About Us
Health Professionals
Make a Gift
Emergency
Login

Search

Search only in...

Top searches:

Medical records Lab services Covid testing

Website Privacy Statement

Patient Privacy Statement
ChristianaCare Health System Website Privacy Statement

Last updated on February 10, 2025
 
This Privacy Statement describes how Christiana Care Health System, Inc. and its affiliates and subsidiaries (“ChristianaCare”, “we”, “our”, or “us”) collects, uses, retains and shares personal information when you interact with us through our websites, (the “Website[s]”), our mobile applications, and online or mobile-enabled technology and digital tools that display or link to this Privacy Statement (collectively, the “Platforms”), and when you otherwise interact with us (the “Services”).

For information on how we use individually identifiable information that you provide to us for purposes of obtaining medical care through the Platforms and Services (which is also referred to as “Protected Health Information” or “PHI”), which are subject to the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) see our HIPAA Notice of Privacy Practices (“HIPAA Notice”). Our HIPAA Notice describes how we can use and disclose your PHI and your rights with respect to your PHI. If there is a conflict between this Privacy Statement and the HIPAA Notice, the HIPAA Notice will apply. The HIPAA Notice does not apply to information that is not PHI.

Personal Information We Collect, How We Use It, How Long We Keep It, and How We Share It

When you interact with our Platforms and Services, we collect your Personal Information. “Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. We use the following criteria to determine whether it remains reasonably necessary to retain your personal information for one or more disclosed operational purpose, or a service provider or contractor’s operational purpose(s): (i) whether there is a retention period required by statute or regulations; (ii) the existence of actual or threatened litigation for which we are required to preserve the information; (iii) the statutes of limitations for potential legal claims; and (iv) generally accepted best practices in our industry, including those related to the safety and security of our properties and assets. When we determine that it is no longer reasonably necessary to retain your Personal Information for one or more disclosed operational purposes based on the above criteria, we will delete your Personal Information.

We collect personal information when you:

