Skip To Main Content
HomePolicies Privacy Policy
Policies
Get Started

    Privacy Policy

    Privacy Policy

    PLEASE READ THIS POLICY CAREFULLY TO UNDERSTAND HOW WE TREAT YOUR INFORMATION AS WELL AS YOUR CHOICES AND RIGHTS IN THIS REGARD. IF YOU DO NOT AGREE WITH THE TERMS OF THIS POLICY, YOU SHOULD NOT ACCESS OR USE THE SITE OR THE APP.

    Introduction

    Rochester Regional Health (also referred to herein as “we,” “us,” and “our”) is committed to protecting the privacy and security of the information we collect, use, share, and otherwise process. We also believe in transparency, and we are committed to informing you about how we treat your information.

    When Does This Policy Apply?
    This Privacy Policy (the “Policy”) describes our practices regarding your personal information when you visit our websites that link to this Policy (the “Site”) or use our MyCare Mobile App (the “App”). However, this Policy does not apply to any information that is Protected Health Information (“PHI”), as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). We only collect, receive, maintain, use, and disclose PHI as permitted or required by applicable law, and you may learn more about how we use and disclose PHI and your rights under HIPAA by reviewing our Notice of Privacy Practices.

    United States
    The Site and the App are only intended for individuals located in the United States, and they are not intended for users located in other countries, including the European Union and the European Economic Area.

    How Do We Collect and Process Information?

    Protected Health Information
    Our collection, use, and disclosure of PHI is governed by our Notice of Privacy Practices. To the extent any of the information described in this Policy is PHI, our use and disclosure of it is governed by our Notice of Privacy Practices.

    What Other Information Do We Collect Online?
    We may also collect information that is not PHI, as described below. If any of the information described below is PHI, we will only use and disclose that information as described in our Notice of Privacy Practices.

    When you visit our Site or use the App, we may receive your name, address, email address, phone number, or other contact details.

    In order to access and use certain features of the Site and the App, you must first complete a registration. When you create an account and register with us, we collect your Contact Information and the username and password that you create.

    If you contact us via the Site or the App, in addition to your Contact Information, we will receive any comments, content, questions, or other information that you choose to provide. You can decide how much information you want to share with us in those communications.

    Our Site uses cookies and similar technologies. Please see the “Cookies and Similar Technologies” section of this Policy for more information.

    When you visit the Site or use the App, we automatically collect information from your browser and your device, including: the date and time of your visit; logs of error messages; data about which pages you visit; the version of the App you are using; and your Internet Protocol (IP) address, device identifier, device type, operating system, and browser type. If you use an Android device, the App also collects your connection type (cellular or WiFi) during an error.

    You may grant the following device permissions in the App:

    • Camera and Photos. This permission allows the App to access your device’s camera as well as images and video stored on your device. If this permission is granted, the App can create and save photos and videos on your device and access photos and videos already stored on your device.
    • Telephone. This permission allows the App to access your device’s telephony features. If you choose to call a phone number displayed within the App, the App will ask for permission to access your device’s phone to place a call to the selected phone number.
    • Microphone. This permission enables the App to access the microphone on your device. Granting access will allow you to use your device’s microphone for voice-based features in the App, including dictation.
    • Health Features. If you choose to use Apple Health, Google Fit, or a similar integration, the App will create identifiers to identify recipients of your data and store those identifiers on your device.
    • Bluetooth. If this permission is enabled, the App may use your device’s Bluetooth connectivity, which will enable features like notifying front desk staff electronically when you arrive for an appointment. These features are not available in all locations.
    • Location. If this permission is enabled, the App can access your device’s precise location, which will enable certain features like location-based check-in for in-person appointments and enabling you to find healthcare providers near you. Location-based check-in is not available in all locations.
    • Push Notifications. This permission allows the App to send push notifications on your device. If granted, we may send a push notification to alert you of a notification in the App.

    The App utilizes, stores, and shares the data collected through these permissions as described in this Policy, although our collection, use, and disclosure of PHI is governed by our Notice of Privacy Practices. You may control and change the permissions granted through the user settings on your device.

    The App allows you to access and interact with your health information maintained in our electronic medical record system. In general, this information is PHI that is subject to HIPAA and our Notice of Privacy Practices.

    Choices. You can choose how you want to create, access, use, and share the information made available to you through the App. For example:

    • You may add a profile photo to your account in the App by selecting an existing photo on your device or by taking a new photo using the camera on your device. You may also include a photo or video in a message you send to your healthcare provider via the App. If you select an existing photo or video, we will store a copy of your chosen photo or video. If you take a new photo or video, the content is first saved to your camera app and then stored by us. The photo or video saved to your camera app remains available until you delete it.
    • The App may enable you to conduct a telehealth appointment with your healthcare provider.
    • Where automatic check-in upon arrival is enabled, the App temporarily stores identifiers and times for your upcoming appointments to detect when you arrive for your appointment.
    • If you view documents from your healthcare provider (such as letters or images) via the App, a copy is temporarily stored on your device so that the files are viewable. The temporary copies are deleted when you close your session on the App.

