Book an Appointment
Providers

Providers

Contact

Contact

Patient Portal

Patient Portal

Artesia General Hospital Website Privacy Policy

Effective Date: December 4, 2025

Artesia General Hospital (AGH) is committed to protecting the privacy of visitors and users of our public-facing website and online services. This Website Privacy Policy (the “Policy”) describes our online privacy practices concerning the use and disclosure of information we collect from you that is not Protected Health Information (PHI). We maintain information confidentiality and comply with applicable regulatory requirements, including state consumer privacy laws.   

Please review this Policy carefully. Your use of our website signifies your consent to the data practices described herein.   

I. Scope and Applicability

A. The Crucial Distinction: PII vs. PHI

This Policy governs how Artesia General Hospital collects, uses, and discloses Personal Information (PII) and Non-Personally Identifiable Information (Non-PII) gathered through our public website (the “Website”).

  • Personal Information (PII): Information that can be used, alone or in combination with other information, to personally identify you, such as your name, date of birth, postal address, telephone number, email address, Internet Protocol (IP) address, and precise or general geolocation data.   






  • Non-Personally Identifiable Information (Non-PII): Data that cannot be used to identify you, such as aggregated usage statistics, de-identified data, browser type, or device type.   






B. Exclusion of Protected Health Information (PHI)

THIS WEBSITE PRIVACY POLICY DOES NOT APPLY TO PROTECTED HEALTH INFORMATION (PHI).  

PHI, as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), is individually identifiable health information created, received, maintained, or transmitted by AGH related to your health, health care, or payment for health care.   Your PHI is covered exclusively by the Artesia General Hospital Notice of Privacy Practices (NPP). The NPP outlines your patient rights and our legal duties regarding PHI. The NPP is available for review and download at: artesiageneral.com

II. Information We Collect

We collect certain information, including PII, from and about our website users through the following methods:

A. Information Provided Directly by You

We collect PII when you voluntarily provide it to us through online forms, inquiries, or features on the Website. This may occur when you:   

  • Subscribe to a newsletter or email list.
  • Submit a question or feedback form.
  • Sign up for a class, event, or educational content.
  • Complete an online job application.

The PII collected may include: name, telephone number, email address, home or business address, and other demographic information.   

B. Information Collected Automatically (Web Server Logs and Tracking)

When you access our Website, our web server and automated systems automatically record information about your visit.   

  • Server Logs: We collect your Internet Protocol (IP) address, the operating system and browser type you use, the date and time of your visit, the pages you view, referring/exit pages, and specific usage patterns (e.g., search terms used).   







Geolocation Data: We may collect information about your approximate or general location (e.g., determined by your IP address or postal code) for analytics and security purposes. 

III. How We Use Your Information

We use the PII and Non-PII collected for the following business purposes:   

  • To provide and manage the services and information you request (e.g., sending newsletters).
  • For security monitoring, system integrity, fraud prevention, and to maintain the safety of the Website.   





  • To analyze and improve the performance, design, and functionality of our Website.
  • To communicate with you directly in response to your inquiries or feedback.
  • To comply with all applicable legal requirements and industry standards.

IV. Online Tracking Technologies and HIPAA Compliance

A. Cookies and Tracking Mechanisms

Our Services use cookies, web beacons, and other tracking technologies to personalize our services for you and collect usage data.   

  • Cookies: Small text files transferred to your device’s hard drive to collect usage information and track user activity. We may use both session cookies (which expire shortly after you close your browser) and persistent cookies (which remain on your device for a longer period).   





  • Web Beacons/Pixel Tags: Tiny graphic files with a unique identifier used to count users who have visited certain pages or to determine the effectiveness of advertising campaigns.   






You may manage or opt out of non-essential cookies via your browser settings or a “Cookie Preferences” link on our Website. Note that rejecting cookies may disable some Website functionality.   

B. Do Not Track (DNT) Signals

We do not currently honor “Do Not Track” (DNT) or Global Privacy Control (GPC) browser signals.   

C. Critical HIPAA Compliance for Tracking Technology

The use of tracking technologies on hospital websites presents a significant risk of impermissibly disclosing Individually Identifiable Health Information (IIHI), which is a component of PHI.   

  • High-Risk Pages: When you visit webpages related to specific health conditions (e.g., oncology, pregnancy), symptom checkers, unauthenticated appointment scheduling pages, or Patient Portal login/registration pages, the tracking of your PII (such as IP address, email address, or login credentials) may be considered a disclosure of IIHI/PHI.   