  • Contact us. When you email or call us, for example, to ask questions regarding our products and services, we collect from you, your personalidentifiers (name, email address, or telephone number) and anything else you choose to include in your message. We use this information to respond to your questions or inquiries, troubleshoot where necessary, or address any issues you have with the Platforms and Services. We may record and retain your phone calls and use them for quality assurance purposes.
  • Create a patient account. When you create a patient account, we collect from you, your personal identifiers (name, email address, telephone number and date of birth), your sensitive identifiers (e.g., driver’s license and insurance card), and your sensitive medical information (responses to registration questionnaire). We use this information to create and manage your patient account. We use your email address and password to authenticate you for subsequent logins and to communicate with you about your appointments. We use your insurance information to submit the payment to insurance. We use your payment information to facilitate payments not covered by insurance.
  • Book an appointment. When you book an appointment, we collect from you, your personal identifiers (name, email address, date of birth, telephone number, digital signature, and physical address) through our Patient Portal. We use this information to schedule and fulfill your appointment request, and to communicate with you about your appointment. This information is PHI and is used and disclosed as permitted under HIPAA as described in our HIPAA Notice.
  • Submit a payment. When you submit a payment, we collect from you, your personal identifiers (name, email address, telephone number, and physical address) and sensitive financial information (payment card number, CVV, and expiration date) through our third-party payment processors. The information is used to process your payment for the requested product or treatment, fulfill and manage purchases, orders, and payments. This information is PHI and is used and disclosed as permitted by HIPAA as described in our HIPAA Notice.
  • Participate in surveys. If you choose to complete a survey, we collect from you, your personalidentifiers (e.g., name, date of birth, mailing address, email address, phone number, administrative sex, primary language, race, ethnicity, and marital status) through our third-party vendors who collect your answers to the survey. We use this information to help us improve the quality of our products, Platforms, and Services. If you participate in a survey that collects PHI, the PHI is used and disclosed as permitted under HIPAA as described in our HIPAA Notice.
  • Visit our facility. When you visit our facility, we collect from you, your visual information (video recording) through our video surveillance cameras. We use this information to maintain the security of our facility, as well as the safety of our patrons and personnel. We retain this information for 90 days or in accordance with ChristianaCare policies and applicable law by evaluating: (i) whether there is a retention period required by statute or regulations; (ii) the existence of actual or threatened litigation for which we are required to preserve the information; (iii) the statutes of limitations for potential legal claims; and (iv) generally accepted best practices in our industry, including related to the safety and security of our properties, assets, employees, patients, and visitors.
  • Sign up for our newsletter. When you sign up for our newsletter we collect from you, your personalidentifiers (name and email address). We use this information to send you information about our promotions and offers. You may unsubscribe at any time by clicking the “unsubscribe” link included at the bottom of each email we send to you. Our communications may contain tracking technologies, to analyze whether a predefined action took place by a recipient, such as opening our communications and other engagement metrics such as timestamps, delivery status, clicks within an email, as well as sender and recipient addresses to better adapt and distribute our communications. When you opt in to our marketing communications, you will be automatically opted in to the use of these technologies. To reject these tracking technologies, you must unsubscribe from our marketing communications. ChristianaCare will continue to send you necessary communications related to your care.
  • Make a donation. When you donate, we collect from you, your personal identifiers (name, email address, telephone number, physical address, and tribute information, if you choose to provide them), and your sensitive financial information (bank account information, payment card number, CVV, and expiration date). We use this information for tax purposes, to process your donation to ChristianaCare, and we use your identifiers to communicate our appreciation for your donation. Upon donating, your information is added to our donor communications list where you may receive additional information about how your donation helps ChristianaCare and other causes you may consider supporting at ChristianaCare. You may opt out of these communications at any time by clicking the “Unsubscribe” link at the bottom of each email we send you. For more information on the use and processing of your information for these communications, please see the “Sign up for our newsletter” section above.
  • Use DECODR. When you use DECODR, we collect, from you, your personal identifiers (name and email address) and professional or educational information (name of your affiliated educational institution). When you initiate an action on DECODR, we collect, from you, your internet and other electronic activity (IP address). We use this information to authenticate your access to DECODR and log activity on the tool to ensure your use complies with our terms.
  • Interact with us on social media.When you interact with our web pages on social networking websites, such as Meta (Facebook), Instagram, X (formerly Twitter), Pinterest, Issuu, TikTok, YouTube, Vimeo, and LinkedIn (each, a “Social Media Page”) (collectively, “Social Media Pages”), we collect basic engagement metrics and use it to tailor content and marketing as set forth in this section. Please note that we do not control the use or storage of the information that you have posted to any Social Media Page. This information is collected and processed by the social networking websites for their own purposes, including marketing. For more information on how Meta, Instagram, X, TikTok, Pinterest, Issuu, YouTube, and LinkedIn use your personal information, please see Meta’s Privacy Policy, Instagram’s Privacy Policy, X’s Privacy Policy, TikTok’s Privacy Policy, Pinterest’s Privacy Policy, Issuu’s Privacy Policy,  YouTube’s Privacy Policy, Vimeo’s Privacy Policy, and LinkedIn’s Privacy Policy. We also use a social marketing tool to collect information of the activity on our Social Media Pages and identify the most active users in our community. We receive this information in aggregated form only.
    • Social Media Pages. When interacting with our Social Media Pages, we may collect from you, your personal identifiers (first and last name, social media handle, and profile picture) as well as any information that you provide when interacting with our Social Media Pages (e.g. commenting, sharing and rating). We may use this information to communicate with users.

      Because our Social Media Pages are publicly accessible, when you use them to interact with other users, for example by posting, leaving comments or liking or sharing posts, any personal information that you post in them or provide when registering can be viewed by others or used by them as they see fit.

      The content posted on our Social Media Pages or other public areas of social networking websites can be deleted in the same way as other content that you have created.
    • Community Management. With the help of a third party, we collect from you, your interactions, including "likes", shares, messages, and other interactions with the content, to analyze and evaluate how our content is perceived, to learn from it, and to improve our social media and marketing efforts.
    • Direct Messages. When using direct message capabilities on Social Media Pages, the applicable Social Media Page collects from you, automatically, your internet or other electronic network activity information (IP address, date and time of the server request, time zone, specific browser or app function, access status, amount of data transferred, browser or app from which the Request comes, device type, operating system used, and its interface (e.g. Android or iOS), language, version of the operating system, and device identifiers). We do not use this information; its use is governed by the applicable Social Media Page’s Privacy Policy, a hyperlink to which is available above.
    • Page Insights. When you visit our Social Media Pages, those sites record your IP address and other information about your usage behavior on our Social Media Page. The pages collect, through trackers in the browser of your device or via the advertising ID (IDFA from Apple or GAID from Google), when you open their app through your mobile device (e.g. smartphone or tablet). Social Media Pages use this information to create statistical evaluations for us of the use of the Social Media Page. We receive this information, from Social Media Pages, in the form of aggregated data and anonymous statistics regarding things like: age, gender, city/country, device, inquiries from fans about other fan pages, region and language settings of the users, proportion of men and women, the number of people reached, clicks on posts, "Likes” and reactions, comments and shared content, and total video views. We do not collect or process any other personal information in connection with the page insights.

