Skip to page content

Privacy Policies

Epic.com and Careers.Epic.com Privacy Policy

Last Updated: June 18, 2020

Overview

Epic Systems Corporation (“Epic”) builds software and tools with the patient at the heart. No matter who you are or what brought you here, we appreciate that we’ve earned your time and attention. Whether you engage with Epic.com (“Our Website”) through your mobile device, desktop computer, or your web browser, we may collect your personal information for a number of purposes as described in this Privacy Policy.

This Privacy Policy is designed to inform you about how Epic collects and uses information you directly provide when you visit Our Website and how Epic processes your personal information when you apply for a position through careers.epic.com (our “Careers Site”). Epic may update this Privacy Policy, or other privacy notices established for other Epic websites, at any time we deem appropriate. Updated versions of this Privacy Policy will be indicated by the “Last Revised” date and updated versions will be in effect as soon as they are posted on this page. If you are interested, you should check back from time to time and make sure that you have reviewed the most current version of this Privacy Policy.

Information You Provide to Our Website

Information That You Give Us

You may contact us through the methods listed on Our Website, and we may keep a record of the communication to help answer or resolve the matter you contacted us about. You can decide how much information you want to share with us in those cases.

Our Website and Servers, Your Use of Browsers

When you communicate with us or access Our Website and servers through a browser, application, or other client, our servers automatically collect and record information. In most cases, this information is generated by various tracking technologies, such as “cookies,” “flash LSOs,” web beacons” or “clear GIFs.” You can read more about how we use cookies below.

Your browser or device may tell us:

  • Your browser type;
  • Language preference;
  • The Internet Protocol (IP) address (which may tell us generally where you are located); and
  • The type of device or system you used.

Your browser may also tell us information such as:

  • The time and date of your request;
  • The page that led you to Our Website; and
  • The search terms you typed into a search engine that led you to Our Website, if applicable.

Cookies

Like many websites, we use cookies to recognize you and collect information about your access to and use of Our Website. Cookies are small data files that are placed on your computer when you visit a website. Cookies are widely used by many website owners to make their websites work, operate more efficiently, and collect information. We use cookies to help operate Our Website, and we specifically use Google Analytics cookies. Our use of the Google Analytics cookie enables us to collect certain data about your visits to Our Website, including:

  • Your IP address;
  • The pages of our site that you visit;
  • The time and date of your visit;
  • The time you spend on certain pages on our site; and
  • Various other statistics.

Google’s ability to share and use your information collected via Google Analytics is restricted by the commitments made in the Google Analytics Terms of Service and the Google Privacy Policy.

Do-Not-Track

Some web browsers and operating systems include a Do-Not-Track (DNT) setting that you can activate to signal your preference not to have information about your online activities monitored. There is currently no uniform standard for recognizing and implementing DNT signals. As a result, Our Website and the Careers Site do not respond to DNT signals. If a standard for recognizing DNT signals is adopted in the future and we follow that standard, we will inform you about our approach in an update to this Privacy Policy.

 Information You Provide to Our Careers Site

Epic uses our Careers Site to help facilitate our recruitment process. When you contact Epic through our Careers Site to inquire about career opportunities at Epic, we may ask you to provide us with certain information so that we can evaluate you as a candidate and meet certain legal obligations. The personal information you provide directly to our Careers Site as part of the application process is in addition to the information you provide through  Our Website and may include:

  • Demographic information, including race, gender, veteran status, and disability status;
  • Contact information;
  • Details of your qualifications, skills, experience, and education;
  • Information about your employment history and salary;
  • Whether you have a disability for which we can make reasonable accommodations during the recruitment process; and
  • Information about your legal ability to work in the United States, the European Union, or another region as appropriate for the position to which you apply.

How Do We Collect Your Information?

During the recruitment process, you may provide information to us directly in the following ways:

  • The application form on the Careers Site;
  • Your resume or CV as submitted through your application;
  • Tests or other forms of assessments administered during the recruitment process;
  • Copies of transcripts or other documentation submitted by you during the course of your application; and
  • Information collected from third parties, including previous employers and educational institutions.

How Do We Use Your Information?

The information that you provide to us directly during the recruitment process is retained and processed as we evaluate your interest in and fit for a position. We may use this information for purposes such as:

  • Evaluating your candidacy for a position at Epic;
  • Contacting you during our recruitment process;
  • Processing your employment if Epic offers you a position;
  • Processing and storing your data for internal tracking metrics;
  • Processing your data in order to meet certain legal or regulatory obligations; and
  • Improving the Careers Site.

