Digital Privacy and Tracking Notice
1. Digital Privacy
Indiana University Health and its affiliates (collectively, “IU Health,” “we”, “us” or “our”) are committed to protecting the privacy and security of information received or collected from you and your representatives (“you” or “your”). In this Digital Privacy and Tracking Notice (“Notice”) we explain how we collect, use, share, and protect your information when you use or access our websites, mobile applications, and you interact with us through other digital services and electronic communications (“Digital Services”). This Notice applies to all Digital Services of IU Health, including where this Notice is presented or linked, and supplements IU Health’s Online Services Legal Notices and Internet & Social Medial Site User Agreement.
By using our Digital Services, clicking [“I Agree”], or creating an account, you are consenting to this Notice and our practices described in this Notice on your own behalf and on whose behalf you are using the Digital Services (e.g., your dependents). If you do not agree to this Notice, do not use our Digital Services.
Please also note that IU Health is not responsible for the privacy policies of the third-parties that operate any other website, application, or platform, even if it is linked from our Digital Services. We recommend you review any third-party’s privacy policies and Cookies notices, if any, before using any third-party website, application, or platform.
If you are a patient of IU Health and we collected protected health information from you, please see IU Health’s Notice of Privacy Practices, which addresses how IU Health collects, uses, and discloses your protected health information under the Health Insurance Portability and Accountability Act. Some Digital Services may have their own privacy notices that apply to those Digital Services. Such notices supplement this Notice.
2. Registration
You are always welcome to use our Digital Services that do not require registering or providing any information. However, we require you to register for certain Digital Services, including our free health electronic communications, discussion boards (when available), and other features, and online bill pay. You can access the information that you submit when registering for a Digital Service only by using the username and password you have selected for such services. Where a login or password is needed to access our Digital Services, you are responsible for keeping the login and password confidential. Do not share your login or password with anyone. We encourage you to change your password regularly.
3. Security of Information
Our online forms are not encrypted unless noted otherwise, and information you input may be accessed by unauthorized users prior to you sending it to us. Access to the information within IU Health is on a need-to-know basis. IU Health uses reasonable measures to safeguard the security of the information collected or received in connection with our Digital Services. However, PLEASE NOTE THAT, BY ITS VERY NATURE, NO DATA STORAGE SYSTEM OR TRANSMISSION OF DATA OVER THE INTERNET OR OTHER PUBLIC NETWORK CAN BE ABSOLUTELY SECURE. IU HEALTH, ACCORDINGLY, CANNOT AND DOES NOT GUARANTEE THE COMPLETE SECURITY OF ELECTRONIC INFORMATION.
4. Changing or Deleting Your Information that You Provide to Us
If you have registered an account to use a Digital Service, you may be able to change the information that you provide at any time by clicking on "Edit Profile" within your account section. If you forget your password, click on "Forgot Password?" at the top of any page and we will walk you through the process of resetting your password.
Unsubscribing from our free health emails does not delete the information you provide to us from our system, even if you unsubscribe from all emails. We will delete your registration information from the active and searchable areas of our system at your request. Be aware, however, that it is not feasible for us to remove every electronic record that may contain your information, such as from backup and systems. Also, we may change this information and store it in anonymous, de-identified, or aggregated databases. This type of information cannot be linked to you and will not be deleted.
If you registered for discussion boards and also want that information removed, please note that in your request. Please inform us if you used a different email address or password when registering for discussion boards.
To have your registration information removed, send your request by email at digitalprivacy@iuhealth.org. Please contact us again if you do not receive a confirmation from us.
5. Privacy Concerns
If you have any questions or concerns regarding this Notice, or the collection, retention, or management of any information on our Digital Services, please contact us by email at digitalprivacy@iuhealth.org or send a written notification to:
IU Health Marketing and Corporate Communications
Attn: Webmaster
340 W. 10th St., Suite 5200
P.O. Box 1367
Indianapolis, IN 46206
6. Emails
When you sign up for free health emails, IU Health maintains information about your selections for the purpose of sending you the emails and managing their transmission to you. We do not use your email address or the information that you provide along with it for other unrelated purposes, although it may be included in anonymous, aggregated statistical information.