      We do not retain this information independently. For information on data protection and the storage period on Social Media Pages in relation to the "Page Insights" function see their Privacy Policies. It has been contractually agreed with Social Media Pages that they are responsible for providing you with information about the processing for Page Insights.
    • Information Processed Solely by Social Media Pages. We do not know how Social Media Pages use personal information for its own purposes, how long the personal information is stored on their sites or whether the Social Media Pages data is passed on to third parties.

      For example, if you are currently logged in to Facebook as a user, Facebook automatically collects, through trackers on your device, your Facebook ID or a link between the Facebook ID and the advertising ID (IDFA from Apple or GAID from Google) when you open the Facebook app through your mobile device (e.g. smartphone or tablet). This enables Facebook to understand that you have visited our Facebook Fan Page along with other Facebook pages that you have clicked on, whether you clicked on Facebook buttons integrated into websites that partner with Facebook, and other online interactions that report user data to Facebook. Based on this data, content or advertising tailored to you can be offered.

      You can find more information about the personal information collected by Facebook, how it is used and how long it is stored by visiting Facebook’s Privacy Policy.
  • Interact with the Platforms. In addition to the personal information you provide directly to us, we also collect information from you automatically as you use our Platforms via cookies, web beacons, and similar tracking technologies. This includes, but is not limited to, the following: internet or other electronic network activity information.

    We use essential, performance, marketing, and analytics cookies to collect your usage, device, and location information when you interact with the Platforms. We use this information to: (i) track you within the Platforms; (ii) enhance user experience; (iii) conduct analytics to improve the Platforms and; (iv) prevent fraudulent use of the Platforms; (v) diagnose and repair Platform errors, and, in cases of abuse, track and mitigate the abuse; (vi) provide targeted advertising; and (vii) capture and aggregate viewing and engagement metrics. Our use of third-party marketing and analytics cookies may be considered a sale under the New Jersey Data Privacy Act. If you accepted non-essential cookies and are a New Jersey resident who wishes to opt out of the sale of your personal information and the processing of your personal information for purposes of targeted advertising, please visit Do Not Sell or Share My Personal Information.

    In general, you can also disable cookies by setting your browser to refuse cookies or indicate when a cookie is being sent. Please note, if you opt out of marketing and analytics cookies, your opt-out will be specific to the web browser, app, or device from which you accessed the opt-out. If you use multiple devices or web browsers, you will need to opt out of each browser or device that you use.

    If you have downloaded our mobile application and wish to benefit from all of the application’s features, you must allow the application to collect, process, transmit, and use real-time geographical information about the location of your mobile phone. You may withdraw this consent at any time by disabling the location services settings on your mobile device. Disabling such services will not impact any of the application’s non-location-based features.

    Particular third-party cookies to note on our Websites include: Adobe Analytics.
    • Adobe Analytics. We use Adobe Analytics to collect information on your interaction with our Platforms, including your web browsing activity, device information, IP address (which may be used to approximate your general location), the URL of the web page from which you navigate to our Website, the web search you performed that led you to our Website, social media profile information, purchasing history, and whether you clicked on any of our online advertisements. This information is collected via third-party cookies and similar technologies, such as web beacons (also known as tags or pixels) that Adobe Analytics sets on your web browser. We use this information to manage our online content, improve the performance of our Platforms, and conduct targeted advertising campaigns. Please review Adobe’s Privacy Policy for additional information on how Adobe Analytics uses the information collected. To prevent your data from being used by Adobe Analytics, you may opt out here. To opt out, please visit Do Not Sell or Share My Personal Information.
  • Aggregate data. We aggregate the data we collect for benchmarking purposes and for internal analytics. We maintain and use this data in deidentified form. We will not attempt to reidentify the data unless it is necessary to determine whether our deidentification processes satisfy applicable data protection laws.

