Internet Privacy Policy for Aurora Health Care

Effective Date: 04/01/2012

This Privacy Policy describes Aurora Health Care's online data collection practices and how we use and protect your personal information. This Privacy Policy applies only to the information collected on the general website (www.aurorahealthcare.org) and the mobile website (m.aurorahealthcare.org) (collectively "Website"), and does not apply to information that Aurora Health Care obtains about you from other sources.

Your Consent

By using the Website, you consent to the collection and use of your information in the manner we describe in this Privacy Policy. IF YOU DO NOT AGREE WITH THESE TERMS, DO NOT USE THIS WEBSITE.

Changes to Our Policy

We reserve the right to modify or amend this Privacy Policy at any time. All changes to this Privacy Policy will be effective immediately upon their posting to the Website. We will notify you of material changes to this Privacy Policy by conspicuously posting the changes on the Website. Information collected before changes are made will be treated in accordance with the previous Privacy Policy. Each version of our Privacy Policy will be prominently marked with an effective date.

CONTINUED USE OF THE WEBSITE AFTER THE EFFECTIVE DATE OF A PRIVACY POLICY WILL INDICATE YOUR AGREEMENT TO ANY MODIFIED TERMS.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Aurora Health Care's use and disclosure of certain of your information may be subject to the requirements of the Health Insurance Portability and Accountability Act of 1996, commonly referred to as HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"). Any information that you submit to us that constitutes "Protected Health Information," as defined by HIPAA, is subject to HIPAA and HITECH. The term "Protected Health Information" or "PHI" refers to personally identifiable information about your past, present or future physical or mental health or condition, the provision of health care to you or the past, present or future payment for such care. If any information collected on this Website constitutes PHI, then our Notice of Privacy Practices will apply.

Information We May Collect

Non-Personally Identifiable Information

When you visit our Website, we may passively collect non-personally identifiable information about you via certain Internet technology tools. This information consists of your IP address, cookies and web beacons, as well as information regarding the type of browser and operating system that you use, along with other similar analytic data. Additionally, if you are using your mobile device to access Aurora Health Care's mobile website, we may also obtain the location of your mobile device with your express consent.

Your "IP address" is usually associated with the network location and physical location from which you enter the Internet.

The term "cookies" refers to electronic data stored by your computer browser. The cookies enable us to facilitate your access to different aspects of the Website. For example, by showing when and how you visit our Website, cookies help us to see which pages of the Website are popular and which are not. Cookies can also help us to improve your enjoyment of this Website, for example, by remembering your address or other information when you request information or services on the Website. Most web browsers automatically accept cookies, but you can disable this function so that your browser will not accept cookies. Please be aware that if you disable this function, it may impact your use and enjoyment of the Website.

The term "web beacons" refer to Internet tools, such as transparent images on the Website or in emails that we may send to you that help us to determine, for instance, whether a page has been viewed or an email opened. For example, when you ask us to send you information on a promotion or newsletter, we may use web beacons to determine how many of the emails that we sent you were actually opened. In general, any electronic image viewed as part of a web page, including a banner ad, can contain a web beacon. These Internet technology tools allow us to track the internet browser most commonly used to access our site and the pages that are most popular, which statistics assist us in making our Website more user-friendly and accessible.

If you are on our mobile website, you will be asked whether you want us to access your geographic location based on the location of your mobile device. If you select yes, and save that setting, we will access and collect that data to be used as set forth below.

We may also ask that you participate in anonymous surveys, which allow us to collect additional data to help us improve our site. Participation in such surveys is voluntary and is not connected to any of your personal information.

We may use third party service providers to assist us in collecting and analyzing this non-personally identifiable information.

Personally Identifiable Information

In your use of the Website, we may collect any information that you voluntarily share with us. This information may be collected when you send us emails or voluntarily submit information to us via the Website. This information may include your (1) contact information (such as name, address, email address and phone number), (2) age, (3) gender, (4) date of birth, (5) insurance information, (6) health and medical information or other PHI, (7) account numbers, (8) financial and payment information, and (9) any other information you choose to provide us, subject to applicable laws and the terms of this Privacy Policy.

We may use third party service providers to assist us in collecting and maintaining this personally identifiable information. However, we require such service providers to maintain the confidentiality of such information.

How We Use the Information We Collect

Non-Personally Identifiable Information

We use non-personally identifiable information in the aggregate to determine how much traffic the Website receives, to statistically analyze Website usage, to improve our content, and to customize the Website's content, layout and services. In addition, we may use your IP address to help diagnose problems with our server, to manage the Website and to enhance the Website based on the usage pattern data we receive. Furthermore, if you are using our mobile website, upon you first granting us permission, we will obtain the location of your mobile device in order to allow us to provide you with information, including the Aurora Health Care facility or the Aurora Health Care physician closest to you.

