in disclosing personal information while participating in these areas. We are not responsible for the information you choose to submit in public areas.

No information provided by patients during medical consultations or requests for medical appointments is ever used for marketing purposes.

IV. Security

We use measures to protect Protected Health Information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction in accordance with HIPAA. We use measures designed to protect other information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure.

V. Your Choices

You may also request that we delete your personal information by sending us an email at privacy@ccf.org. We will delete such information unless we are required to maintain information in accordance with applicable law.

You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). Please note that you may need to take additional steps to refuse or disable Local Shared Objects and similar technologies. For example, Local Shared Objects can be controlled through the instructions on Adobe’s Setting Manager page. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you.

We do not share Protected Health Information with third parties for their own direct marketing purposes.

VI. Third-party Links and Content

Some of the Services may contain links to content maintained by third parties that we do not control. We are not responsible for the privacy practices of these third parties, and the information practices of these third parties are not covered by this Privacy Policy.

VII. Limiting Data Collection and Do Not Track

Opt-Out. To opt out of interest-based advertising across browsers and devices from companies that participate in the Digital Advertising Alliance or Network Advertising Initiative opt-out programs, please visit their respective websites. You may also be able to opt out of interest-based advertising through the settings within the mobile app or your mobile device, but your opt-out choice may apply only to the browser or device you are using when you opt out, so you should opt out on each of your browsers and devices if you want to disable interest-based advertising for those browsers and devices. If you opt out, you will still receive ads but they may not be as relevant to you and your interests, and your experience on our Services may be degraded.

Do-Not-Track Signals and Similar Mechanisms. Some web browsers transmit “do-not-track” signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.

VIII. For Android Users – Required Google Play Disclosures for Certain Health Apps

  • The mobile apps that are part of the Services interact with your microphone only if you choose to use your microphone to navigate such apps. The mobile apps that are part of the Services interact with your camera roll only if you choose to add a profile image to a profile in such apps. This information is not used in connection with COVID-19.
  • The mobile apps that are part of the Services access, collect, use, and share your information (including video, audio, images, files, phone) as stated above in the section titled, “Use of Information” and, as applicable, the HIPAA Notice. We also prominently highlight these uses, describe the type of data being accessed, and obtain your consent for these purposes as you use such mobile apps.
  • The mobile apps were not created specifically for the COVID-19 pandemic. They existed before the COVID-19 pandemic to allow you to access your health information related to healthcare services we have provided. We may allow you to access COVID-19-related vaccination information, laboratory test results, and documents with illness-related information through the Services. You may choose if or how you want to access, display, or use the information – just like you can make those decisions about health information relating to other conditions, services, tests, or vaccinations.
  • We may allow you to use the Services to participate in telehealth appointments. The mobile apps that are part of the Services only provide the technical support for those appointments to happen. The apps do not interact with any health information about you exchanged during any telehealth appointments.

IX. International Users

We maintain information in the United States of America and in accordance with the laws of the United States, which may not provide the same level of protection as the laws in your jurisdiction. By using the Services and providing us with information, you understand and agree that your information may be transferred to and stored on servers located outside your resident jurisdiction and, to the extent you are a resident of a country other than the United States, that you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy.

X. Children

We do not knowingly allow individuals under the age of 18 to create accounts that allow access to our Services.

XI. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. When we update the Privacy Policy, we will revise the “Effective Date” date above and post the new Privacy Policy. We recommend that you review the Privacy Policy each time you visit the Services to stay informed of our privacy practices.

XII. Questions?

If you have any questions about this Privacy Policy or our practices, please email us at onlineprivacy@ccf.org.

Telemedicine Privacy Policy

Telemedicine Privacy Policy

Effective Date: September 6, 2018

This Privacy Policy applies to the telemedicine website or mobile application (the “Services”) provided by The Cleveland Clinic Foundation (“Cleveland Clinic,” “we,” “us,” or “our”).

IMPORTANT NOTE: This Privacy Policy applies to individually identifiable information that you provide to us for purposes of obtaining medical care (such information is also referred to as “Protected Health Information” or “PHI”), which is subject to our Health Insurance Portability and Accountability Act Notice of Privacy Practices (the “HIPAA Notice”), and information that is not PHI. The HIPAA Notice describes how we can use and share your PHI and also describes your rights with respect to your PHI. This Privacy Policy supplements the HIPAA Notice for PHI. If there is ever any conflict between this Privacy Policy and the HIPAA Notice, the HIPAA Notice will apply. The HIPAA Notice does not apply to information that is not PHI.

I. Collection of Information

We may collect the following kinds of information when you use the Services:

Information you provide directly to us as part of registration. For certain activities, such as when you register, use our telemedicine services, subscribe to our alerts, or contact us directly, we may collect some or all of the following types of information:

  • Contact information, such as your full name, email address, mobile phone number, and address;
  • Username and password;
  • Payment information, such as your credit card number, expiration date, and credit card security code;
  • Personal health information, including information about your diagnosis, previous treatments, general health, and health insurance;
  • Doctor reviews; and
  • Any other information you provide to us.

We may combine such information with information we already have about you.

Information we collect automatically. We may collect certain information automatically when you use our Services, such as your computer’s Internet protocol (IP) address, device and advertising identifiers, browser type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, information about the links you click and pages you view within the Services, and other standard server log information. We may also collect certain location information when you use our Services, such as your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers.

