Effective Date April 6, 2018

Overview

Epic Systems Corporation ("Epic") builds software and tools with the patient at the heart. No matter who you are or what brought you here, we appreciate that we’ve earned your time and attention. Whether you engage with Epic.com ("Our Website") through your mobile device, desktop computer, or your web browser, we may collect your personal information for a number of purposes as described in this policy.

This Privacy Policy is designed to inform you about how Epic collects and uses information you provide when you visit Our Website and how Epic processes your personal information when you apply for a position through careers.epic.com (our "Careers Site"). Epic may update this Privacy Policy, or other privacy notices established for other Epic websites, at any time we deem appropriate, and future updates to the Privacy Policy will be in effect immediately after being posted on this page. It is important that you check back from time to time and make sure that you have reviewed the most current version of this Privacy Policy.

Information You Provide to Our Website

Information That You Give Us

You may contact us through the methods listed on Our Website, and we may keep a record of the communication to help answer or resolve the matter you contacted us about. You can decide how much information you want to share with us in those cases.

Our Website and Servers, Your Use of Browsers

When you communicate with us or access Our Website and servers through a browser, application, or other client, our servers automatically collect and record information. In most cases, this information is generated by various tracking technologies, such as "cookies," "flash LSOs," "web beacons" or "clear GIFs." You can read more about how we use cookies below.

Your browser or device may tell us:

• Your browser type;
• Language preference;
• The Internet Protocol (IP) address (which may tell us generally where you are located); and
• The type of device or system you used.

Your browser may also tell us information such as:

• The time and date of your request;
• The page that led you to Our Website; and
• The search terms you typed into a search engine that led you to Our Website, if applicable.

Cookies

Like many websites, we use Google Analytics to collect information about access to and use of Our Website. Google Analytics plants a permanent cookie in your browser that logs data in order to analyze and improve the usage of Our Website. Our collection of this data may include:

• Your IP address;
• The pages of our site that you visit;
• The time and date of your visit;
• The time you spend on certain pages on our site; and
• Various other statistics.

While you may adjust cookie usage in your browser settings, you consent to such use of your data by visiting our site. Google’s ability to share and use your information collected via Google Analytics is restricted by the Google Analytics Terms of Service and the Google Privacy Policy.

Do Not Track

Our Website and the Careers Site do not respond to Do Not Track (DNT) signals.

Information You Provide to Our Careers Site

Epic uses our Careers Site to help facilitate our recruitment process. When you contact Epic through our Careers Site to inquire about career opportunities at Epic, we may ask you to provide us with certain information so that we can evaluate you as a candidate and meet certain legal obligations. The personal information you provide to our Careers Site as part of the application process is in addition to the information gathered through Our Website and may include:

• Demographic information, including race, gender, veteran status, and disability status;
• Contact information;
• Details of your qualifications, skills, experience, and education;
• Information about your employment history and salary;
• Whether you have a disability for which we can make reasonable accommodations for during the recruitment process; and
• Information about your legal ability to work in the United States, the European Union, or another region as appropriate for the position to which you apply.

How Do We Collect Your Information?

During the recruitment process, we may collect your personal data in ways including:

• The application form on the Careers Site;
• Your resume or CV as submitted through your application;
• Tests or other forms of assessments administered during the recruitment process;
• Copies of transcripts or other documentation submitted by you during the course of your application; and
• Information collected from third parties, including previous employers and educational institutions.

How Do We Use Your Information?

The information that you provide us during the recruitment process is retained and processed as we evaluate your interest in and fit for a position. We may use this information for purposes such as:

• Evaluating your candidacy for a position at Epic;
• Contacting you during our recruitment process;
• Processing your employment if Epic offers you a position;
• Processing and storing your data for internal tracking metrics;
• Processing your data in order to meet certain legal or regulatory obligations; and
• Improving the Careers Site.

