Universal Health Services, Inc. (“UHS Inc.”) is a holding company that operates through its subsidiaries including its administrative services company and subsidiary, UHS of Delaware, Inc. All healthcare and management operations are conducted by subsidiaries of UHS Inc. Any references to “UHS” or “UHS facilities” (or “we,” “us,” “our” or “the company”) on our Sites and in our Materials that relate to healthcare or management operations are referring to UHS Inc. subsidiaries, including UHS of Delaware, Inc.
We may occasionally make changes to this Policy. Whenever a change is made to this Policy, we will update the information on this page, so please review this Policy regularly. Continued use of the Sites constitutes your acceptance of the revised Policy.
Note: This Policy does not govern how we collect or use protected health information (“PHI”), as defined under the Health Insurance Portability & Accountability Act (“HIPAA”) and related regulations. That information—such as patient records and bill payment details—is governed by a separately-provided HIPAA Notice of Privacy Practices, which may be specific to a UHS facility in some circumstances. The HIPAA Notice of Privacy Practices shall supersede this Policy in the event of any express conflict.
1. Types of Information We Collect
In order to better provide you with our Sites, we may collect the following categories of information through the Sites: (i) contact information you provide (such as name, mailing address, e-mail address, or phone number), (ii) transactional and payment information, such as if you make a donation, (iii) any subscription preferences if you receive communications from us, (iv) any surveys you respond to with feedback, and (v) Online User Activity as described below.
If you participate in wellness and health condition management programs, those programs and associated coaches and providers may contribute program-related information to your account. Devices, such as scales, pedometers, blood pressure cuffs, and glucometers, may contribute data to your account directly or through a manufacturer’s website if you grant them permission to do so.
If you provide us with information regarding another individual, you represent that you have that person’s consent to provide such information and to permit us to use it in accordance with this policy.
If you provide an employment application, we may require additional information including information about your work history, education, particular skills or training, honors and awards, professional licenses, resume, etc. We may also ask for employment references and your consent to various terms and conditions of employment.
2. Patient Portals
Our Sites may include access-controlled portals where you can login to see patient records, pay bills, or perform other patient-related activities (collectively, “Patient Portals”). Patient information in these Patient Portals can include contact information, demographic information, health records, billing statements and various identifiers (such as medical record number and insurance policy numbers). This information is typically PHI and therefore subject to the protections described in our HIPAA Notice of Privacy Practices as noted above.
3. Online User Activity (Cookies and collection of Device and Browser Level Information)
We may collect certain information about your device and use of our Sites by automated means, including but not limited to cookies, pixels and other similar technologies (“Online User Activity”). These technologies can be implemented by us independently or by using third-party products or services (such as from Google). “Cookies” are small data files that online services can store on, and retrieve from, a user's computer or mobile device through the web browser. The information is stored and retrievable either for the duration of a website visit (known as “session” cookies), or until some later point in time set by the website dropping the cookie (known as “persistent” cookies). Cookies are very commonly used by websites and most browsers are configured by default to accept cookies.
When you use the Sites, the information we may collect by automated means includes, for example:
- Usage details about your interaction with our Sites (such as the date, time, and length of visits, and specific pages or content accessed during the visits, search terms, frequency of the visits, referring website addresses);
- Device information including the IP address and other details of a device that you use to connect with our Sites (such as device type and unique device identifier, operating system, browser type, mobile network information, and the device's telephone number); and
- General location information if your device shares information about its location. Cookies and these other technologies can help us automatically identify you when you return to our Sites.
Cookies help us review website traffic patterns and improve the website, and determine what Sites are popular. We can also use such information to deliver customized content and advertising to users of the Sites whose behavior indicates that they are interested in a particular subject area. These tools also help us track and analyze visitor activity on the Sites, measure the effectiveness of our advertising efforts, and support the optimization of our digital marketing campaigns.
You can turn off tracking cookies from our Sites in your browser by clicking here or with the settings or opt-out button on the cookie banner which appears when visiting the Sites. In addition, our Sites endeavor to process “Global Privacy Control” (“GPC”) signals from web browsers by automatically opting-out users from third party tracking cookies, although GPC technology is not fully developed and it is not yet supported by all browsers. Due to technical limitations, your opt-out (i) will only be effective for the browser you are using at the time, so you may need to separately opt-out on other browsers or devices that you use to visit our Sites, (ii) will only be effective for the Site you are currently visiting, so you may need to separately opt-out on other Sites we manage, and (iii) your opt-out settings may be periodically cleared by your browser and they will eventually expire (as determined by your browser), so you should periodically check your cookie settings. We are still implementing cookie opt-out capabilities and they are not yet available on all of our Sites, so you cannot adjust your cookies use directly on those Sites. As an alternative, most browsers and some third-party browser tools allow the visitor to reject cookies. In either instance, if you choose to decline cookies, you may not be able to fully experience the interactive features our Sites provide.