    Reminder About Security. Any person with access to your device (including if it is lost or stolen) may be able to access the App and the information available through it, so it is important for you to safeguard your device. Also, if you share information available via the App with a third party, that third party may not be required to keep it confidential. Please remember that emails and text messages are not secure and can be intercepted and read by third parties. Your sharing of information made available to you through the App is at your own risk.

    COVID-19. Although you may access COVID-19-related vaccination information, laboratory test results, and documents with illness-related information via the App, the App was not created specifically for the COVID-19 pandemic. The App existed before the COVID-19 pandemic to allow you to access your health information.

    Terms. Your use of the App is subject to the MyCare Terms and Conditions of Use.

    If you donate to our Foundation online, in addition to your Contact Information, we will receive information about your donation, including amount, designation, and any memorial information. Our payment processor will also receive your payment information, including credit card number, security code, and expiration date.

    Cookies and Similar Technologies

    What are first and third-party cookies?
    A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” cookie). “Session” cookies are temporarily stored on your device and remain there until they expire at the end of your browsing session. “Persistent” cookies remain stored on your device until they expire or are deleted by you. Local shared objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website. First-party cookies are set by the website you are visiting, and they can only be read by that site. Third-party cookies are set by a party other than that website.

    What are “similar technologies”?
    In addition to cookies, there are other data collection technologies, such as Internet tags, web beacons, pixels (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as you navigate through and interact with a website. For example, web beacons are tiny graphics with unique identifiers that are used to understand browsing activity. UTM codes are strings that can appear in a URL when you move from one web page or website to another. The string can represent information about your browsing, such as which advertisement, page, or publisher sent you to the receiving website.

    What cookies and similar technologies are in use on the Site?
    Depending on which page you are on, the Site uses cookies and similar technologies to improve functionality, to measure and track user interactions, to perform analytics, to market, to track ad-driven activity, and to otherwise tailor our communications.

    Pages within the mycare.rochesterregional.org subdomain do not use tracking technologies.

    Informational pages with the careers.rochesterregional.org subdomain use the following technologies:

    We use Simpli.fi to serve targeted advertisements to job candidates. View Simpli.fi’s Privacy Policy regarding its services.

    We use certain Google marketing technologies to track user activity on the Site and to serve personalized advertisements for job candidates. Your browser is assigned a pseudonymous ID used to track the ads that have been served to your browser and to identify those on which you’ve clicked. The cookies enable Google and its partners to select and display ads based on your browsing behavior. For more information on how Google uses this information, you can visit:

    We use Facebook’s technologies to serve relevant advertisements for job candidates and to track Facebook ad-driven visitor activity on the Site. Learn more about Facebook’s policies, and you can also find instructions for opting out of receiving advertisements via that page.

    We use Google Tag Manager, which allows marketed website tags to be managed using an interface. The tool itself (which implements the tags) does not use cookies and does not register identifiable data. The tool causes other tags to be activated which may, for their part, register personal data under certain circumstances. Google Tag Manager does not access this information. Google Tag Manager is subject to the Google Privacy Policy.

    We use Google Analytics to collect and process statistical data about the number of people using the Site and to better understand how they find and use the Site. The data collected includes data related to your device/browser, your IP address, and on-site activities to measure and report statistics about user interactions. The information stored is reduced to a random identifier. Any data collected is used in accordance with this Policy and Google’s privacy policy. You may learn more about Google Analytics by visiting:

    We use LinkedIn’s technologies for analytics and to add tags to our Site to allow for conversion tracking of LinkedIn ad campaigns to job candidates. These tools allow us to learn about user activity and LinkedIn audiences, to find trends in user engagement, to analyze trends with those groups to track user activity and to serve personalized advertisements. For more information on LinkedIn’s technologies and to view LinkedIn’s Privacy Policy, visit the following:

    We use Xandr, a Microsoft product, to serve relevant advertisements to job candidates. For more information on Xandr, visit the following:

    Other pages on the Site use the following technologies: 

    We use Google Translate to enable you to translate pages of the Site into your preferred language. For more information about how Google uses this information, you can visit:

    We use Piwik Pro Analytics to collect and process statistical data about the number of people using the Site and to better understand how they find and use the Site. The data collected includes data related to your device/browser, your IP address, and data about your on-site activities to measure and report statistics about user interactions. The information stored is reduced to a random identifier. Any data collected is used in accordance with this Policy and Piwik Pro’s privacy policy. Learn more about Piwik Pro Analytics. View Piwik Pro’s privacy policy.