We will use reasonable means to protect your information you send or request from us by email. However, we cannot guarantee that these communications and data will be confidential, secure, or private. Additionally, we will not be liable in the event that you or anyone else inappropriately uses your email or liable for improper disclosure of your health information you send to us or that you request to receive by email, and you bear this risk.
A link for unsubscribing from emails is located at the bottom of each email. You also can unsubscribe by using the "Change Profile" link within the Connect with IU Health section at the bottom of any page on our site. Unsubscribing from emails does not delete your information from our system, even if you unsubscribe from all emails.
7. Electronic Communications (Email, SMS Text and Fax)
When you provide us your email address, a telephone number (including a mobile phone) or a fax number, you (i) consent to IU Health sending you emails, calls, mobile texts, or faxes concerning IU Health’s health care services, and (ii) consent to IU Health’s sending you requested messaging and communications, including marketing and solicitation communications about IU Health’s and our third-party partners’ products and services that we think would be of interest to you, including but not limited to information related to your appointments, care, conditions, medications, opportunities to be involved in research, or other community resources. You also consent to our communication by return email, mobile text and fax to the same email, mobile text or fax number or address you used to send us the initial communication. You are also allowing us to send artificial/prerecorded voice and text messages to your Device’s phone number in order to convey important health care-related messages to you. Examples include appointment confirmations, wellness checkups, pre-registration instructions, lab results, post-discharge follow up, prescription notifications, and appointment reminders. Because these emails, mobile text and fax messages may contain your personal health information, IU Health reserves the right to save your messages, and include your message or information contained within your message, in your medical record.
Although IU Health will try to read and respond promptly to your messages, IU Health staff may not read your message immediately. Therefore, you should not use email, mobile text or fax messaging to communicate with IU Health if there is an emergency or where you require an answer in a short period of time.
IU Health will use reasonable means to protect your information you send or that you request we send to you via email, mobile text (e.g., SMS) or fax communications. However, because of the risks outlined below, IU Health cannot guarantee that these communications and data will be confidential, secure, or private. Additionally, IU Health will not be liable in the event that you or anyone else inappropriately uses your Device or applications for email, mobile text or fax communications through your Device. IU Health will not be liable for improper disclosure of your health information when using these communications tools to send or receive electronic communications with IU Health, and you bear this risk.
Sending and receiving electronic communications using email, mobile text, and faxes are not without risks, including the following:
- Because the Internet or open communications networks are not secure or private, unauthorized people may be able to intercept, read and possibly modify the electronic communication you send or are sent to you by IU Health.
- Because email, mobile text and electronic faxes can be used to spread viruses, some which cause these messages to be sent to people who you do not intend to send these messages to, you should install and maintain protection software on your Device, including access controls.
- Because these electronic messages can be copied, printed and forwarded by people to whom you send these messages, you should be careful regarding whom you send such messages using email, mobile text and fax messaging.
- If you provide an employer-issued email account or use an employer owned Device to communicate with IU Health, you understand and agree that your employer may have the right to access to all such messages sent by IU Health to the account or Device, and you provide permission to IU Health to send these messages, unless and until you change the email address and mobile phone number registered with IU Health.
To mitigate these risks, you agree that:
- You will protect your email, text and fax messaging account, password and Device against access by unauthorized people.
- IU Health may forward emails as appropriate to respond to your message.
- If your message requires or asks for a response, and you have not received a response within a reasonable time period, it is your responsibility to follow up directly with IU Health.
- You have carefully considered the risk of using email, mobile and fax messaging for the communication of sensitive medical information, such as, but not limited to, information regarding sexually transmitted diseases, AIDS/HIV, mental health, developmental disability, or substance abuse.
- It is your responsibility to follow up and/or schedule an appointment if warranted or recommended by IU Health, and using your email, phone number, or fax number constitutes your consent to receive a response using the same channel.