For applicants based in the United States, you consent to such use by submitting your information to us via the Careers Site. Epic has a legitimate interest in processing your data in order to manage our overall recruitment process and to assess whether you are a viable candidate for a career at Epic. All applicants, regardless of location, may opt out of any future contacts from Epic at any time.

Who Has Access to Your Information?

When you provide your information to Epic as part of the recruitment process, your information may be shared with Epic staff and certain third parties. This includes members of the human resources and recruitment teams, interviewers involved in the recruitment process, Epic staff in the business area to which you are applying, and information technology (IT) staff. Other third parties may also have access to your information if we reach out to references or conduct background checks.

How Long Does Epic Keep Your Information?

Epic will retain your information for as long as it makes use of such information as a part of the recruitment process and for other permitted purposes. You agree to allow us to keep your information on file in accordance with this policy by submitting your application through the Careers Site. If your application for employment is successful, information gathered during the recruitment process will be added to your human resources file and may be retained throughout your employment with Epic.

If you are a data subject as defined by the General Data Protection Regulation, (EU) 2016/679, you have a number of rights and can do any of the following by contacting Epic at EUPrivacyInquiries@epic.com:

• Request a copy your data;
• Request that Epic changes incorrect or incomplete data we have about you;
• Request that Epic delete or stop processing your data; and
• Express any concerns or objections you have about Epic’s use of your data.

Please note that if you contact us to assist you, for your safety and ours we may need to authenticate your identity before fulfilling your request.

How We Protect Your Information

We use a combination of process, technology and physical security controls to help protect your information from unauthorized access, use, or disclosure, but remember that no method of transmission over the Internet, or method of storage, is 100% secure.

When we collect your information through Our Website or our Careers Site, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the top or bottom of your web browser, or looking for "https" at the beginning of the URL address of the web page. We have internal policies and processes directed towards limiting access to your information is to those employees, contractors, and agents of Epic who need to know such data to perform their jobs and develop or improve our websites, products and services.

Links to Other Sites

Our Website, including the Careers Site, contains links to other sites. Please be aware that Epic is not responsible for the content or privacy practices of other sites. We encourage you to be aware when you leave our site and to read the privacy statements of any other site that collects your information.

Contact Epic

If you have any questions about this Privacy Policy or privacy concerns, you may contact Epic at 608-271-9000 or at PrivacyInquiries@epic.com. In any correspondence, please include the website or reason that led you to contact us.

If you need to contact Epic's Data Protection Officer or EU Representative as defined by the General Data Protection Regulation, (EU) 2016/679, please email EUPrivacyInquiries@epic.com or call +1 608-271-9000.

Effective Date October 2, 2014

Overview

Epic takes very seriously its obligation to protect the confidentiality of your personal information. Epic's mobile applications for patients, including MyChart for iOS and Android, are intended to connect to servers and systems operated and maintained by Epic community members in order to provide you secure, mobile access to those systems and to your health information.

This Privacy Policy

This Privacy Policy describes how Epic Systems Corporation's ("Epic") mobile applications for patients (our "Applications") use, store and transmit information and data. By using our Applications to connect to a healthcare provider, you consent to this Privacy Policy. Epic may modify this Privacy Policy at any time effective upon its posting. Your continued use of our Applications constitutes your acceptance of this Privacy Policy and any updates. Your use of our Applications is subject to the of the applicable Applications' End User License Agreement.

Purpose

The purpose of this Privacy Policy lets you know what limited information we collect about you when you use our Applications and how that information is used and the limited ways in which we use the additional information you provide.

Your Personal Information

Our Applications And The Limited Ways In Which Epic Uses Your Information

Epic does not sell or license any information that it may collect from you from using our Applications.

And, except for those things stated below, our Applications do not store any of your personal information on your device or on iCloud and do not send your personal information directly to Epic.