ChristianaCare will also use the personal information we collect as described in this section to comply with the law, to efficiently maintain our business, and for other limited circumstances as described in HOW WE SHARE YOUR PERSONAL INFORMATION.

How We Share Your Personal Information
General Sharing

ChristianaCare shares personal information in the following instances:

  • Within ChristianaCare. We may share your personal information among our affiliated entities for the legitimate business purposes of efficiently and effectively providing the Platforms and Services. Access to your personal information is limited to those on a need-to-know basis.
  • In the event of a corporate reorganization. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we would share personal information with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. We will also share personal information with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings.
  • For legal purposes. We share personal information where we are legally required to do so, such as in response to court orders, subpoenas, governmental/regulatory bodies, law enforcement or legal process, including for national security purposes. We may share your information with our legal advisors or auditors to establish, protect, or exercise our legal rights or as required to enforce our terms of service or other contracts or to defend against legal claims or demands. We also share this information with third parties as necessary to: detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person; to comply with the requirements of any applicable law; or to comply with our legal obligations.
  • With your consent. Apart from the reasons identified above, we may request your permission to share your personal information for a specific purpose. We will notify you and request your consent before you provide the personal information or before the personal information you have already provided is shared for such purpose. You may revoke your consent at any time and may do so by contacting us via email at PrivacyOffice@ChristianaCare.org.
Sharing With Service Providers
  • We have disclosed your personal information to service providers that assist us in providing the Platforms and Services. These service providers assist us with the following: information technology (“IT”) support; website hosting; data analysis; customer service; customer relationship management; payment processors; email delivery; marketing; and similar services.
  • We have disclosed your internet or other electronic network activity information collected by cookies to our IT support team to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to identify and repair the Platforms.
  • We have disclosed your internet or other electronic network activity information collected by cookies to our IT support team to update, improve, and maintain the Platforms.
Sale of Personal Information

ChristianaCare shares your internet or other electronic network activity information collected via cookies and other tracking technologies with our data analytics providers and ad networks to provide targeted advertising as described in PERSONAL INFORMATION WE COLLECT, HOW WE USE IT, HOW LONG WE KEEP IT, AND HOW WE SHARE IT. Such sharing may be deemed a sale or processing for targeted advertising under the New Jersey Data Privacy Act. If you are a New Jersey resident and wish to opt out of this sale of your personal information and the processing of your personal information for purposes of targeted advertising, please visit Do Not Sell or Share My Personal Information.

Your Information Choices

You have the following choices with respect to your personal information:

  • Correct or View Your Information. You may access your account to correct or view certain personal information you have provided to us.
  • Opt Out of Adobe Analytics. To prevent your personal information from being used by Adobe Analytics, you may opt out here.
  • Opt Out of Email Tracking and Marketing Communications. You can disable tracking in emails by unsubscribing from our marketing emails. You may opt out of receiving marketing emails and text messages from us by clicking the “unsubscribe” link provided at the bottom of each email we send or by replying STOP to our SMS. Please note that we may continue to send you notifications related to your medical care.
  • Opt Out of Advertising Cookies. You can opt out of certain cookies by declining non-essential cookies when visiting our Platforms or by clicking the Do Not Sell or Share My Information link.All session cookies are temporary and expire after you close your web browser. Persistent cookies can be removed by following your web browser’s directions. To find out how to see what cookies have been set on your computer or device, and how to reject and delete the cookies, please visit: https://www.aboutcookies.org/. Please note that each web browser is different. To find information relating to your browser, visit the browser developer’s website and mobile application. If you reset your web browser to refuse all cookies or to indicate when a cookie is being sent, some features of our website may not function properly. If you choose to opt out, we will place an "opt-out cookie" on your device. The "opt-out cookie" is browser specific and device specific and only lasts until cookies are cleared from your browser or device. The opt-out cookie will not work for essential cookies. If the cookie is removed or deleted, if you upgrade your browser or if you visit us from a different computer, you will need to return and update your preferences. By clicking on the “Opt-Out” links below, you will be directed to the respective third-party website where your computer will be scanned to determine who maintains cookies on you. At that time, you can either choose to opt out of all targeted advertising or you can choose to opt out of targeted advertising by selecting individual companies who maintain a cookie on your machine.
Rights of Delaware and New Jersey Residents