Epic has a legitimate interest in processing your data in order to manage our overall recruitment process and to assess whether you are a viable candidate for a career at Epic. All applicants, regardless of location, may opt out of any future contacts from Epic at any time.

Who Has Access to Your Information?

When you provide your information directly to Epic as part of the recruitment process, your information may be shared with Epic staff and certain third party service providers working with Epic, such as Avature Recruiting Solutions. Epic staff includes members of the human resources and recruitment teams, interviewers involved in the recruitment process, personnel in the business area to which you are applying, and information technology (IT) staff. Other third party service providers or contractors may also have access to your information if we reach out to references or conduct background checks.

How Long Does Epic Keep Your Information?

Epic will retain your information for as long as it makes use of such information as a part of the recruitment process and for other permitted purposes. If your application for employment is successful, information gathered during the recruitment process will be added to your human resources file and may be retained throughout your employment with Epic.

If you are a data subject as defined by the General Data Protection Regulation, (EU) 2016/679, you have a number of rights and can do any of the following by contacting Epic at EUPrivacyInquiries@epic.com:

  • Request a copy your data Epic has received about you;
  • Request that Epic changes incorrect or incomplete data we have about you;
  • Request that Epic delete or stop processing your data; and
  • Express any concerns or objections you have about Epic’s use of your data.

Please note that if you contact us to assist you, for your safety and ours we may need to authenticate your identity before fulfilling your request.

 How We Protect Your Information

We use a combination of process, technology and physical security controls to help protect your information from unauthorized access, use, or disclosure, but remember that no method of transmission over the Internet, or method of storage, is 100% secure.

When you submit your information through Our Website or our Careers Site, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the top or bottom of your web browser, or looking for “https” at the beginning of the URL address of the web page. We have internal policies and processes directed toward limiting access to your information  to those employees, contractors, and agents of Epic who need to know such data to perform their jobs and develop or improve our websites, products, and services.

Links to Other Sites

Our Website, including the Careers Site, contains links to other sites. Please be aware that Epic is not responsible for the content or privacy practices of other sites. We encourage you to be aware when you leave our site and to read the privacy statements of any other site that collects your information.

Your California Privacy Rights

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit our CCPA privacy notice for California residents.

Contact Epic

If you have any questions about this Privacy Policy or privacy concerns, you may contact Epic at 608-271-9000 or at PrivacyInquiries@epic.com. In any correspondence, please include the website or reason that led you to contact us.

If you need to contact Epic’s Data Protection Officer or EU Representative as defined by the General Data Protection Regulation, (EU) 2016/679, please email EUPrivacyInquiries@epic.com or call +1 608-271-9000.

Carequality Information Handling Practices Statement

Epic Mobile Application Privacy Policy for Patients

Last updated: June 18, 2020

Overview

Epic takes very seriously its obligation to protect the confidentiality of your personal information. Epic’s mobile applications for patients, including MyChart for iOS and Android, are intended to connect to servers and systems operated and maintained by Epic community members in order to provide you secure, mobile access to those systems and to your health information.

This Privacy Policy

This Privacy Policy describes how Epic Systems Corporation’s (“Epic”) mobile applications for patients (our “Applications”) use, store, and transmit information and data. Epic may modify this Privacy Policy at any time effective upon its posting. Your use of our Applications constitutes your acceptance of this Privacy Policy and any updates. Your use of our Applications is subject to the applicable Applications’ End User License Agreement.

Purpose

This Privacy Policy lets you know what limited information you provide to us when you use our Applications and how that information is used.

Your Personal Information

Our Applications and the Limited Ways in which Epic Uses Your Information

Epic does not sell or license any information that you may provide to us as you use our Applications.

Except for those things stated below, our Applications do not send your personal information directly to Epic and do not store any of your personal information on your device or in the cloud-based storage solution associated with your device (i.e., iCloud or its equivalent).

Epic attempts to minimize the amount of your personal or health information stored or retained on your device. Nevertheless, our Applications may:

  • Store a copy of a picture on your device if you choose to add a picture to your profile.
  • Create encrypted identifiers to identify target healthcare providers for HealthKit or Google Fit data, if you are using HealthKit or Google Fit.
  • Temporarily store your personal information in memory or on the device while you use our Applications.
  • In addition, in order to provide you certain features, our Applications may request information from servers and systems owned or operated by Epic and those servers and systems may record technical information about that request such as an IP address and information related to the type of device, platform, and operating system you use with our Applications.