You also agree to support and facilitate IU Health’s use of your email address, phone number and fax number by:
- Immediately inform those individuals with whom you communicate with at IU Health of changes in your email address, phone numbers, fax numbers or electronic fax address.
- You will send messages only to such IU Health email, mobile text and fax messaging numbers and addresses as instructed by us.
- You will put your name and such other information as is necessary for IU Health to identify you in the body of the message.
- With respect to emails, you will include the category of the communications in the email’s subject line, for handling purposes (e.g., appointment, available services and inquiries, billing and cost questions, etc.).
- Prior to sending the message, you will review the message to make sure it is clear and that all relevant or requested information is provided.
If, at any time, you decide that you no longer wish to be contacted by telephone, mobile text and/or fax messaging, you should provide written notice revoking your prior consent to IU Health, Attention: Customer Service, 250 N. Shadeland Ave., Indianapolis, Indiana 46219, and include your name, mailing address, specific phone number(s) and advise whether you would like communications to cease via telephone, mobile text and/or fax messaging. You may also elect to opt-out from receiving mobile text messages from IU Health by replying STOP to the mobile text message. SMS messages will be titled IU Health. We may still send you transactional emails or mobile texts when responding to a request from you using these communications channels or related to health care services you are receiving. If you subsequently subscribe, or re-subscribe, to marketing electronic messages from us, your prior opt-out will no longer be active and you will be opted-in for those communications. However, you can always opt-out again later.
IU Health does not have a separate charge for this service; however, text message and data rates may apply from your Device’s mobile carrier. Subject to the terms and conditions of your mobile carrier, you may receive text messages sent to your mobile Device. IU Health does not warrant that your mobile carrier will enable your participation in this service or whether messages will be timely delivered.
By communicating via mobile text messaging, you also consent and approve of any charges from your mobile carrier relating to text messages to or from IU Health. Charges for text messages may appear on your mobile phone bill or be deducted from your prepaid balance. IU Health reserves the right to terminate this text messaging service, in whole or in part, at any time without notice. The information in any message may be subject to certain time lags and/or delays. You are responsible for managing the types of text messages you receive.
Also, when you elect to revoke your consent or unsubscribe, you will receive one (1) final message from IU Health confirming that you have been inactivated in our system. Following such confirmation message, no additional text messages will be sent unless you re-activate your subscription.
8. Discussion Boards
If you are concerned about privacy, use caution when posting messages to our discussion boards. The discussion boards are open to others that use these areas and can read your posts. Any information you include when participating in discussion boards is available to anyone with access to these boards. For example, if you include your email address or health information in a message you post on a discussion board, it is accessible by others that use that message board.
We do not actively monitor these discussion boards and we reserve the right to remove any posts. Do not post any messages that are inappropriate, contain abusive language or threaten or violate the privacy or rights of our company, sponsors, or visitors. We may remove any messages posted on discussion boards for any reason.
9. What Types of Information Do We Collect?
When you use our Digital Services, we collect information from or about you, including the device you have used to access and use the Digital Services, in a variety of ways.
- We collect and store information that you provide directly to us on or through the Digital Services. This includes:
- Account information, such as your name, email address, password, postal address, billing address, shipping address, phone numbers, age, date of birth, and any other identifying information you provide;
- Transaction information, such as your health insurance information and limited payment information from you, such as payment method and payment card information;
- Information about others, such as the names and the contact information of your providers, your representatives, and any dependents in your care;
- Health information, such as your medical condition and information;
- Email address, first and last name, ZIP code, year of birth, gender, and marital status when you register for free emails. We also ask you to select a personal password. In addition, we give you the option to provide additional information, including city, state and topics of interest;
- When you register to use discussion boards, we require that you provide your email address and select a username and password;
- Other information you choose to provide, such as when you conduct a search; fill out a form; request an appointment; participate in a survey, assessment, contest, or promotion; use other interactive areas of the Digital Services such as chat or other communication features; have live audio and video visits or interactions; or request technical or customer support; and
- Photographs, audio-visual media, or other file types you upload along with any metadata associated with those files.
