Effective Date: May 6, 2024

Every day, you trust us with your health – Memorial Hermann takes this responsibility seriously.

This Privacy Policy describes how we, Memorial Hermann Health System (“Memorial Herman,” “We,” “Us,” or “Our”), collects, uses, and shares your personal information when you use our Services, visit our websites and apps, including the Everyday Well patient portal and the My Memorial Hermann patient portal, and interact with us online or offline (collectively, the "Services").

If you are a patient of Memorial Hermann, please review our HIPAA Privacy Notice, which describes how we use and disclose protected health information (PHI), our legal duties with respect to PHI, and your rights with respect to PHI and how you may exercise those rights.  We may also offer certain products, programs or services that have unique or additional terms, privacy notices and/or consent forms that explain how we process information.

We collect personal information online and offline in a few different ways:

  • Information that you provide. We may collect personal information and other information that you provide when you use our services, attend programs or events, donate to us, and any other data that you may choose to submit or provide.
  • When you create an account. We collect information from you when you create an account including a username and password that you select to establish an account.
  • Information from public or third-party sources. We may collect or acquire data from public sources or brokers including, but not limited to, social media, websites that enable social sharing or credit bureaus. We also may collect information from industry and patient groups and associations, or combine information we have collected from multiple sources.
  • Information collected from devices you use to connect with us. We collect data through our websites and apps and automatically from devices you use to connect to our Services. For more information about this, please see our "Cookies and Other Technologies" below.

If you choose to submit any personal information relating to other people, you represent that you have the authority to do so and permit us to use the information in accordance with this Policy.

What Personal Information and Other Information do we collect?

We may collect the following types of personal information:

  • Contact Information such as name, email address, mailing address, and phone number.
  • Account Information such as any username, email and password that you may provide in connection with establishing an account on our websites or apps.
  • Biographical and demographic information such as date of birth, age, photo, gender, ethnicity, marital status, and sexual orientation. In certain circumstances, we may also collect information about children, parents and legal guardians.
  • Financial and payment information such as information we need to complete a transaction, like a credit card number. If you apply or are participating in a patient assistance program, we may also collect information to verify your eligibility.
  • Internet activity such as your Internet Protocol ("IP") address, browsing history, your search history and information on your interaction with our online services.
  • Health information relating to your health status including information related to your physical or mental health or conditions and diagnoses.
  • Other personal information collected online or offline to help us better identify and offer services and information that we believe may be of interest to you, or help us better understand your experience with our products.
  • Communications with us, including interactions with us and contacts through social media channels.
  • Professional credentials such as your educational and professional history, institutional and government affiliations, information included on a resume or curriculum vitae, education and work history (such as work experience, education and languages spoken).
  • Event and participant information collected in connection with our hosted events or activities you attend or participate in.
  • Publicly-available information related to your practice, such as license information, disciplinary history, prior litigation and regulatory proceedings, and other due diligence related information.

How Do We Use Personal Information?

How we use your information depends on how you interact with us and what services you use. We use patient information in accordance with our HIPAA Privacy Notice. Other data is used in accordance with this General Privacy Policy.

Under this policy, we use personal information to:

  • Provide and develop our services and programs. We collect information to provide our services, maintain our websites and apps, and manage our programs.
  • Manage our relationship with you.
  • Perform tasks or services with your direction or consent.
  • Process transactions. We collect payment information to process your transactions and deliver our services and administer certain programs.
  • Communicate with you. We use your information to respond to your inquiries from you or send you reminders about upcoming events or appointments.
  • Market our services and programs.
  • Keep information secure and prevent fraud. We may use personal information to monitor, detect and prevent fraud and improper or illegal activity and protect you, Memorial Hermann, other individuals, and the public. We also use data to secure our online services including our network, websites and apps debug our online services.
  • Comply with law. To comply with applicable law, comply with our legal and regulatory obligations, and defend ourselves in litigation and investigations and to prosecute litigations.
  • Improve internal business purposes. We may use personal information for our internal business purposes, such as data analysis, audits, developing new products, enhancing our services, identifying usage trends and determining the effectiveness of our promotional campaigns.
  • Enable location-based features. Some of our applications and mobile-optimized sites may have location-based features. To deliver these features, we may collect and use location data provided by your mobile device. When you use such applications, you are asked to consent to the collection and use of your mobile device location data for purposes of delivering these location-based features.

We may aggregate, anonymize and/or de-identify data we collect about customers and site visitors and use it for any purpose, including product and service development and improvement activities.

How Do We Share Personal Information:

We may share your information within our affiliated companies or entities. We may also share your information with our service providers, who act on our behalf, our partners and collaborators, and at your direction.

Below are more details on how we share data.

  • Service providers. We may provide your personal information to our vendors, contractors, business and service partners, or other third parties. Examples of service providers include advertisers, payment processing companies, customer service and support providers, email, IT services and SMS vendors, web hosting and development companies and fulfillment companies. Our practice is to require Service Providers to keep your personal information confidential and to use personal information only to perform functions for us.
  • Health Care Providers and Organizations: We may share your information with your health care providers and other health care organizations or professionals.
  • Collaborators. Collaborators are partners or other organizations with which we jointly develop and/or promote our services.
  • In connection with a merger, acquisition, or business transfer. If we sell all or part of one of its product lines or divisions, your information may be transferred to the buyer.
  • Government, regulatory and law enforcement agencies. We reserve the right to disclose your information to respond to authorized information requests from government authorities, to respond to valid judicial requests, to address national security situations, to provide security and investigate potential fraud, or when otherwise required by applicable law. We may also disclose your personal information as required by law to any competent law enforcement body, regulatory or government agency, court or other third party where we believe the disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request or legal process served on us, or to protect the safety, rights, or property of our customers, the public, our personnel, or others, and to exercise, establish or defend our legal rights.