Your Healthcare Providers

To use our Applications, you must have an account with a healthcare provider who uses Epic’s software. Because of this, your use of our Applications is also subject to your healthcare provider’s privacy policy. You understand that while connected or attempting to connect to a healthcare institution’s system, the healthcare institution may collect, store, process, maintain, upload, sync, transmit, share, disclose, and use certain data and related information, including information or data regarding the characteristics or usage of your device, system and application software, and peripherals as well as your personal information, location data, and other content.

Please contact your healthcare institution if you have any questions about their policies or terms.

HealthKit and Google Fit

With your permission, certain versions of our Applications can connect to Apple HealthKit or Google Fit to receive health information and to share that information with your healthcare providers.

Our Applications do not share your health information with HealthKit, Google Fit, or other software enabled with HealthKit or Google Fit.

How We Protect Your Personal Information

The security of your information and data while using our Applications is very important to us. Our Applications employ a variety of technical safeguards to protect the confidentiality, integrity, and availability of your personal information including supporting Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificate technology and encryption.

In addition, healthcare providers with whom you connect may use a variety of physical, administrative, and technical measures to protect your personal information.

Contact Epic

If you have any questions about this Privacy Policy, you may contact Epic at 608-271-9000 or at PrivacyInquiries@epic.com.

If you need to contact Epic’s Data Protection Officer or EU Representative as defined by the General Data Protection Regulation, (EU) 2016/679 (“GDPR”), please email EUPrivacyInquiries@epic.com or call +1 608-271-9000. If you are a Data Subject as defined by GDPR, you should reach out to your healthcare provider for requests related to your personal data within our Applications.

Your California Privacy Rights

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit our CCPA privacy notice for California residents or contact your healthcare provider.

Epic Mobile Application Privacy Policy for Providers

Last Updated: June 18, 2020

In General

Epic takes very seriously its obligation to protect the confidentiality of your personal information. Epic’s mobile applications for healthcare providers, including Haiku, Canto, Rover, and Limerick, are intended to connect to servers and systems operated and maintained by Epic community members in order to provide you secure, mobile access to those systems.

This Privacy Policy

This Privacy Policy describes how Epic Systems Corporation’s (“Epic”) mobile applications for providers (our “Applications”) use, store, and transmit information and data. Epic may modify this Privacy Policy at any time effective upon its posting. Your use of our Applications is subject to the of the applicable Applications’ End User License Agreement.

Your Personal Information

When you use our Applications, Epic does not receive any personal data directly from you or your device. As described below, our Applications connect with systems operated and maintained by a healthcare institution that uses Epic’s software.

Connections to Healthcare Institutions

To use our Applications, you must have an account with a healthcare institution who uses Epic’s software. Your use of our Application with that healthcare institution may be subject to that healthcare institution’s policies and terms. You understand that while connected or attempting to connect to a healthcare institution’s system, the healthcare institution may collect, store, process, maintain, upload, sync, transmit, share, disclose, and use certain data and related information, including but not limited to information or data regarding the characteristics or usage of your device, system and application software, and peripherals as well as your personal information, location data, and other content.

Please contact your healthcare institution if you have any questions about their policies or terms.

Using Third Party Tools and Features

If you use any third-party tools and features, such as third-party speech-to-text dictation or third-party video, your use of those features is subject to the terms and policies of those third parties. If you have any questions about those terms or policies, you should contact your healthcare institution or the provider of the third-party tool.

How We Protect Your Personal Information

The security of your information and data while using our Applications is very important to us. Our Applications employ a variety of technical safeguards to protect the confidentiality, integrity, and availability of your personal information including supporting Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificate technology and encryption.

In addition, healthcare providers with whom you connect may use a variety of physical, administrative, and technical measures to protect your personal information.

Contact Epic

If you have any questions about this Privacy Policy, you may contact Epic at 608-271-9000 or at PrivacyInquiries@epic.com.

If you need to contact Epic’s Data Protection Officer or EU Representative as defined by the General Data Protection Regulation, (EU) 2016/679 (“GDPR”), please email EUPrivacyInquiries@epic.com or call +1 608-271-9000. If you are a Data Subject as defined by GDPR, you should reach out to your healthcare institution for requests related to your personal data within our Applications.

Your California Privacy Rights

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit our CCPA privacy notice for California residents or contact your healthcare institution.