Personally Identifiable Information

We will use personally identifiable information for: (i) the purpose for which you provide it; (ii) as otherwise may be disclosed at the point of collection; and/or (iii) for the purposes described below. For example, we may use your contact information as provided to us, such as email address, telephone number, and/or mailing address, to contact you regarding administrative notices and communications related to your use of the Website or otherwise as you may request, such as for an employment application. As another example, we may use your financial and insurance information to process payments you request or otherwise adjust your account. We will not send you promotions or announcements unless you give us permission to do so.

We may use your personal information to provide you with certain medical content and information that we believe may be of interest or use to you and provide you with a customized experience on the Website.

In providing our services to you, your personal information may be disclosed to or collected by third-party suppliers and service providers specifically involved in the processing of your information received via the Website and as otherwise necessary to manage our Website and provide the services you request. We may also use third party service providers to host the Website and gather and use on our behalf your personal information as contemplated by this Privacy Policy and applicable law. All such third parties are subject to confidentiality obligations in an attempt to protect your information as much as is commercially reasonable.

In addition, we may use your personal information in the aggregate in a non-identifiable way in order to better understand the services being provided, how to improve these services and how to improve the Website. We may provide this aggregated information to third parties, but when we do so we do not provide any of your information without your express permission.

We may also use or disclose your personal information and review the status or activity of multiple users to resolve disputes, investigate problems, and enforce our Website Terms of Use or any other agreement with Aurora Health Care. We may disclose or access information whenever we believe in good faith that the law so requires, upon sale or reorganization of our company or some or all of its assets, or if we otherwise consider it necessary to do so to maintain service and improve our products and services. Except as stated above, we will never sell, distribute, or release to a third party your personal information without your express permission.

Access to Your Personally Identifiable Information

Upon written request and verification of your identity, we will provide you with your personal information in our possession as well as the personal information, if any, that we have disclosed to third parties. Requests for such information should be sent to the contact information below.

You may also update, correct, or delete your personal information in our possession by contacting us using the contact information below. If you have registered for a "members only" portion of our Website, or MyAurora, you may also update your personal information by logging into your account.

Handling of Electronic Records and Backup

In general, we will retain all information collected through the Website for, at a minimum, the length of time permitted by law. However, we will delete any personally identifiable information in our database upon your request or as otherwise required by law. We may, however, retain non-personally identifiable information indefinitely.

We maintain backup files as a protection against natural disasters, equipment failures, or other disruptions. Backup files protect you and us because they lower the risk of losing valuable data. Backup files may contain records with your personal information. Removing a record from our active files and databases does not remove that record from any backup systems. Such backup data will eventually be passively deleted as backup records are erased through the normal recycling of backup files. In the meantime, as long as backup records exist, they receive the same security protections as our other records.

Security

Communications between your browser and portions of the Website containing personally identifiable information are protected with Secure Socket Layer (SSL) encryption. This encryption is to help protect your information while it is being transmitted. Once we receive your information we strive to maintain the physical and electronic security of your personal information using commercially reasonable efforts.

NO DATA TRANSMISSION OVER THE INTERNET OR ANY WIRELESS NETWORK CAN BE GUARANTEED TO BE PERFECTLY SECURED. AS A RESULT, WHILE WE STRIVE TO PROTECT YOUR PERSONAL INFORMATION USING COMMERICALTY AVAILABLE AND INDUSTRY STANDARD ENCRYPTION TECHNOLOGY, WE CANNOT ENSURE OR GUARANTEE THE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US, AND YOU DO SO AT YOUR OWN RISK.

In the Event of a Security Breach of Your Personal Information

If we determine that your personal information has or may reasonably have been disclosed due to a security breach of our systems, we will notify you, at the contact information provided to us, in accordance with and to the extent required by applicable state and federal law.

Third Party Privacy Practices

This Privacy Policy applies only to the Website as provided by Aurora Health Care. This Website may contain links to other websites, which may be subject to a different privacy policy or are otherwise maintained or provided by a third party. We are not responsible for the privacy practices of any third party website you access from this Website. You should review the privacy policy of every website before using the website or submitting any information to the website.

Children under the Age of 13

No part of the Website, or any services made available through the Website, are designed or intended to attract children under the age of 13. No personal information is knowingly collected from any person under the age of 13.

Contact Information

If you have any questions or concerns about this Privacy Policy or Aurora Health Care's privacy practice, or access to your personal information, please contact us at the following:

Aurora Health Care Administrative Offices
750 West Virginia Street
P.O. Box 341880
Milwaukee, WI 53204-1539
internet@aurora.org