Security & Privacy Policies
Epic Website Privacy Policy for Website Visitors & Job Seekers
Last Updated: December 10, 2024
Overview
Epic Systems Corporation (“Epic”) builds software and tools with the patient at the heart.
This Privacy Policy describes how we collect and use your information when you visit the websites listed below (“Our Websites”):
- epic.com
- careers.epic.com (our “Careers Site”)
- cosmos.epic.com
- link.epic.com
- mychart.org (our “MyChart Site”)
- mychartcentral.com
- shareeverywhere.epic.com
- uwcs.epic.com (our “Taste of Epic Site”)
- efficiency.epic.com (our “Provider Efficiency Training Site”)
We may update this policy at any time, and future updates are effective as soon as they are published. If you are interested, you should check back from time to time and make sure that you have reviewed the most current version of this policy.
Information You Provide to Our Websites
Information You Give Us
You may contact us through the methods listed on Our Website. If you contact us, we may keep a record of the communication to help answer or resolve the matter you contacted us about. You can decide how much information you want to share with us in those cases.
You may sign up for a campus tour by providing us with your name, email address, and phone number via the sign-up form on our Visiting Us page. If you sign up for a campus tour, your information will be stored in Microsoft Bookings, and you can find more details about this on Microsoft’s website.
If you submit your story and contact information to us via the Share My Story page on the MyChart Site, we may use the information you provided to contact you about your story.
You may also provide us with your name, phone number, email address, organization, and credentials when you submit your information to Epic via the form linked on the Provider Efficiency Training Site. This information will be stored on Epic-owned servers in the United States and used for purposes such as:
- Confirming you are employed by a healthcare organization that uses Epic software
- Registering you for provider efficiency classes
- Contacting you about future educational opportunities
We use Issuu to host a digital copy of Epic’s magazine, the Epic Almanac. If you view the Epic Almanac, your information may be subject to the Issuu Privacy Policy.
Our Website and Servers, Your Use of Browsers
When you use Our Websites, our servers may automatically collect and record information. In most cases, this information is generated by technologies, such as “cookies,” “flash LSOs,” “web beacons” or “clear GIFs.” You can read more about how we use cookies below.
Your browser or device may tell us your:
- Browser type
- Language preference
- Internet Protocol (IP) address (which may tell us generally where you are located)
- Type of device or system you used
Your browser may also tell us:
- The time and date of your request
- The page that led you to Our Website
- What you typed into a search engine that led you to Our Website, if applicable
Cookies
We use strictly necessary cookies on Our Websites to perform the critical site function of keeping website visitors on the same server they initially connected to when they first navigated to one of our websites (i.e., for load balancing).
We use Squarespace to build our Provider Efficiency Training Site and our Taste of Epic Site, which means those websites include the “functional and required” cookies from Squarespace, described on the Squarespace website.
Note that Epic does not use the optional Squarespace “analytics and performance” cookies. However, independent of Epic, Squarespace collects information about you when you visit our websites built on the Squarespace platform as described in section 4(b) of their privacy policy (see references to End Users of Users’ sites).
Do-Not-Track
Some web browsers and operating systems include a Do-Not-Track (DNT) setting that you can activate to signal your preference not to have information about your online activities monitored. There is currently no uniform standard for recognizing and implementing DNT signals. As a result, Our Websites do not respond to DNT signals. If a standard for recognizing DNT signals is adopted in the future and we follow that standard, we will inform you about our approach in an update to this Privacy Policy.
MyChart Central
If you have a MyChart Central account, we store limited personal information on Epic-owned servers in the United States, including the contact information you used to create your account and link it with your healthcare organization MyChart accounts. You can edit and share MyChart Central account information with the healthcare organizations you choose to link to your MyChart Central account.
Information You Provide to Our Careers Site
We use our Careers Site to help facilitate our recruitment process. When you contact us through our Careers Site about career opportunities at Epic, we may ask you for certain information so we can evaluate you as a candidate and meet certain legal obligations. The information you provide directly to our Careers Site as part of the application process is collected with your consent, and is collected in addition to the information you provide through Our Websites (as listed above) and may include:
- Demographic information, including race, gender, veteran status, and disability status
- Contact information
- Details of your qualifications, skills, experience, and education
- Information about your employment history and salary
- Whether you have a disability for which we can make reasonable accommodations during the recruitment process
- Information about your legal status to perform the position for which you apply in the region where the position is based
How Do We Collect Your Information?