The laws of certain states give their residents privacy rights, including the Delaware Personal Data Privacy Act (“DPDPA”) and the New Jersey Data Privacy Act (“NJDPA”). To the extent the DPDPA, NJDPA, or other state laws apply to our processing of your personal information, you are entitled to the following rights:

  • Right to Access/Know. You have the right to request what personal information we have collected and processed about you, unless doing so would reveal a trade secret as well as a list of the categories or types of third parties with whom we have shared your personal information. Delaware residents may only make a request for access once within a 12-month period while New Jersey residents may request access twice during a 12-month period.
  • Right to Deletion. You have the right to request the deletion of your personal information that we collect or maintain, subject to certain exceptions. For example, if we are required by law to retain the information that you are asking to be deleted, we would not be able to delete the information until we are legally permitted to delete it.
  • Right to Correct. You have the right to correct inaccurate personal information that we collect or maintain.
  • Right to Opt Out. You have the right to opt out of our processing of your personal information for the following purposes: (i) targeted advertising; (ii) profiling through solely automated decision making; and (iii) the sale of your personal information to third parties. ChristianaCare does not have actual knowledge that it processes the personal information of minors under the age of seventeen (17) years for targeted advertising, profiling, or sale to third parties.
  • Right to Data Portability. You have the right to request that we transfer your personal information to another organization or give it to you.
  • Right to Non-Discrimination. You have the right to not receive discriminatory treatment in the processing of your personal information as well as if and when you exercise your rights, including to access, delete, correct, opt out, list types of third parties, or limit use of sensitive data.
  • Right to Appeal. You have the right to appeal our refusal to act on your request to exercise your rights. To request an appeal, please email us at PrivacyOffice@ChristianaCare.org, subject line: “Appeal My Consumer Request.” We will review the appeal and notify you of our response. If we deny your appeal, you may file a complaint with the Delaware Department of Justice here or by contacting them at privacy@delaware.gov. A complaint with the New Jersey Attorney General can be filed here.

If you are a Delaware or New Jersey resident and wish to exercise your privacy rights, you may submit a request by emailing us at PrivacyOffice@ChristianaCare.org. To exercise your right to opt out of targeted advertising or the sale of your personal information via third-party marketing/analytics cookies, please visit Do Not Sell or Share My Personal Information.

If the browser or extension that you (or your authorized agent) are using supports Global Privacy Control (GPC) (see here for more information), you may utilize the GPC opt out preference signal to instruct us to not sell or share any of your personal information collected online. The GPC opt out preference signal will apply to the device, platform, or browser in which you utilize it. You can utilize the opt out preference signal by turning on the signal in your device, platform, or browser settings. Please note that you must opt out of each device and each browser.

You must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal information. This may include items like your name, date of birth, phone number, address, and email address and describe your request with sufficient detail to allow us to properly evaluate and respond to it. We will verify your request by the matching information provided by you with the information we have in our records. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information.

Only you, or a person that you authorize to act on your behalf may make a request related to your personal information. If you are an authorized agent making a request on behalf of another individual, you must provide us with signed documentation that you are authorized to act on behalf of that individual.

Do Not Track

We do not respond to Do Not Track requests. Do Not Track is a preference you can set in your web browser to inform websites and mobile applications that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Information Security

We implement and maintain appropriate technical and organizational security measures, such as software- and hardware-based monitoring and protection, access controls, firewalls, and encryption (i.e., SSL and HTTPS) to protect the personal information that we collect and maintain from unauthorized access, destruction, use, modification, or disclosure. However, no security measure or modality of data transmission is 100% secure, and we are unable to guarantee the absolute security of the personal information we have collected from you.

Children's Privacy

The Platforms and Services are not directed to or intended for individuals under the age of fourteen (14) years. We do not allow registration by, nor do we directly collect personal information from any person we know to be under the age of fourteen (14). ChristianaCare does not use personal information for targeted advertising or profiling without consent.

Changes to This Privacy Statement

We may amend this Privacy Statement in our sole discretion at any time. If we do, we will post the changes to this page and will indicate the date the changes go into effect. We encourage you to review our Privacy Statement to stay informed. If we make changes that materially affect your privacy rights, we will notify you by prominent posting on our Websites and/or via email, and obtain your consent, if required.

Contact Us

If you have any questions or concerns regarding this Privacy Statement, please contact us at:

ChristianaCare Office of Compliance and Privacy
P.O. Box 6001
Newark, DE 19714
PrivacyOffice@ChristianaCare.org
(302) 623-4468