    We use SiteImprove Analytics to measure Site performance and to track how users interact with the Site. Information collected includes: the URL visited; the title of the page; the SiteImprove account ID of the Site’s owner; the resolution of the user’s monitor/size of the browser window’ the referring address, if any (this is used to pick up search keywords, visits that came through links from other sites, etc.); the time it took to fetch and render the page; a session identifier, allowing us to view a series of page views as a coherent visit; and a random number to avoid caching. For more information on SiteImprove, view the following:

    We use New Relic to measure and monitor the performance of applications and infrastructure on portions of the Site. New Relic collects information such as how long it takes users’ browsers to load pages on the Site, where users come from, and what browsers they use. New Relic briefly collects and leverages your IP address as part of the data collection process. The IP address is used as a lookup value that maps to additional details, allowing us to diagnose performance issues. IP address lookup values include: countryCode, regionCode, city, asn, asnOrganization, asnLatitude, and asnLongitude. The mapping process for the IP address lookup value can range from minutes up to 24 hours to process. Once the mapping process is complete, New Relic no longer retains the IP address. New Relic sets cookies by default. If you elect to use a cookie consent manager to prevent cookies from being stored, the New Relic browser agent will continue to capture performance details. For more information regarding the cookies created by New Relic, please see:

    Other third-party technologies
    Some third parties may use data collection technologies to collect information about you when you browse the Internet. We do not control these third parties’ technologies or how they may be used. If you have questions about targeted content, you should contact the responsible party directly or consult their privacy policies.

    Choices about cookies and similar technologies
    Most web browsers are set by default to accept cookies. However, you may disable certain cookies and similar technologies via the cookies consent tool included on the Site. In addition, if you do not wish to receive cookies, you may set your browser to refuse all or some types of cookies or to alert you when cookies are being stored. These settings may affect your enjoyment of the Site’s functionality. Adjusting the cookie settings may not fully delete all of the cookies that have already been created. To delete them, you should review your web browser settings after you have changed your cookie settings. The links below provide additional information about how to disable cookies or manage the cookie settings:

    For more information about how to modify your browser settings to block or filter cookies, visit http://www.aboutcookies.org/. You may learn more about internet advertising practices and related consumer resources at https://youradchoices.com/controlhttps://thenai.org/about-online-advertising/faq, and http://www.networkadvertising.org/choices.

    How Do We Use Your Information?

    We only use PHI as described in our Notice of Privacy Practices. We may use your other information for the purposes described below where permitted by applicable law:

    • Operate and improve our operations, services, the Site, and the App
    • Provide you with services, content, and functionality
    • Improve our services and develop new services
    • Honor our terms of service and contracts
    • Manage our relationship with you and your use of the Site and the App
    • Communicate with you and respond to your feedback, requests, questions, or inquiries
    • Register you for our email list and send you periodic messages
    • Engage with you on social media
    • Enable you to share comments, questions, and answers
    • Improve our marketing efforts, including by providing more tailored advertising
    • Promote our services and contact you about other services
    • Administer a contest, promotion, or survey
    • Assess the success of marketing and advertising campaigns
    • Ensure the privacy and security of our Site, App, and services
    • Maintain our databases and back-ups, including records of our communications with you
    • Process payments and donations
    • Detect fraud and prevent loss
    • Support and improve the Site and the App, including evaluations of functionality and features
    • Analyze use of the Site, the App, and our services and prepare aggregate traffic information
    • Recognize your device and remember your preferences and interactions
    • Provide you with a more personal and interactive experience on the Site and the App
    • Determine and track user interests, trends, needs, and preferences
    • General operational support, including procurement, financial and fiscal management, risk and compliance management, and reporting
    • Facilitate corporate mergers, acquisitions, reorganizations, dissolutions, or other transactions
    • Obtain and maintain insurance coverage and professional advice
    • Accomplish any other purpose (a) that is related or ancillary to any of the purposes described in this Policy, (b) that is described to you when you provide the information or to which you consent, or (c) for which we have a legal basis under law
    • Comply with federal, state, or local laws
    • Comply with a civil, governmental, or regulatory inquiry, order, subpoena, summons, or process
    • Cooperate with law enforcement agencies
    • Exercise or defend legal rights or claims
    • Create, use, retain, or disclose de-identified or aggregated data

    How Do We Share Your Information?

    We only disclose PHI as described in our Notice of Privacy Practices. We may share your other information for the purposes described below where permitted by applicable law:

    We may share your information with our subsidiaries and affiliates and with their respective officers, directors, employees, and agents.

    We may disclose your information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of our organization or some or all of our assets. If we are acquired by or merged with another entity, your information may be transferred to the new owners.