We may use cookies, pixel tags, Local Shared Objects, and similar technologies to automatically collect this information. Cookies are small bits of information that are stored by your computer’s web browser. Pixel tags are very small images or small pieces of data embedded in images, also known as “web beacons” or “clear GIFs,” that can recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device. Local Shared Objects (sometimes referred to as “Flash Cookies”) are similar to standard cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. By using the Services, you consent to our use of cookies and similar technologies.

We may also collect technical data to address and fix technical problems and improve our Services. Your device or browser settings may permit you to control the collection of this technical data. By using the Services, you are consenting to us or any party acting on our behalf collecting this technical data.

Information from Third-Party Services. If you access the Services from an advertisement on a third-party website, application, or other service (a “Third-Party Service”) we may receive information from the owner of the Third-Party Service related to you or that advertisement.

Information we obtain from your health care providers and other sources. In connection with your treatment, we may collect medical records from your past, current, and future health care providers. This may include information about your diagnosis, previous treatments, general health, laboratory and pathology test results and reports, social histories, any family history of illness, and records about phone calls and emails related to your illness.

We may also receive information about you from other sources, including through third-party services and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (e.g. through direct mail). For example, if you access third-party services, such as Facebook, Google, or Twitter, through the Services to login to the Services or to share information about your experience on the Services with others, we may collect information from these third-party services.

II. Use of Information

We generally use the information we collect online to:

  • Provide and improve the Services;
  • Contact you;
  • Fulfill your requests for products, services, and information;
  • Send you information about additional clinical services or general wellness from us or on behalf of our affiliates;
  • Analyze the use of the Services and user data to understand and improve the Services;
  • Conduct research using your information, which may be subject to your separate written authorization;
  • Prevent potentially prohibited or illegal activities and otherwise in accordance with our Terms of Use; and
  • For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.

III. Sharing of Information

We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.

  • Authorized third-party vendors and service providers. We may share your information with third-party vendors and service-providers that help us with specialized services, including providing medical advice, management and hosting of telemedicine services, billing, payment processing, customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct mail, mobile marketing, optimization and retargeting) advertising, performance monitoring, hosting, and data processing. These third-party vendors and service providers may not use your information for purposes other than those related to the services they are providing to us. No information provided by patients during medical consultations is ever used for marketing purposes.
  • Corporate affiliates. We may share your information with our affiliates.
  • Legal purposes. We may disclose information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, health, safety, and security of Cleveland Clinic, our affiliates, patients, users, or the public. If we are legally compelled to disclose information about you to a third party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us.
  • Business Transfers. HIPAA permits organizations to transfer PHI in certain circumstances. We can transfer your information as part of a transfer of the assets of the organization, merger, or consolidation or in the unlikely event of bankruptcy, if such transfer is permissible under HIPAA and the HIPAA Notice.
  • Protected Health Information. We may transfer your PHI as described in the HIPAA Notice and permitted under HIPAA.
  • With your consent or at your direction. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction.

If you choose to engage in public activities on the third party sites that we link to, you should be aware that any information you share there can be read, collected, or used by other users of these sites and forums. You should use caution in disclosing personal information while participating in these areas. We are not responsible for the information you choose to submit in public areas.

IV. Security

We use measures to protect Protected Health Information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction in accordance with HIPAA. We use measures designed to protect other information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure.

V. Your Choices

You may also request that we delete your personal information by sending us an email at privacy@ccf.org. We will delete such information unless we are required to maintain information in accordance with applicable law.

You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). Please note that you may need to take additional steps to refuse or disable Local Shared Objects and similar technologies. For example, Local Shared Objects can be controlled through the instructions on Adobe’s Setting Manager page. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you.

We do not share personal information with third parties for their own direct marketing purposes.

VI. Third-party Links and Content

Some of the Services may contain links to content maintained by third parties that we do not control. We are not responsible for the privacy practices of these third parties, and the information practices of these third parties are not covered by this Privacy Policy.

VII. Limiting Data Collection and Do Not Track

Opt-Out. To opt out of interest-based advertising across browsers and devices from companies that participate in the Digital Advertising Alliance or Network Advertising Initiative opt-out programs, please visit their respective websites. You may also be able to opt out of interest-based advertising through the settings within the mobile app or your mobile device, but your opt-out choice may apply only to the browser or device you are using when you opt out, so you should opt out on each of your browsers and devices if you want to disable interest-based advertising for those browsers and devices. If you opt out, you will still receive ads but they may not be as relevant to you and your interests, and your experience on our Services may be degraded.

Do-Not-Track Signals and Similar Mechanisms. Some web browsers transmit “do-not-track” signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.

VIII. International Users

We maintain information in the United States of America and in accordance with the laws of the United States, which may not provide the same level of protection as the laws in your jurisdiction. By using the Services and providing us with information, you understand and agree that your information may be transferred to and stored on servers located outside your resident jurisdiction and, to the extent you are a resident of a country other than the United States, that you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy.

IX. Children

We do not knowingly allow individuals under the age of 18 to create accounts that allow access to our Services.

X. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. When we update the Privacy Policy, we will revise the “Effective Date” date above and post the new Privacy Policy. We recommend that you review the Privacy Policy each time you visit the Services to stay informed of our privacy practices.

XI. Questions?

If you have any questions about this Privacy Policy or our practices, please email us at onlineprivacy@ccf.org.

Security Statement

Security Statement

Cleveland Clinic values your privacy and security. Your data is protected through Secure Socket Layer (SSL) 128-bit encryption, ensuring your confidential information is protected using both server authentication and data encryption technology.