Epic attempts to minimize the amount of your personal or health information stored or retained on your device. Nevertheless, our Applications may:

• Store a copy of a picture on your device if you choose to add a picture to your profile.
• Create encrypted identifiers to identify target healthcare providers for HealthKit data, if you are using HealthKit.
• Temporarily store your personal information in memory or on the device while you use our Applications.
• Share some limited amount of information for purposes of troubleshooting and error correction directly or indirectly with Epic with your consent.
• In addition, in order to provide you certain features, our Applications may request information from servers and systems owned or operated by Epic and those servers and systems may record technical information about that request such as an IP address.

Your Healthcare Providers

To use our Applications, you must have an account with a healthcare provider who uses Epic's software and your use of our Applications is also subject to your healthcare provider's privacy policy. You understand that while connected, or attempting to connect, to a healthcare institution's system, the healthcare institution may collect, store, process, maintain, upload, sync, transmit, share, disclose and use certain data and related information, including but not limited to information or data regarding the characteristics or usage of your device, system and application software, and peripherals as well as your personal information, location data and other content.

Please contact your healthcare institution if you have any questions about their policies or terms.

HealthKit

With your permission, certain versions of our Applications can connect to Apple HealthKit to receive health information and to share that information with your healthcare providers.

Our Applications do not share your health information with HealthKit or with other HealthKit-enabled software.

How We Protect Your Personal Information

The security of your information and data while using our Applications is very important to us. Our Applications employ a variety of technical safeguards to protect the confidentiality, integrity, and availability of your personal information including supporting Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificate technology and encryption.

In addition, healthcare providers with whom you connect may use a variety of physical, administrative and technical measures to protect your personal information.

Contact Epic

If you have any questions about this Privacy Policy, you may contact Epic at 608-271-9000 or at PrivacyInquiries@epic.com.

Effective Date September 18, 2014

In General

Epic takes very seriously its obligation to protect the confidentiality of your personal information. Epic's mobile applications for healthcare providers, including Haiku, Canto and Rover, are intended to connect to servers and systems operated and maintained by Epic community members in order to provide you secure, mobile access to those systems.

This Privacy Policy

This Privacy Policy describes how Epic Systems Corporation's ("Epic") mobile applications for providers (our "Applications") use, store and transmit information and data. By using our Applications to connect to a healthcare provider, you consent to this Privacy Policy. Epic may modify this Privacy Policy at any time effective upon its posting. Your continued use of our Applications constitutes your acceptance of this Privacy Policy and any updates. Your use of our Applications is subject to the of the applicable Applications' End User License Agreement.

Your Personal Information

Epic Does Not Receive Your Information or Data

When you use our Applications, Epic does not receive or collect any data or information directly from you or your device. As described below, our Applications connect with systems operated and maintained by a healthcare institution customer of Epic.

Connections to Healthcare Institutions

To use our Applications, you must have an account with a healthcare institution who uses Epic's software. Your use of our Application with that healthcare institution may be subject to that healthcare institution's policies and terms. You understand that while connected, or attempting to connect, to a healthcare institution's system, the healthcare institution may collect, store, process, maintain, upload, sync, transmit, share, disclose and use certain data and related information, including but not limited to information or data regarding the characteristics or usage of your device, system and application software, and peripherals as well as your personal information, location data and other content.

Please contact your healthcare institution if you have any questions about their policies or terms.

Using Third Party Tools and Features

If you use any third party tools and features, such as speech-to-text dictation or third party video, your use of those features is subject to the terms and policies of those third parties. If you have any questions about those terms or policies, you should contact your healthcare institution or the third party provider.

How We Protect Your Personal Information

The security of your information and data while using our Applications is very important to us. Our Applications employ a variety of technical safeguards to protect the confidentiality, integrity, and availability of your personal information including supporting Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificate technology and encryption.

In addition, healthcare providers with whom you connect may use a variety of physical, administrative and technical measures to protect your personal information.

Contact Epic

If you have any questions about this Privacy Policy, you may contact Epic at 608-271-9000 or at PrivacyInquiries@epic.com.