Website Privacy Policy
Website Privacy Policy
Effective: July 2026
Note: This policy relates specifically to our website. For information on how medical information may be used and shared and patient rights, please review our Notice of Privacy Practices.
WE RESPECT YOUR PRIVACY. THIS PRIVACY POLICY DESCRIBES HOW WE COLLECT AND USE YOUR PERSONAL INFORMATION. PLEASE READ IT CAREFULLY.
The websites and services provided through the website (the “Site”) are provided by Sheppard Pratt and its affiliates (“we,” “us” or “our”). You (“you” or “your”) have a limited right to access and use the Site for your noncommercial, personal use and information only. Your use of the Site constitutes acknowledgment of this Privacy Policy. Certain data practices, such as the use of analytics or advertising cookies, are subject to your preferences and applicable consent requirements. If you do not agree to this privacy policy, please discontinue use of our Site. Your use of our Site is an express acceptance of these terms.
Privacy Settings
As described in this privacy policy, we collect and process your data on this site to better understand how it is used. On your first visit and subsequently every six month, we will ask you for guidance on what information we can collect. You can change your privacy settings.
What Information Do We Collect?
Information that you provide to us. For example, you provide information when you:
- Fill out forms on the Site
- Communicate with us by phone, email or chat
- Respond to surveys
- This personal information may include your:
- Name
- Address
- Phone number
- e-mail address
- Information pertaining to your health
- Information related to your employment or affiliation with us
- Other demographic information, such as
- Your ZIP code
- Age
- Gender
- Preferences, interests, and favorites
- Information about your visit to the Site. For example, we may collect:
- Information about the network you use to access the Internet, such as the domain and the host information
- Information about computer or mobile device that you are using, including the IP address, browser, and operating system
- Information about which pages on our Site you visit
What vendors do we use to collect information associated with your visit?
We use Piwik PRO Analytics Suite as our primary website/app analytics software and consent management tool. We chose Piwik PRO because their service is designed to collect information in a HIPAA compliant way. Through Piwik PRO, we collect data about website visitors based on cookies. The information collected may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.
We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns.
Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.
Google Analytics: We may use cookies provided by Google Analytics on web pages unrelated to patient care, such as pages tied to clinician training and employee recruitment. Google may use this information to learn more about visitors to these pages and provide customized ads to those individuals in the future. These are categorized as Advertising cookies and can be turned off at any time. Learn more about Google privacy policies
Forms: If you submit information through a form on our website, the information we receive will be governed by our privacy policies and will be collected through either:
1) Our website’s content management system – this form is used for non-patient applications.
2) Microsoft Forms – This software is designed to securely collect patient information. Learn more.
3) Oracle’s Eloqua Software – this software is designed to securely collect patient information, subject to this privacy policy and HIPAA regulations.
COOKIES
We use “cookies,” which are small text files stored on your computer/device (and maintained by your browser), and often include a randomized unique identifier so that the Site can ‘recognize’ this cookie again. We use three categories of cookies on our site:
Mandatory Cookies: These essential cookies are technically necessary to provide the Site and its core functionality to You and cannot be turned off.
Analytics Cookies: These cookies track how you use our website and include information such as the referral web domain, type of operating system/browser used, date and time of visit, and other information relating to activities on the Site.
Advertising Cookies: These are cookies used by us and third-party advertisers to help identify people who might benefit from our services and help make them aware of the services that might be helpful. These cookies may track visitors across websites. On patient related pages, we use Piwik Pro to manage any advertising cookies to align with HIPAA guidelines.
We do not use cookies to retrieve information from your computer or device for purposes that are unrelated to the Site or your interaction with the Site. You may stop or restrict cookies on your computer or purge them from your browser by adjusting your web browser preferences and you should consult the operating instructions that apply to your browser for instructions should you wish to do so and in general to determine how best to configure your browser settings to meet your requirements. Note that if you “turn off,” purge, or disable cookies, although you may still use the Site, you may not be able to use all of the features, functions, or services available on the Site.
Clear GIFS
Clear GIFs are tiny graphics with a unique identifier. We, and our service providers and business partners, may use Clear GIFs on our website or in HTML emails. On a website, these clear GIF’s operate in a similar manner as cookies. In emails, they help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
How We Use Information
We use the information you provide and we collect to:
- Operate the Site
- Provide the services you request.