During the recruitment process, you may provide information to us in the following ways:
- The application form on the Careers Site
- Your resume or CV (if you submit one with your application)
- Tests or other forms of assessments administered during the recruitment process
- Copies of transcripts or other documentation submitted by you during the course of your application
- Information collected from third parties, including previous employers and educational institutions
How Do We Use Your Information?
The information that you provide to us during the recruitment process is retained and processed as we evaluate you for a position. We may use this information for purposes such as:
- Evaluating your candidacy for a position at Epic
- Contacting you during our recruitment process
- Processing your employment if Epic offers you a position
- Processing and storing your data for internal tracking metrics
- Processing your data in order to meet certain legal or regulatory obligations
- Improving the Careers Site
In addition to processing your data with your consent, Epic has a legitimate interest in processing your data to manage our recruitment process and assess whether you are a viable candidate for a career at Epic. All applicants, regardless of location, may opt out of any future contacts from Epic at any time.
Who Has Access to Your Information?
When you provide your information to Epic as part of the recruitment process, your information may be shared with Epic staff and certain third party service providers working with Epic, such as Avature Recruiting Solutions. Epic staff includes members of the human resources and recruitment teams, interviewers involved in the recruitment process, staff in the business area to which you are applying, and information technology (IT) staff. Other third party service providers or contractors may also have access to your information if we reach out to references or conduct background checks.
How Long Does Epic Keep Your Information?
Epic will retain your information for as long as it makes use of such information as a part of the recruitment process and for other permitted purposes. If your application for employment is successful, information gathered during the recruitment process will be added to your human resources file and may be retained throughout your employment with Epic.
How We Protect Your Personal Information
We use a combination of process, technology and physical security controls to protect the privacy, security, integrity, and availability of your personal information.
- When you submit your information through Our Websites, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the top or bottom of your web browser, or looking for “https” at the beginning of the URL address of the web page.
- We maintain internal policies and processes that limit access to your information our staff and contractors who need to know the information to perform their jobs and develop or improve our websites, products, and services.
Links to Other Sites
Our Websites contain links to other sites and may contain embedded media hosted by third parties, such as YouTube videos. Epic is not responsible for the content or privacy practices of other sites. We encourage you to be aware when you leave our site or engage with media hosted by third parties and to read the privacy statements of any other site that collects your information.
If you use Share Everywhere
Share Everywhere allows patients to share a one-time, web-based view of their health record from their healthcare organization with anyone they choose, and the individual viewing the record can use Share Everywhere to add documentation to a patient’s electronic health record. In addition to your use of our Share Everywhere website being subject to this policy, your use of Share Everywhere is also subject to the terms of use and privacy policy of the participating healthcare organization. Please contact the participating healthcare organization for more information.
Your Privacy Rights
GDPR and UK GDPR Privacy Questions
If you need to contact our Data Protection Officer or EU Representative, please email EUPrivacyInquiries@epic.com or call +1 608-271-9000.
If you are a Data Subject as defined by GDPR and you have questions related to personal data held by a healthcare organization that uses Epic software, you should reach out to your healthcare organization for requests related to that personal data. If you have questions related to your personal data held by Epic (for example, if you have applied for a job via our Careers Site or submitted your contact information to Epic via the form linked on the Provider Efficiency Training Site), you can exercise your rights by contacting Epic at EUPrivacyInquiries@epic.com.
California Privacy Questions
Please visit our Privacy Notice for California Residents.
Contact Epic
If you have questions about your medical information in an account with a healthcare organization using Epic’s software, please reach out to your healthcare organization using the contact information in their privacy policy.
If you have any questions about this policy, contact us at +1 608-271-9000 or at PrivacyInquiries@epic.com.
Carequality Information Handling Practices Statement
Epic is a member of Carequality, an initiative of The Sequoia Project. Epic makes functionality available to its customers to enable them to exchange data with other healthcare organizations using the Carequality Framework. Epic does not handle information transmitted in the course of its customers’ use of Carequality.
Security
Report a Potential Security Vulnerability or Concern →