- We collect certain information automatically when you use or navigate our Digital Services. This includes:
- Log information, including where our systems record certain log file and usage information such as your Internet Protocol (“IP”) address, browser type and language, operating system, referring URLs, date and time of your visit, pages viewed, links clicked, movements through the Digital Services, and other information about your activities on our Digital Services; and
- Device information, such as the device used to access or use the Digital Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information. If your device settings permit, we may also collect information about the location of your device to facilitate your use of certain features of the Digital Services.
- We may use Cookies to automatically collect the types of log and device information described above. By using our Digital Services, you consent to our use of Cookies. See paragraph 13 below for additional information about our use of Cookies.
10. How Do We Use Your Information?
We may use information we collect to, among other things, communicate with you, provide you with information, optimize your web experience or provide customer service, conduct research and analysis, market and advertise to you, manage your participation in these forums and improve, evaluate, enhance our services and operations, or to comply with applicable laws, regulations and court orders. We may also combine information collected through different Digital Services or portions of our Digital Services. We may also anonymize, de-identify or aggregate this information for our use.
11. How Do We Share Your Information?
We may share information with or receive information from third-parties in the following ways: (1) with our third-party service providers that perform services for IU Health or support the Digital Services, subject to appropriate agreements as necessary with those third-parties ; (2) within our group of subsidiaries and affiliates; (3) with others that provide tracking of the Digital Services’ activities and analytics, and to otherwise enable us to send you marketing materials, special offers or perform other administrative services, and to support the purposes described in the section “How Do We Use Your Information”; (4) to protect the rights of others and in the course of legal proceedings or in response to legal orders or government requests, and as otherwise required by applicable law; (5) as needed to support compliance and corporate governance functions; and (6) in connection with a transfer of ownership or assets, a corporate reorganization, merger, or acquisition. Such third-parties may store, collect or otherwise have access to your information when you interact with their Cookies, content, tools, or apps on our Digital Services. When you use the Digital Services, you consent to this information collection, use and third-party sharing.
12. How Long Do We Keep Your Information?
We may retain the information identified above for an indefinite period of time, unless retention is prohibited or a different retention period for this information is required under applicable law.
13. Cookie and Other Similar Tracking Technologies (“Cookie Notice”)
Various tracking technologies that IU Health uses when you access and use our Digital Services are described below. Please read this Cookies Notice carefully. It is part of your general privacy Notice and describes how we collect and store information through tracking technologies such as cookies on our Digital Services, the reasons we use these technologies, and how you can manage settings related to tracking. We are giving you notice of these practices and your available choices regarding them so that your consent is meaningfully informed. You are responsible for managing any preference changes on your device or browser.
What are tracking technologies?
Tracking technologies are small data files placed on your computer's hard drive or mobile device when you visit our Digital Services, and includes browser cookies, pixel tags, web beacons, embedded scripts, local objects, and other tracking technologies (collectively referred to as “Cookies”). A Cookie can be a simple text file that helps your browser to remember certain information that the website can later retrieve to streamline communication between your browser and the website.
How does IU Health use Cookies?
IU Health uses Cookies without functionality. This means the Cookie cannot do anything to your device's hard drive and cannot read information from your device's hard drive. We use Cookies for the following reasons:
- To collect data on an aggregate basis to track site navigation, searches and/or performance. This information is not traceable to an individual user. Navigation streams are used to assist us in determining where people go when visiting our site and how long they stay in a particular area.
- Our Digital Services may contain Cookies as web beacons (i.e., clear gifs, pixel tags, and single pixel gifs) that permit IU Health to count users who have visited areas of our Digital Services or opened an email for the purposes of running statistical reports (e.g., identify content popularity, frequency of use, or navigation path(s) towards a goal or destination area).
- We use Cookies to enable the sharing of content through third-party social networks and other third-party websites.
- If your web browser settings allow your browser to share location information, some portions of our Digital Services collect location information (in the form of longitude/latitude coordinates) to identify the device or browser geographic location. This information is used by IU Health anonymously to track interest in IU Health by geographic region and to make recommendations and accommodations regarding the location of our services and access to facilities. Your web browser’s settings may be configured to restrict your browser from sharing your location.