- Administer the Site and diagnose problems with our server and networks;
- Provide you with information about the Site;
- Assist you and help us perform responsibilities described in the Terms of Use;
- Measure the number of visitors to the Site and how the Site is used in order to make the Site as useful as possible to our visitors;
- Provide authorities or relevant individuals with information related to the Site as required by law; and
- Fulfill any other purpose for which you provide information
How Can We Share Information?
We do not use or disclose sensitive personal information, such as race, religion, or political affiliation, without your express consent.
We expect that all collection, use, and disclosure of your information will occur in the United States and will be governed by United States law; however, some information may travel over the Internet outside of the United States. Even if some information does travel outside the United States, you agree that the laws of the United States will apply.
We will not sell or rent your information to anyone, but we may share your basic demographic information (such as your name, IP address, and physical or email address) with others, such as our subsidiaries, contractors, trusted partners, and affiliates as necessary to operate our business, and as permitted by law.
If we share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries, such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information. These trusted partners also have privacy policies.
We do not share your personal information with third parties for their direct marketing purposes.
What About Aggregated Data?
We may aggregate (combine) data about visitors to the Site in a non-identifiable manner and use it for our business purposes unrelated to your use of the Site.
For example, we may aggregate data for product development and improvement activities and disclose such aggregated data to third parties.
No personally identifiable information is available or used in this process.
We may use information you provide to promote the products or services of strategic partners but will not directly provide your personally identifiable information to these strategic partners for promotional purposes.
What About Governmental and Legal Disclosures?
Except as described above, we do not disclose the identities of visitors or users of the Site unless legally required to do so, or unless we believe, in good faith, that sharing is necessary:
- to protect your safety or the safety of others,
- to protect our rights,
- to investigate fraud, or
- to respond to a government request.
We will respond to any subpoena received from a government agency (i.e., the Securities and Exchange Commission or law enforcement agencies) without prior notice to you. Unless prohibited by law or by a valid court order, we will attempt to notify you of any subpoena received from any other party (i.e., for civil litigation) which requires us to disclose your identity, and will wait for the appropriate time period required under federal and Maryland law before providing the information requested by the subpoena.
What About Do Not Track?
Websites and web applications can track your movements on the Internet to better tailor suggestions for you based on your interests. We may track your movement through the Site and across third party websites to provide targeted content, and therefore we do not respond to Do Not Track (DNT) signals. However, some people do not want their browsing behavior to be tracked. Your web browser allows you to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked. We also suggest that you read the privacy policies of third-party websites to see if those websites track your browsing. Information gathered using tracking technology will be used and disclosed as described in this Privacy Policy, and the privacy policies of the applicable privacy policies.
What About Compliance with COPPA?
The Site is not directed at children under the age of 13. We comply with the Children's Online Privacy Protection Act (“COPPA”) and do not knowingly permit registration or submission of personally identifiable information by anyone under 13 years of age. This age requirement is posted each time we request personally identifiable information. If you believe information about a child under 13 has been submitted, please advise us in writing and we will delete it.
What About International Privacy Laws?
If you are visiting our websites from outside the United States, please be aware that you are sending information (including personal data) to the United States, where our servers are located. That information may then be transferred within the United States or back out of the United States to other countries. All data collected through the Site will be stored exclusively in secure hosting facilities provided by us or our service providers. We have data processing agreements in place with our service providers consistent with applicable privacy and data security laws.
Sheppard Pratt and its affiliates are located in, and provide services in, the United States, and are governed by United States law. For visitors from the European Union, countries outside of the EU (such as the United States) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence. The United States has not been issued an adequacy decision finding the data privacy laws to provide an adequate level of protection, and no other basis for transfer exists. Therefore, the collection and transfer of data will occur on one of the following bases, depending on the type of transfer and the surrounding factual situation:
The transfer is necessary for performance of a contract between you and a Sheppard Pratt entity. This will apply when, for example, you are buying a product or signing up for information.
The transfer is necessary for the conclusion or performance of a contract between Sheppard Pratt and another person or entity, that is in your interest. This will apply when, for example, you request a product or further information from a third party through our Site.
The transfer is necessary for the establishment, exercise, or defense of legal claims. This would apply if there developed a dispute between you and a Sheppard Pratt entity.
