Last Updated: April 23, 2021
Information You Provide to Our Websites
Information That You Give Us
You may contact us through the methods listed on Our Website, and we may keep a record of the communication to help answer or resolve the matter you contacted us about. You can decide how much information you want to share with us in those cases.
Our Website and Servers, Your Use of Browsers
Your browser or device may tell us:
- Your browser type;
- Language preference;
- The Internet Protocol (IP) address (which may tell us generally where you are located); and
- The type of device or system you used.
Your browser may also tell us information such as:
- The time and date of your request;
- The page that led you to Our Website; and
- The search terms you typed into a search engine that led you to Our Website, if applicable.
We use Google Analytics cookies in areas of the Careers Site on the epic.avature.net domain to recognize you and collect information about your access to and use of that website. Cookies are small data files that are placed on your computer when you visit a website. Cookies are widely used by many website owners to make their websites work, operate more efficiently, and collect information. Our use of the Google Analytics cookie enables us to collect certain data about your visits to areas of the Careers Site on the epic.avature.net domain, including:
- Your IP address;
- The pages of our site that you visit;
- The time and date of your visit;
- The time you spend on certain pages on our site; and
- Various other statistics.
Information You Provide to Our Careers Site
Epic uses our Careers Site to help facilitate our recruitment process. When you contact Epic through our Careers Site to inquire about career opportunities at Epic, we may ask you to provide us with certain information so that we can evaluate you as a candidate and meet certain legal obligations. The personal information you provide directly to our Careers Site as part of the application process is in addition to the information you provide through Our Websites and may include:
- Demographic information, including race, gender, veteran status, and disability status;
- Contact information;
- Details of your qualifications, skills, experience, and education;
- Information about your employment history and salary;
- Whether you have a disability for which we can make reasonable accommodations during the recruitment process; and
- Information about your legal ability to work in the United States, the European Union, or another region as appropriate for the position to which you apply.
How Do We Collect Your Information?
During the recruitment process, you may provide information to us directly in the following ways:
- The application form on the Careers Site;
- Your resume or CV as submitted through your application;
- Tests or other forms of assessments administered during the recruitment process;
- Copies of transcripts or other documentation submitted by you during the course of your application; and
- Information collected from third parties, including previous employers and educational institutions.
How Do We Use Your Information?
The information that you provide to us directly during the recruitment process is retained and processed as we evaluate your interest in and fitness for a position. We may use this information for purposes such as:
- Evaluating your candidacy for a position at Epic;
- Contacting you during our recruitment process;
- Processing your employment if Epic offers you a position;
- Processing and storing your data for internal tracking metrics;
- Processing your data in order to meet certain legal or regulatory obligations; and
- Improving the Careers Site.
Epic has a legitimate interest in processing your data in order to manage our overall recruitment process and to assess whether you are a viable candidate for a career at Epic. All applicants, regardless of location, may opt out of any future contacts from Epic at any time.
Who Has Access to Your Information?
When you provide your information directly to Epic as part of the recruitment process, your information may be shared with Epic staff and certain third party service providers working with Epic, such as Avature Recruiting Solutions. Epic staff includes members of the human resources and recruitment teams, interviewers involved in the recruitment process, personnel in the business area to which you are applying, and information technology (IT) staff. Other third party service providers or contractors may also have access to your information if we reach out to references or conduct background checks.
How Long Does Epic Keep Your Information?
Epic will retain your information for as long as it makes use of such information as a part of the recruitment process and for other permitted purposes. If your application for employment is successful, information gathered during the recruitment process will be added to your human resources file and may be retained throughout your employment with Epic.
If you are a data subject as defined by the General Data Protection Regulation, (EU) 2016/679, you have a number of rights and can do any of the following by contacting Epic at EUPrivacyInquiries@epic.com:
- Request a copy of the data Epic has received about you;
- Request that Epic changes incorrect or incomplete data we have about you;
- Request that Epic delete or stop processing your data; and
- Express any concerns or objections you have about Epic’s use of your data.
Please note that if you contact us to assist you, for your safety and ours we may need to authenticate your identity before fulfilling your request.
How We Protect Your Personal Information
We use a combination of process, technology and physical security controls to help protect your information from unauthorized access, use, or disclosure, but remember that no method of transmission over the Internet, or method of storage, is 100% secure.
When you submit your information through Our Websites or our Careers Site, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the top or bottom of your web browser, or looking for “https” at the beginning of the URL address of the web page. We have internal policies and processes directed toward limiting access to your information to those employees, contractors, and agents of Epic who need to know such data to perform their jobs and develop or improve our websites, products, and services.
Links to Other Sites
Our Websites, including the Careers Site, contain links to other sites and may contain embedded media hosted by other sites, such as YouTube videos. Please be aware that Epic is not responsible for the content or privacy practices of other sites. We encourage you to be aware when you leave our site or engage with media hosted by another site and to read the privacy statements of any other site that collects your information.