How can you refuse Cookies on your device?
On your device, you may refuse to accept browser Cookies by activating the appropriate setting, and you may have similar capabilities on your device in the preferences for your operating system or browser. If you choose to turn off Cookies, you can still access areas of our Digital Services. Once the Cookie feature on your browser is turned off, you might have to "refuse" a Cookie each time you encounter one while using our Digital Services.
How can you manage your location data sharing?
For information on turning off location sharing in your device or browser, consult your device and browser documentation or user help information. If you choose to turn off location, you may still be able to access most areas of our Digital Services. Once the location sharing feature is turned off in your browser, you might have to “refuse” to share your location each time you visit the applicable Digital Service.
How can you manage Cookies on third-party sites?
If you click on a link to an external third-party website from an IU Health’s Digital Service, you will be leaving IU Health and will be directed to the third-party's website or digital services. Your device may receive Cookies from such other websites and services, including Cookies that allow location data collection, and we are not responsible for such Cookies and related data collected by such third-parties’ website you visit. You may manage Cookies placed by third-parties by following the instructions provided by the third-parties in their website policies and notices.
For information on managing these preferences, visit All About Cookies at https://allaboutcookies.org/how-to-manage-cookies or consult your Device or browser provider.
14. Surveys, Questionnaires and Polls
When you respond to surveys, questionnaires or polls on a Digital Service, we may ask you for demographic information such as your gender or age. This information is maintained as anonymous, aggregated information and is used for statistical purposes.
15. Contests
When IU Health runs a contest, we may ask for information when you enter the contest. If so, we will use that information for purposes of administering your participation in the contest.
16. Children
The Children’s Online Privacy Protection Act of 1998 (“COPPA”) addresses how information is gathered and used from children under the age of 13. While we are a non-commercial, nonprofit organization not subject to COPPA, our Digital Services are directed at an adult audience and are not intended or designed to attract children under the age of 13. IU Health does not knowingly allow children under the age of 13 to register on our site for any purpose or to access any features that require registration. We require visitors to indicate their year of birth to register.
If you learn that your child has provided us with personal information through our Digital Services without your consent, you may alert us at digitalprivacy@iuhealth.org. If we learn that a child has provided such personal information, except as required and authorized by law, we will delete that information from our system.
17. Leaving IU Health and Third-Party Links
This Notice applies only as long as you remain on the IU Health’s Digital Services where this Notice is posted or linked. Once you leave IU Health to visit another site of a third-party that is not under a contract with us to provide or support our Digital Service, we are not responsible for the privacy or security of your information you provide to such third-party or that the third-party collects when you use their website or digital services, even if you reached such website or service by clicking on a link within IU Health. This includes when you click on a link or a "Return to" or "Back to" banner for another web site, you will be leaving our Digital Service and will be directed to visit or view content from the linked web site, including in a second, smaller "pop-up" window.
18. Effect of this Notice
This Notice is not intended to and does not create any contractual or legal rights in or on behalf of any party.
19. Notice to Non-US Residents and Non-Indiana Residents
IU Health provides services in the State of Indiana, in the United States. We are subject to the United States federal laws and regulations and Indiana state laws and regulations that govern the privacy and security of patient healthcare information, as well as consumer protection laws and regulations. The data protection laws of other countries and other states may differ as to how your personal information is protected. As a non-U.S. resident or non-Indiana resident, when you provide your personal or other information to us, or direct your healthcare provider to provide your information to us, you consent that IU Health may process your information in the State of Indiana, in the United States, subject to the state laws of Indiana and the federal laws of the United States.
20. Modification
IU Health can modify this Notice (including the Cookie Notice) at any time and without prior notice to you, and such modifications will become effective and binding immediately upon posting of the revised Notice. Also, new services, terms, and specific Cookies may be added from time to time without prior notice. Please regularly review this Notice periodically, because you will be bound by any changes made, and continued use of the Digital Services constitutes agreement to any modifications.
21. Revision Information
This Notice was last updated on May 3, 2023.