4. How We Use Information We Collect
We may use the information we obtain about you for purposes allowed by applicable laws, including:
- Provide the Sites to you, including to provide the services offered through the Sites or otherwise us, manage any transactions (e.g., donations), and provide other important notices;
- Respond to your requests, questions and comments;
- We may send you surveys and solicit responses, but participation in these surveys is completely voluntary and we generally do not collect any personal information when conducting such surveys;
- Monitor the performance of our Sites including metrics such as total number of visitors, traffic, and demographic patterns;
- Tailor the content we display through the Sites and in our communications, including any content or advertising that we believe may be of interest to you;
- Operate, evaluate and improve our Sites, and diagnose or fix technology problems;
- Provide important notices or changes to this Policy, or our Terms; and
- Comply with and enforce as needed applicable legal requirements, industry standards, our policies and our contractual rights.
We may also use or share information in an anonymized or aggregate manner for many purposes such as research, analysis, modeling, marketing, and improvement of our Sites. By using our Sites, you consent to us using your de-identified data for any such purposes as permitted by law.
5. How We Share Information
We will not disclose your personal information to third parties without your consent, except in the following circumstances.
- We may share your information with service providers that we believe need the information to perform a technology, business, or other professional function for us (examples include IT services, maintenance and hosting of our Sites, payment processors, marketing partners, and other service providers). We only provide such vendors with information so they can perform their required functions on our behalf.
- If a patient or other individual voluntarily shares or submits any content for public posting through our Sites (e.g., picture, story, commentary), or link it to any social media platforms, that post and any content or information associated with it may become available to the public.
- We also may disclose information about you (i) if we are required to do so by law or legal process, (ii) when we believe disclosure is necessary to prevent harm or financial loss, (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity; or (iv) under exigent circumstances to protect the personal safety of our staff, users or the public.
- We reserve the right to transfer the information we maintain in the event of an organizational change of control (e.g., merger or acquisition). If we engage in such a change of control, your personal information will be transferred subject to this Policy.
Where appropriate, we will limit sharing of your information in accordance with the choices you have provided us and applicable law.
6. Your Privacy Choices
We offer you certain choices about what information we collect from you, how we use and disclose the information, and how we communicate with you.
- You may disable cookies as described above in the Online User Activity section.
- You may choose not to receive marketing-related emails from us by clicking on the unsubscribe link in such emails or by emailing us as directed below.
- If applicable to you, you have certain rights under HIPAA with respect to your protected health information, please see our separately-posted HIPAA Notice of Privacy Practices for more information.
- The residents of certain states are entitled to additional privacy disclosures and privacy rights, please see the end of this Policy regarding such disclosures and to learn more about exercising those rights.
7. Links to Third Party Websites and Services
Our Sites may include links to other websites or online services, including social media, that are offered by third parties. Please be aware that we are not responsible for the content or privacy practices of such other websites or online services, and we encourage you to be aware when you leave our Sites and to read the privacy policies of any such third party that may collect your personal information, since their privacy practices may differ from ours.
8. Online Advertising
You may see us advertising on other websites or social media platforms. Please note that advertising services do not always provide us with complete information about the websites or platforms where our advertising may appear. If you believe that our advertising is being displayed through websites or channels that promote inappropriate or offensive content, please contact us as directed below.
9. Security and Confidentiality
We endeavor to maintain reasonable, appropriate and customary procedures and technologies to safeguard the confidentiality of any personal information you send to us. Generally, the information we collect is securely stored, with physical and electronic access to controls to protect that information. However, we cannot ensure the security of any information you transmit to us, or guarantee that this information will not be accessed, disclosed, altered, or destroyed. We will make any legally required disclosures in the event of any compromise of personal information.
10. Protecting the Privacy of Children
Our general use Sites are not directed to children nor intended for use by children. If we learn that we collected personal information from a child under age 13 without parental consent we will endeavor to promptly delete that information.
11. Retention of Information
The information submitted through our Sites is retained as long as we deem needed for business and legal purposes, in accordance with state and/or federal laws, and subject to applicable document retention policies. Retention may be based on a number of factors, including (i) while we have an ongoing relationship with you and as long as is reasonably necessary to provide you with services, and for the other purposes we use your information as described above, and (ii) as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
12. State Specific Notices
(A) Residents of California or Virginia (and after July 1, 2023, residents of Connecticut and Colorado)
This Section is provided specifically for residents in the above states. In addition to the disclosures provided above in this Policy, if you reside in one of the above states you can exercise certain additional rights as described below regarding your personal information. Note that this does not pertain to any requests concerning protected health information (PHI), which are instead addressed in our separately-posted HIPAA Notice of Privacy Practices.