Your Privacy Rights
Your California Privacy Rights
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit our CCPA privacy notice for California residents.
If you need to contact Epic’s Data Protection Officer or EU Representative as defined by the General Data Protection Regulation, (EU) 2016/679, please email EUPrivacyInquiries@epic.com or call +1 608-271-9000.
Carequality Information Handling Practices Statement
Epic is a member of Carequality, an initiative of The Sequoia Project. Epic makes functionality available to its customers to enable them to exchange data with other healthcare organizations using the Carequality Framework. Epic does not handle information transmitted in the course of its customers’ use of Carequality.
Last Updated: October 24, 2022
Dutch Translation / Nederlandse Vertaling
Mobile Apps for Patients
Our mobile applications for patients, including MyChart for iOS and Android, connect to servers and systems operated and maintained by healthcare organizations that use Epic – to provide patients with secure, mobile access to health information in those servers and systems.
We refer to our mobile applications for patients as “mobile apps” in this policy.
This policy describes how we collect and use your information when you use our mobile apps.
We may update this policy at any time, and future updates are effective as soon as they are published. Your use of any of our mobile apps is also subject to the applicable End User License Agreement. If you use our mobile apps, you agree to the applicable End User License Agreement and consent to the use of your information as described in this policy.
Your Personal Information
The Limited Ways We Use Your Information
We do not sell or license your information. These are the limited ways we interact with your information in connection with our mobile apps:
- When you choose to add a profile photo to our mobile apps, you may select an existing photo on your device or take a new photo using the camera app on your device. If you select an existing photo on your device, we store a copy of your chosen photo in app-private storage on your device. If you use the camera app on your device to take a new photo, the photo you take is first saved to your camera app and then also saved to app-private storage on your device. If you remove the photo from your profile or delete our mobile apps, the copy of the photo is deleted from the app-private storage, but the photo saved to your camera app remains available in your camera app until you choose to delete it. If you already have a photo stored in your profile through your healthcare organization – we do not interact with that photo in any way.
- When you choose to use Apple’s HealthKit or Google Fit, we create encrypted identifiers to identify recipients of your Apple’s HealthKit or Google Fit data and store them on your device in app-private storage. If you choose to stop using Apple HealthKit or Google Fit or delete our mobile apps, the identifiers are deleted.
- When you choose to view documents from your healthcare organization (such as letters or images) using our mobile apps, to make the files viewable for you we temporarily store copies on your device in app-private storage. The temporary copies are deleted when you close your session on our mobile apps.
- When you choose to include a photo or video in a message you send to your healthcare organization using our mobile apps, you may select an existing photo or video from your device or take a new photo or video using the camera app on your device. If you use the camera app on your device to take a new photo or video, it will be saved to your camera app. Any photo or video saved to your camera app remains available in your camera app until you choose to delete it.
- If your healthcare organization offers telehealth visits using our mobile apps, when you join a visit with your provider, we will ask for permission to access your device’s video and audio functionality to make the telehealth visit possible. We do not record or store video or audio data from these visits.
- If your healthcare organization offers automatic appointment arrival and you choose to enable it, we temporarily store identifiers and times for your upcoming appointments in app-private storage to detect when you arrive for an upcoming appointment. If you choose to stop using our mobile apps or you disable automatic appointment arrival, the identifiers are deleted.
- If your healthcare organization offers location-based check in for in-person appointments, or allows you to find healthcare providers near you, you may choose to allow our mobile apps to interact with your location data for those purposes. We do not store your location data.
- If your healthcare organization allows you to notify front desk staff electronically when you arrive for an appointment, you may choose to allow our mobile apps to interact with your Bluetooth data for this purpose. We do not store your Bluetooth data.
- While you use our apps, if you choose to call a phone number displayed within the app, we will ask for permission to access your device’s phone to place a call to the phone number. We do not store your call history or data about the call.
- While you use our apps, we collect non-identifying information so we can provide customer service to you or your healthcare organization and understand how people use our mobile apps so we can improve our products. This information includes the time you began using the app, the healthcare organization you interacted with, any error messages or codes, the model of device used and its operating system, and the version of our mobile app used. If you use Android devices, we also collect your connection type (cellular or WiFi) during an error.
- You may contact us through the methods listed on Our Website. If you contact us, we may keep a record of the communication. You can decide how much information you want to share with us in those cases.
Your Healthcare Organizations
For Android Users – Required Google Play Disclosures for Certain Health Apps
Google has determined our mobile apps are subject to their COVID-19 apps requirements. As a result, we are required to provide the following information so we can make our mobile apps available to you in the Play store.
- Our mobile apps interact with your microphone only if you choose to use your microphone to navigate our mobile apps. Our mobile apps interact with your camera roll only if you choose to add a profile image to a profile in our mobile apps. This information is not used in connection with COVID-19.
- Our mobile apps access, collect, use, and share your information (including video, audio, images, files, phone) as stated above in the section titled, “The Limited Ways We Use Your Information.” We also prominently highlight these uses, describe the type of data being accessed, and obtain your consent for these purposes as you use our mobile apps.