    We may disclose information in response to subpoenas, warrants, court orders or other legal process, or to comply with relevant laws. We may also share information in order to establish or exercise our legal rights or claims; to defend against a legal claim; and to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our contracts or terms.

    We may share information with our service providers and professional advisors (accountants, attorneys, etc.) that need access to information to provide services on our behalf.

    If you make a donation to the Foundation, we may publicize that donation unless you have requested to remain anonymous.

    We may share with third parties aggregated information and anonymous or de-identified data that does not identify any specific individual, such as groupings of demographic data or user preferences.

    How Long Do We Keep Your Information?

    We maintain PHI as required by law and as described in our Notice of Privacy Practices.

    We will keep your other information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to operate our business, and to enforce our agreements. We may delete your other information if we believe it is incomplete, inaccurate, or that our continued storage of it is contrary to our objectives or legal obligations. When we delete data, it will be removed from our active servers and databases, but it may remain in our archives when it is not practical or possible to delete it.

    We may retain and use anonymous, de-identified, or aggregated information for as long as is permitted under applicable law.

    How Do We Protect Your Information?

    We have adopted security measures that are designed to protect the information under our control. From time to time, we review our security procedures and consider new technologies and methods.

    But, no security system is perfect, and no data transmission is 100% secure. Although we strive to protect your information, we cannot guarantee or warrant the security of any information transmitted to or from the Site or the App. Your use of the Site and the App is at your own risk. We cannot guarantee that your data will remain secure in all circumstances.

    If a data breach compromises your information, we will notify you and any applicable regulator when we are required to do so by applicable law.

    Your Rights and Choices

    Please use the “Contact Us” details provided at the end of this Policy to exercise your rights and choices under this Policy. We honor requests when we are required to do so under applicable law.

    HIPAA
    For information about your rights under HIPAA with respect to PHI, please see our Notice of Privacy Practices.

    Email Preferences
    If you do not want to continue receiving emails from us, you may opt-out by clicking the “unsubscribe” button at the bottom of our emails or by contacting us at link@rochesterregional.org. Please provide your name and contact information in your request, and we will respond to your request in accordance with applicable law.

    Update Your Information
    Our goal is to keep your information accurate, current, and complete. If any of your information changes, please let us know via the “Contact Us” details at the end of this Policy.

    Complaints
    If you believe your rights relating to your personal information have been violated, please contact us via the “Contact Us” details provided at the end of this Policy.

    Third-Party Sites and Services

    This Policy only applies to the Site and the App. It does not apply to any websites, applications, or services from third parties.

    The Site and the App may include links to, or content from, third parties. These links are to external resources and third parties that have their own privacy policies. It may not always be clear which links are to external, third-party resources. If you click on a third-party link, you will be redirected away from the Site or the App. You can check the URL to confirm whether you have left the Site.

    We cannot and do not (1) guarantee the privacy or security practices of third parties or any content provided by third parties; (2) control third parties’ collection or use or your information; or (3) endorse any third-party information, products, services, applications, or websites.

    Any information provided by you or collected from you by a third party will be governed by that party’s privacy policy and terms of use. You should review their privacy policy and terms of use carefully.

    Children's Online Privacy Protection Act

    We are a nonprofit organization, and the Site and the App are not directed to children under the age of 13, and we do not knowingly collect information online from children under the age of 13. No one under the age of 13 may access, browse, or use the Site or the App or provide any information to us online. If we learn that we have collected or received personal information from a child under the age of 13 online without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and to delete it. If you believe we have any received information from a child under the age of 13 online, please contact us using the “Contact Us” details provided below.

    For more information about Children’s Online Privacy Protection Act, please visit the Federal Trade Commission’s website.

    Updates and Changes

    We may update this Policy from time to time. If we change this Policy, we will post the revised version on the Site and the App. Any changes, updates, and modifications will be effective immediately upon posting. If we make material changes, we may also notify you through a notice on the Site’s homepage and in the App, and/or we may send you an email regarding the updates.

    You should read this Policy carefully before using the Site or the App, and you should review it from time to time so that you are aware of its current terms. Your continued use of the Site or the App after the “Last Updated” date will constitute your acceptance of and agreement to any changes and to our collection, use, and sharing of your information according to the then-current Policy. If you do not agree with this Policy, you should not use the Site or the App.

    Contact Us

    For more information or if you have questions about this Policy, you may contact us using the information below:

    Mail:
    Rochester Regional Health
    Chief Privacy Officer
    1425 Portland Avenue
    Rochester, NY, 14621

    Call Center: (585) 922-LINK (922-5465)

    Toll-free: 1-877-922-5465

    Email: link@rochesterregional.org

    We are here to inform and serve our community
    Sign up for health info updates