We do not sell your personal information or transfer personal information to third parties to use for their own benefit; however, we allow certain companies to place tracking technologies like cookies or pixels on some of our websites and apps. Those companies receive information about your interaction with our Services that is associated with your browser or device and may use that data to serve you relevant ads on our Services or others.

At our discretion, we may also disclose aggregated, anonymized or de-identified information that is not personally identifiable to third parties.

Your Privacy Rights and Choices

Depending on where you reside, you may have certain rights and choices regarding our processing of your personal information. These rights may be in addition or in place of the rights you have under HIPAA and include the following:

  • Know the categories and/or specific pieces of personal information collected about you, including whether your personal information is sold or disclosed, and with whom your personal information was shared
  • Access a copy of the personal information we retain about you
  • Request deletion of your personal information
  • Direct us to correct your personal information

To help protect the security of your personal information, we will verify your identity in connection with any requests. Also, we take steps to ensure that only you or your authorized representative can exercise rights with respect to your information. If you are an authorized agent making a request, we may require and request additional information to protect the personal information entrusted to us, including information to verify that you are authorized to make that request.

There may be situations where we cannot grant your request. For example, if you make a request and we cannot verify your identity, we will not be able to comply with the request. We may also be unable to comply with your request if we have a legal or regulatory obligation to keep your personal information. Other reasons your request may be denied are if it jeopardizes the privacy of others or would be impractical or infeasible to honor.

Where we deny your request in whole or in part, we will take steps to inform you of the denial and provide an explanation of our actions and the reasons for the denial.

We will not restrict or deny you access to our services because of choices and requests you make in connection with your personal information. Please note, certain choices may affect our ability to deliver the services. For example, if you sign up for one of our community programs, we need certain information to ensure you are eligible to participate in the program.

You may exercise any of your rights in relation to your personal information by contacting us using the details provided in the “How Can I Contact You” section below.


If you no longer wish to receive promotional marketing materials from us, you may opt out of receiving such materials. You may unsubscribe from receiving marketing or other commercial emails from us by following the instructions included in the email. We will work to comply with your request as soon as we can.

However, even if you opt out of receiving such communications, we may need to continue to send you certain non-marketing communications (such as information about changes to our Privacy Policy or Terms of Use).

How do we keep Personal Information Secure?

It is our practice to take steps to secure our services; however, the confidentiality of information transmitted over the Internet cannot be guaranteed. We urge you to exercise caution when transmitting personal information over the Internet, especially personal information related to your health. We cannot guarantee that unauthorized third parties will not gain access to your information; therefore, when submitting personal information to our websites or apps, you must weigh both the benefits and the risks.

Third Party Sites

We may provide links to websites and other third-party content that is not owned or operated by us. The websites and third-party content to which we link may have separate privacy notices or policies. We are not responsible for the privacy practices of these websites.

If you provide any personal information through a third-party site, your interaction and your personal information will be collected by, and controlled by the privacy policy of, that third party site. We recommend that you familiarize yourself with the privacy policies and practices of any such third parties, which are not governed by this privacy policy.

Cookies and Other Technologies

Our online services, interactive applications, and advertisements may use cookies and other technologies such as web beacons. We use this information to better understand, customize and improve user experience with our websites, services, and offerings as well as to manage our advertising. This information can make your use of our services easier and more meaningful by allowing us and our service providers to provide better service, customize sites based on consumer preferences, compile statistics, provide you with more relevant advertisements based on your interests, analyze trends and otherwise administer and improve our products and services.

Your web browser can be set to allow you to control whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to your browser. If your browser is set to reject cookies, websites that are cookie-enabled will not recognize you when you return to the website, and some website functionality may be lost. The Help section of your browser may tell you how to prevent your browser from accepting cookies.

My Memorial Hermann and MyChart Patient Portal Users

Click here to learn about the limited ways My Memorial Hermann and MyChart may interact with your information.

Children’s Privacy

Outside of the patient context, we do not directly collect data from children (we define "children" as minors younger than 13). If you are a parent or guardian and become aware that your child has provided us with information, please contact us using one of the methods specified below and we will work with you to address this issue.

Transfer of Personal Information Between Countries

Any information you provide to us may be stored and processed, transferred between and accessed from the United States, where we are located.

How Can I Contact You?

If you have questions about your information, please contact us by clicking on the "Contact Us" link on the website you are visiting or by e-mailing us at webmaster@memorialhermann.org. Alternatively, you may send a letter to the following address:

Memorial Hermann Privacy Office
909 Frostwood, Suite 2:205
Houston, Texas 77024

In all communications with us, please include the email address used for registration (if applicable), the website address or the specific program to which you provided personal information and a detailed explanation of your request. We will do our best to respond to all reasonable requests in a timely manner.

Notification of Changes to this Privacy Policy

This Policy may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security practices evolve. However, we will take reasonable steps to notify you of material changes we make to this Policy. We display an effective date and a latest revision date on the Policy above so that it will be easier for you to know when there has been a change. You are responsible for regularly reviewing this Policy. Your continued use of our services constitutes your acceptance of the revised terms. Small changes or changes that do not significantly affect individual privacy interests may be made at any time and without prior notice.