- You may request a copy of the following: (1) the categories of personal information we collected about you; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting or selling (if applicable) the personal information; (4) the categories of third parties with whom we shared personal information, and the categories of personal information shared; and (5) the specific pieces of your personal information that we have collected, used, disclosed, or sold.
- You may request that we correct your personal information if it is inaccurate or delete your personal information. Note that deletion requests are subject to certain limitations, for example, we may retain personal information as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, to process transactions and facilitate customer requests, and for certain other internal business purposes described in this Policy.
- You have the right at any time to opt out of (i) any selling or sharing of your personal information to a third party (excluding service providers or other exceptions permitted by law); (ii) any third-party targeted advertising (i.e., cross-context behavioral advertising); (iii) any use of sensitive personal information (such as precise geo-location or financial information) except for the purposes it was collected and as otherwise permitted by law; or (iv) impactful profiling activities. Please note that as a general matter, we do not engage in any of these four activities described above, except with respect to Online User Activity for which you can opt-out of such activity as described above.
To request a copy of personal information we have collected about you, or to request that your information be corrected or deleted, or to opt-out of the activities described above, please contact us as directed below. You may authorize another person (your “agent”) to submit a request on your behalf the same way. Shortly after you (or your agent) submit a request, we will check our records for matching information and contact you (via the email address provided during submission of your request) with instructions on how to verify the request before we fulfill it. We will aim to complete requests as soon as reasonably practicable and consistent with any applicable laws. We may not, and will not, discriminate against anyone for exercising their privacy rights, including those provided by the applicable privacy laws.
If we deny a privacy request, you may appeal the decision to us at the contact information provided below. To the extent possible, please describe the basis for your appeal. We will endeavor to provide a prompt response. If we deny an appeal, you can raise any concerns with your state’s Office of the Attorney General.
(B) Residents of California only
The categories of information we collect are described above in this Policy, and include: (i) Identifiers such as name, email address, IP address, postal address and phone number, such as if you visit our Sites, create an account or engage in a transaction with us; (ii) Commercial information such as any payment activities; (iii) Internet activity such as the Online User Activity described above; (iv) Geolocation data including location enabled services such as WiFi; and (v) Sensitive personal information such as account credentials provided for any Sites, and financial information provided for a transaction.
California privacy rights apply to all individuals including job applicants, current and former employees, contractors and business partners. Due to the nature of these relationships, the collection and use of personal information can vary, but in general terms and in addition to all the disclosures above:
- Job applicants may provide us with personal information as part of an employment application and review process that includes the applicant’s contact information, education and employment history, resume and cover letter. We do not use this information for any purpose other than to evaluate the individual for employment with us and manage our careers program. Job applicants may provide additional information for routine background checks to a third-party provider of such services, under specific privacy terms and consents that will be provided at the time of collection.
- Employees receive disclosures during and after onboarding that provides additional details regarding our employee privacy practices.
- We collect contact information and other personal information reasonably necessary to engage and work with contractors and business partners in the course of a business relationship.
We do not have any financial incentives programs in connection with personal information, and do not generally assign monetary value to individuals’ personal information.
Do Not Track (DNT) is a privacy preference you can set in most browsers but there is no standard interpretation or practice for responding to DNT signals (see https://allaboutdnt.com/ for more information), and we therefore handle all information consistent with this Policy. As described above, we endeavor to support browser GPC signals and offer manual cookie opt-out for third party tracking cookies.
(C) Residents of Nevada
For Nevada residents, please note that we do not sell personal information as defined by Nevada law (Nevada Revised Statutes, Chapter 603A, Section 1.6), but you can submit a request to us at the contact information provided below.
13. International Data Transfers and Use
Our Sites are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than those of the United States. Any information you provide through use of the Sites may be stored and processed, transferred between and accessed from the United States and other countries which may not guarantee the same level of protection of personal information as the one in which you reside. However, we will handle your personal information in accordance with this Policy regardless of where your personal information is stored or accessed.
14. Contacting Us
If you have any questions, concerns or comment about this Policy or our privacy practices, or if you would like us to update information or preferences or exercise available privacy rights, please contact us at www.uhs.alertline.com or at 1-800-852-3449.
This policy was last updated on March 27, 2023.