You explicitly consent to the transfer, having been informed of the possible risks of the transfer. This paragraph explains the possible risks: while we exercise great care to protect personal data, it is possible that we may be required to produce personal data to U.S. legal authorities upon presentation of a subpoena, court order, search warrant, or other legal process. We will evaluate the legal process and resist such legal demands on your behalf unless it is clearly valid based on the legal opinion of our attorneys. The data protection laws in the United States may also provide for other uses of data, including uses for marketing that differ from the use for which the data was originally collected ("secondary uses"); however, except where otherwise compelled by law, our collection, storage, and use of your personal data will at all times continue to be governed by this Privacy Policy.
What About Marketing Use?
You agree that we can store information that you provide to us on a form and use it to assist you in making an appointment, providing other services, or for communications related to our services, educational offerings, events, or care coordination, subject to your preferences and applicable law.
What are privacy rights specific to Maryland Residents?
If you are a resident of Maryland, you have certain rights regarding your personal information under applicable Maryland privacy laws. These rights apply to personal information collected through this Site and are subject to certain legal exceptions.
Your Rights Include:
Right to Access
You have the right to request confirmation of whether we are collecting or using your personal information and to access the personal information we have collected about you through the Site.
Right to Correction
You have the right to request that we correct inaccurate personal information that you have previously submitted through the Site, taking into account the nature of the information and the purposes for which it was collected.
Right to Deletion
You have the right to request that we delete personal information collected from or about you through the Site, subject to applicable legal obligations and exceptions (for example, where the information is needed to comply with law, protect security, or complete a transaction you requested).
Right to Data Minimization and Purpose Limitation
We collect and use personal information only to the extent reasonably necessary to provide and operate the Site, respond to your requests, or as otherwise permitted by law. We do not use sensitive personal information, including health related data, for purposes that are not reasonably necessary or compatible with the context in which it was provided.
Right to Limit Certain Uses of Sensitive Personal Information
Where required by law, we obtain your consent before processing sensitive personal information, including health related information, for purposes beyond providing requested services or Site functionality.
Right to Appeal
If we decline to take action on your request, you have the right to appeal our decision. Instructions on how to submit an appeal will be provided with our response.
How to Exercise Your Rights
To exercise any of the rights described above, please contact us using the information provided in the “How Can You Contact Us?” section of this Privacy Policy. We may request additional information to verify your identity before responding to your request.
We will respond to verified requests within the time periods required by applicable Maryland law. If we deny your request, we will explain the basis for the denial and provide information on how to appeal our decision.
Please note that certain rights may be limited where fulfilling the request would:
- Interfere with our legal obligations,
- Compromise the privacy or rights of another individual, or
- Be technically infeasible due to the way the information is maintained.
How Secure is the Site?
The Site has security measures in place to protect against the loss, misuse, or alteration of information under our control. However, no security is perfect, and no security system can prevent all security breaches. You transmit information to us at your own risk. Unless portions of the Site, such as forms, contain specific terms with respect to HIPAA compliance and use involving Protected Health Information, you acknowledge that the Site is not HIPAA compliant and you should not store or transmit Protected Health Information on the Site. Except where expressly stated for specific tools or forms, most areas of the Site are not intended for the collection or storage of Protected Health Information. You acknowledge and agree that the Site is not intended to provide any medical advice. We are not your business associate under HIPAA as a result of your use of the Site.
Will this policy be updated in the future?
We may update the Privacy Policy to reflect evolving regulations as well as company and customer feedback. We encourage you to periodically review the Privacy Policy to remain informed of how we use and protect your information. Our use of information gathered or obtained is subject to the Privacy Policy in effect at the time of such use. When we update our privacy policy, we will also update the effective date for your awareness.
How Can You Contact Us?
We welcome your comments regarding this Privacy Policy. If you believe that we have not adhered to this Privacy Policy, please contact us at:
Sheppard Pratt
6501 N. Charles Street
Baltimore, MD 21204
Attn: Chief Compliance Officer
Privacy@sheppardpratt.org
We will use commercially reasonable efforts to promptly respond to your inquiry
What If My Information is Wrong?
You may write to us at the contact address above if you believe information you have submitted to us through the Site is incorrect. We may not be able to correct that information, because, for example, we did not save the information in question, or because we do not yet have a process to update the information.
Can I Get a Copy of My Information?
You may write to us at the contact address above to request a copy of the information you have submitted or we have collected about you through the Site. If we are able to collect and provide the information, we will do so. In some cases, we may not be able to collect and provide the information, because of the way the data is used and stored.