Duke Health Online Privacy Policy

Effective Date: April 25, 2023

Thank you for your interest in Duke Health ("Duke Health") websites and mobile applications. The purpose of this Online Privacy Policy ("Privacy Policy") is to tell you how Duke Health collects, uses, shares, and protects personal information we may obtain about you when you visit one of our websites (e.g., dukehealth.org, physicians.dukehealth.org, corporate.dukehealth.org, medschool.duke.edu, and nursing.duke.edu) or use certain of our mobile applications (each a "Site" and collectively, the "Sites"). Duke Health Sites are subject to this Privacy Policy and our Website Terms and Conditions of Use ("Terms of Use"), which you should review thoroughly before using the Sites. This Privacy Policy does not apply to My Duke Health (previously Duke MyChart site or "MyChart") which has its own terms and conditions.

Please note that this Privacy Policy does not apply to protected health information ("PHI") which is subject to privacy regulations published under the federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and is separately addressed in Duke Health’s HIPAA Notice of Privacy Practices ("NPP").

We may update this Privacy Policy from time to time, in which case we will update the Effective Date at the top of this page. When you use the Sites, you are agreeing to the Privacy Policy and Terms of Use in effect as of the date of your visit. Do not use a Site if you do not agree with this Privacy Policy, the Terms of Use, and any other policies or terms that apply to that Site.

Collection of Personal Information

Personal Information You Submit

When you visit our Sites, we and our service providers may obtain personal information that you provide directly to us (e.g., when you when you submit an inquiry or register for an event through a Site). This personal information may include your name, email address, telephone number, and other details you choose to submit.

Certain Sites may offer interactive features, such as chatbots, to help users navigate the Sites and to perform routine customer support services. Your use of these interactive features is voluntary, and we may capture and retain information submitted through these features, including the type and nature of inquiries. By using these features, you understand that our vendors may process the information you submit to provide the service on our behalf.

Information Collected Automatically

In addition to personal information you submit to us, we and our vendors use analytics tools and other third-party technologies to collect certain information automatically when you use our Sites. This information may include IP addresses, device and software identifiers, referring and exit URLs, onsite behavior and usage information, feature use metrics and statistics, usage history, MAC Address, mobile unique device ID, geolocation data, demographic and interest data, and other similar information.

For example, certain Sites use analytics technology to support the operation and performance of the Sites and to analyze visitor interactions on the Sites. This technology also provides us with general information about traffic to our Sites, Site performance, and related statistics.

You also may be able to opt out of certain interest-based advertising using the settings on your browser. Please note that your choice(s) may apply only to the browser or device you are using when you opt out, that we do not control how other parties manage their opt-out processes, and that if you disable cookies, some features on our Sites might not function properly. Do Not Track ("DNT") is a type of privacy preference signal that may allow you to opt out of online tracking. Currently, our Sites do not respond to DNT signals.

Information obtained automatically through our Sites may be combined with information about your online activities over time and across different devices and websites.

Use of Personal Information

Duke Health uses information obtained through the Sites in furtherance of its mission, including the provision of clinical, services, to conduct research, to educate and inform users of Duke Health Sites and other communities we serve, and for other compatible purposes, such as responding to your inquiries, facilitating and improving your online experience, and maintaining the security and integrity of the Sites.

For example, if you provide your email address so that you can receive emails about a particular activity or topic, we may send you information about other activities or topics that we believe are compatible with your request. If you wish to stop receiving such promotional communications from us, you may use the "unsubscribe" link included in our emails to opt out. Please note that we may still send you transactional and administrative emails even if you opt out of promotional communications.

Other examples of how we may use personal information obtained through the Sites include:

  • Provide you with information, items, or services, or to process transactions that you have requested or agreed to receive;
  • Communicate with you, including responding to inquiries you submit and/or emailing, calling, or texting you in accordance with your preferences and subject to your consent, where required by law;
  • Process your registration for events, newsletters, and on pages that require registration, including as necessary for authentication and verification purposes;
  • Manage and administer the Sites, including maintaining user accounts;
  • Create new service offerings, personalize and optimize your experience on any of the Sites, or to suggest specific content that may be most relevant to you; and
  • Prevent unauthorized, improper, fraudulent, or illegal activities on the Sites.

Disclosure of Personal Information

We may disclose personal information obtained through the Sites to our subsidiaries, affiliates, and vendors subject to applicable law and in accordance with contractual restrictions. In addition, we may disclose personal information for the purposes described below.

  • Legal compliance: for example, to law enforcement, government authorities, regulatory bodies, or other parties as we deem necessary or appropriate to comply with laws, regulations, court orders, or other legal obligations, or to assist in investigations to prevent fraud or other harms, and to enforce our agreements and policies.
  • Corporate transactions: we may disclose personal information to third parties in connection with a business transaction, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business assets (including negotiations of the transaction).
  • Security and safety: this may include disclosing personal information to a third party to prevent harm, fraud, or any other illegal activities; to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury; or to protect the security or integrity of the Sites or our services and products.

Information Security

Duke Health has implemented reasonable and appropriate security measures to help safeguard your personal information against unauthorized or illegal access, destruction, use, loss, modification, or disclosure.

Although we follow reasonable procedures to safeguard information, transmission via the Internet is not completely secure and we cannot guarantee the security of your information submitted online. Accordingly, please carefully consider the information you access and share online (including on our Sites) before doing so.

Links to Other Websites

Our Sites may include links or otherwise allow you to access other websites and online services that are not operated by Duke Health. Duke Health is not responsible for the privacy practices of these or any other websites that we do not control, and this Privacy Policy does not apply to websites or mobile applications that are run by third parties. Be sure to review all privacy policies and terms of use on any website or mobile application you access.

Children's Privacy

Duke Health Sites are not directed to children and we do not intentionally collect personal information from individuals under the age of 13. If we become aware that we have collected personal information from a child, we will securely delete such information in accordance with applicable law.

Visitors from Outside the United States

If you are visiting our Sites from outside of the United States, be aware that information we collect about you through the Sites will be transferred to, and processed in, the United States or other jurisdictions. The data protection laws in the United States may not be as protective as those of the country in which you are located, and your personal information may be subject to access requests from governments, courts, law enforcement, or other third parties in the United States according to laws of the United States.

Contact Us

If you have any questions about this Privacy Policy or our personal information practices, you may contact us at privacypolicy@dm.duke.edu or call us at 888-275-3853. Given the potential security risks associated with email, please use caution when sending any personal information via email.