- Our mobile apps were not created specifically for the COVID-19 pandemic. They existed before the COVID-19 pandemic to allow you to access your health information on file with your healthcare organization. Your healthcare organization may allow you to access COVID-19-related vaccination information, laboratory test results, and documents with illness-related information using our mobile apps. You may choose if or how you want to access, display, or use the information – just like you can make those decisions about health information relating to other conditions, services, tests, or vaccinations.
- Your healthcare organization may allow you to use our mobile apps to conduct telehealth appointments with your healthcare providers. Our mobile apps only provide the technical support for those appointments to happen. We do not interact with any health information about you exchanged during any telehealth appointments.
How We Protect Your Personal Information
We use technical controls and safeguards to protect the privacy, security, integrity, and availability of your personal information.
- We enable the use of multi-factor authentication for users of our mobile apps by default. Multi-factor authentication is required when you use our mobile apps unless your healthcare organization makes or allows changes to this control.
- We use https for secure communication between servers.
- When we store data on your mobile device, we store it in app-private storage that cannot be accessed by other apps.
- Before data is shared from our mobile apps, we provide in-app notifications so you can choose if you want to share the data.
- We disable screen-shot functionality by default for Android devices, and allow Android users to choose if they want to enable the function. We cannot disable this functionality in iOS.
- We maintain internal policies and processes that limit access to your information to our staff who need to know the information to perform their jobs.
- We maintain internal data retention and deletion policies to help us ensure we only store information about your use of our mobile apps as we describe in this policy.
Each healthcare organization you connect to through our mobile apps also uses safeguards to protect your information. Contact them if you have any questions about their safeguards.
You can take other steps to protect your information:
- Do not share the username and password you use with our mobile apps.
- Change your password immediately if you believe any unauthorized access has occurred.
- Use the security tools on devices you use with our mobile apps.
- Do not root or jailbreak devices you use with our mobile apps. Doing so can create security risks by removing your devices’ built-in security measures and exposing sensitive information on your device.
Your Privacy Rights
GDPR and UK GDPR Privacy Questions
If you need to contact our Data Protection Officer or EU Representative, please email EUPrivacyInquiries@epic.com or call +1 608-271-9000. If you are a Data Subject as defined by GDPR, you should reach out to your healthcare organization for requests related to your personal data accessed through our mobile apps.
California Privacy Questions
Please visit our Privacy Notice for California Residents .
If you have any questions about this policy, contact us at +1 608-271-9000 or at PrivacyInquiries@epic.com.
Last Updated: June 18, 2020
Epic takes very seriously its obligation to protect the confidentiality of your personal
information. Epic’s mobile applications for healthcare providers, including Haiku, Canto,
Rover, and Limerick, are intended to connect to servers and systems operated and maintained by
Epic community members in order to provide you secure, mobile access to those systems.
for providers (our “Applications”) use, store, and transmit information and data. Epic may
Applications is subject to the of the applicable Applications’ End User License Agreement.
Your Personal Information
When you use our Applications, Epic does not receive any personal data directly from you or your
device. As described below, our Applications connect with systems operated and maintained by a
healthcare institution that uses Epic’s software.
Connections to Healthcare Institutions
To use our Applications, you must have an account with a healthcare institution who uses
Epic’s software. Your use of our Application with that healthcare institution may be subject
to that healthcare institution’s policies and terms. You understand that while connected or
attempting to connect to a healthcare institution’s system, the healthcare institution may
collect, store, process, maintain, upload, sync, transmit, share, disclose, and use certain
data and related information, including but not limited to information or data regarding the
characteristics or usage of your device, system and application software, and peripherals
as well as your personal information, location data, and other content.
Please contact your healthcare institution if you have any questions about their policies or
Using Third Party Tools and Features
If you use any third-party tools and features, such as third-party speech-to-text dictation
or third-party video, your use of those features is subject to the terms and policies of
those third parties. If you have any questions about those terms or policies, you should
contact your healthcare institution or the provider of the third-party tool.
How We Protect Your Personal Information
The security of your information and data while using our Applications is very important to us.
Our Applications employ a variety of technical safeguards to protect the confidentiality,
integrity, and availability of your personal information including supporting Transport Layer
Security (TLS)/Secure Sockets Layer (SSL) certificate technology and encryption.
In addition, healthcare providers with whom you connect may use a variety of physical,
administrative, and technical measures to protect your personal information.
Your Privacy Rights
Your California Privacy Rights
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit our CCPA privacy notice for California residents or contact your healthcare institution.
If you need to contact Epic’s Data Protection Officer or EU Representative as defined by the General Data Protection Regulation, (EU) 2016/679 (“GDPR”), please email EUPrivacyInquiries@epic.com or call +1 608-271-9000. If you are a Data Subject as defined by GDPR, you should reach out to your healthcare organization for requests related to your personal data accessed through our mobile apps.