Our Commitment: To prevent the unauthorized disclosure of PHI/IIHI to non-Business Associate vendors, AGH affirms the following legal commitment: We will ensure that any tracking technology vendor receiving data from high-risk pages has either (1) a current, signed Business Associate Agreement (BAA) in place with AGH; OR (2) we will employ technical processes to strip out or de-identify all IIHI/PHI before transmission to any non-BAA vendor.   








V. Your Privacy Rights (Non-PHI PII)

If you are a resident of a state that grants specific consumer rights over your PII (such as California or Colorado), you possess the following rights concerning the Non-PHI PII collected by this Website, subject to verification and legal exceptions:   

  • Right to Access: The right to request and receive a copy of the specific PII we have collected about you.
  • Right to Correction/Amendment: The right to request the correction of inaccurate or incomplete PII we hold about you.
  • Right to Deletion: The right to request the erasure of the PII we have collected from you.
  • Right to Opt-Out of Sale or Sharing: The right to opt-out of the “sale” or “sharing” of your PII, which includes disclosing data for cross-contextual behavioral advertising (targeted advertising).   





  • Right to Appeal: The right to appeal our decision regarding any privacy request denial.

How to Exercise Your Rights:

To exercise these rights concerning your Non-PHI PII, please contact us using the information in Section IX. To exercise rights regarding your PHI (e.g., access to medical records), please follow the procedure outlined in our Notice of Privacy Practices.   

PII Collection, Use, and Disclosure Summary

The table below summarizes the categories of Personal Information the Website has collected, disclosed for a business purpose, and “shared” (or sold, under a broad interpretation of state law) for cross-contextual behavioral advertising purposes in the preceding 12 months.

Category of Personal InformationCollected in Last 12 Months?Disclosed for Business Purpose?Shared/Sold for Targeted Advertising?
Identifiers (Name, Email, Phone, IP Address)YesYesYes
Internet or Electronic Network Activity (Browsing history, usage patterns)YesYesYes
Geolocation Data (Region, IP location)YesYesYes
Professional or Employment-Related Information (Job applications)YesYesNo
Inferences Drawn from PII (Preferences)YesYesYes

VI. Data Security and Retention

A. Security Measures and Risk Disclaimer

We implement general security measures intended to protect your PII from unauthorized access, loss, or disclosure.   

MANDATORY RISK DISCLAIMER: Unfortunately, the transmission of information via the internet is not completely secure. While we make every effort to protect your PII, we cannot guarantee the absolute security of information transmitted to our Website. You understand and acknowledge that your use of the Website and the sharing of your Personal Information is entirely at your own risk. Sharing your Personal Information carries the risk that data may be intercepted or accessed by unauthorized parties. We are not responsible for the circumvention of any privacy settings or security measures contained on the Website.   

B. Data RetentionWe may retain PII only for the period necessary to fulfill the purposes for which it was collected, and in accordance with our internal data retention policies and legal obligations. For example, we commit to disposing of most categories of Non-PHI PII no later than 5 years from the date of collection, unless a longer period is required by law.   

VII. Children’s Privacy (COPPA)

Our Website is intended for a general audience and is not directed to children. We do not knowingly collect PII from children under the age of 13. If we learn that we have inadvertently collected PII from a child under 13, we will promptly delete that information.   

A. Third-Party Websites and Social Media

This Policy does not apply to the practices of third-party organizations linked from our Website, including social media platforms (e.g., Facebook, Google) or external service providers. We are not responsible for the content, privacy practices, data collection, or security policies of these third parties. You are encouraged to review their respective privacy policies.   

B. Patient PortalsIf you access a secure Patient Portal linked from our Website, your activity within that Portal, and the health information handled therein, is strictly governed by the Artesia General Hospital Notice of Privacy Practices (NPP), and not by this public Website Privacy Policy.  

IX. Contact Information and Policy Changes

A. Contacting Us

If you have any questions, comments, or concerns regarding this Website Privacy Policy or wish to exercise your rights concerning your Non-PHI PII, please contact us: [email protected]

B. Changes to Our Privacy Policy

We reserve the right to update this Policy periodically to reflect changes in our practices or legal requirements. The most current version will always be posted on this page, and the “Effective Date” at the top will be revised accordingly. We encourage you to review this Policy regularly.