Make an Appointment
MyChart
(707) 559-7500
Meet Our Providers
Donate

Privacy Policy

Effective date: October 21, 2025

Petaluma Health Center is committed to providing a website and digital experience that is accessible to the widest possible audience, including people with disabilities. We work continuously to improve the accessibility of our digital services so that all members of our community can access the care, information, and resources they need.
Protected under HIPAA & CCPA/CPRA

Our Commitment

Petaluma Health Center (“PHC,” “we,” “us,” or “our”) is a nonprofit, Federally Qualified Health Center serving Sonoma and Marin counties. This Privacy Policy explains how we collect, use, and share information when you visit phealthcenter.org and our related web pages (the “Site”). It applies to information collected through the Site only. By using the Site, you agree to the practices described here.

Important: Health Information and HIPAA

This Privacy Policy governs the Site. It does not govern protected health information (PHI) that PHC maintains as your healthcare provider. Information related to your care, treatment, appointments, and medical records is protected under the Health Insurance Portability and Accountability Act (HIPAA) and is described in our separate Notice of Privacy Practices, which controls how your PHI is used and disclosed.

Our patient portal, MyChart, is hosted by OCHIN on the Epic platform. Information you view or submit through MyChart is part of your medical record and is governed by HIPAA and our Notice of Privacy Practices, not by this Policy. For detailed medical questions or to share sensitive health information, please use MyChart or call us rather than sending it by email. Online forms on our Site that may collect health-related information are provided through Jotform on its HIPAA-compliant platform under a Business Associate Agreement (BAA), so that such information is handled with appropriate safeguards.

Information We Collect

Information you provide directly

  • Appointment and contact requests. If you request an appointment or contact us through the Site, we collect the information you provide, such as your name, phone number, email address, and the reason for your message.
  • Feedback and other forms. When you submit feedback or complete other forms on the Site, we collect the information you provide. Our online forms – including feedback, contact, and appointment-request forms – are built and hosted on Jotform, which PHC uses under its HIPAA-compliant plan and a Business Associate Agreement.
  • Donations. If you make a donation, we collect your name, contact information, and payment information. Payment card details are collected and processed by our third-party payment processor; PHC does not store full payment card numbers on the Site.
  • Job applications. If you apply for a position, we collect the information you submit, such as your resume, contact details, and work history.
  • Email and updates. If you sign up for newsletters or updates, we collect your name and email address.

Information collected automatically

When you visit the Site, certain information is collected automatically through cookies and similar technologies, including:

  • Your IP address, browser type, device type, operating system, and language settings;
  • Pages you view, links you click, the referring website, and the dates and times of your visits; and
  • Diagnostic and usage data that helps us keep the Site working and secure.

We use Google Analytics (loaded through Google Tag Manager) to understand how visitors use the Site. Some features also rely on third-party providers that receive your IP address in order to function – for example, Google Maps (location maps) and Google Fonts (web fonts). Our website host and content delivery network also process technical data to deliver the Site.

How We Use Your Information

  • To respond to your appointment requests, questions, and other inquiries;
  • To process and acknowledge donations and issue tax receipts;
  • To review and respond to job applications;
  • To send communications you request, such as newsletters and updates (you can opt out at any time);
  • To operate, maintain, secure, and improve the Site and understand how it is used;
  • To comply with legal, regulatory, grant, tax, and accounting obligations; and
  • To detect, prevent, and address fraud, abuse, or technical issues.

Cookies and Tracking Technologies

Cookies are small text files placed on your device. We and our service providers use cookies and similar technologies to operate the Site, remember your preferences, and measure and improve performance. You can manage your preferences through the “Cookies Settings” link in our Site footer, and you can also block or delete cookies through your browser settings. If you disable cookies, some parts of the Site may not function properly.

You can opt out of Google Analytics across websites by installing the Google Analytics Opt-out Browser Add-on at tools.google.com/dlpage/gaoptout. As of the effective date above, the Site does not use advertising pixels or social media advertising trackers.

How We Share Your Information

We do not sell your personal information. We share personal information only as described below:

  • Service providers. We share information with vendors that perform services on our behalf, such as our website host and content delivery network (GoDaddy), analytics (Google), maps and fonts (Google), online forms (Jotform), our donation payment processor, recruiting and applicant tools, and email or communications providers. These providers are permitted to use your information only to provide services to us.
  • Legal and safety reasons. We may disclose information if required by law, regulation, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety or the safety of others, or to prevent fraud or abuse.
  • Organizational changes. If PHC is involved in a merger, affiliation, reorganization, or transfer of assets, information may be transferred as part of that transaction, consistent with this Policy.

Sharing of protected health information is governed separately by HIPAA and our Notice of Privacy Practices.

Third-Party Services and Links

The Site relies on and links to third-party services that have their own privacy practices, including:

  • MyChart / OCHIN / Epic (patient portal) – governed by HIPAA and our Notice of Privacy Practices.
  • Google (Analytics, Tag Manager, Maps, Fonts) – Google Privacy Policy
  • Jotform (online forms, such as feedback and contact forms; used under PHC’s HIPAA-compliant plan and a Business Associate Agreement) – Jotform Privacy Policy
  • GoDaddy (website hosting and content delivery) – GoDaddy Privacy Policy
  • Social media platforms we link to – governed by each platform’s own privacy policy.

We are not responsible for the privacy practices of these third parties. We encourage you to review their policies.

How We Protect Your Information

We use reasonable administrative, technical, and physical safeguards designed to protect information collected through the Site, including transmitting data over encrypted (SSL/TLS) connections. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. Protected health information is safeguarded under HIPAA, as described in our Notice of Privacy Practices.

How Long We Keep Your Information

We retain information collected through the Site for as long as needed to fulfill the purposes described in this Policy and to meet legal, grant, tax, and accounting requirements. When information is no longer needed, we take reasonable steps to delete or de-identify it. Retention of medical records and PHI is governed by HIPAA and applicable law.

Children's Privacy

The Site is intended for a general audience and is not directed to children under 13 for the purpose of online data collection, and we do not knowingly collect personal information from children under 13 through the Site. Information about minor patients that PHC collects as part of providing care is handled under HIPAA, with parent or guardian involvement as required by law. If you believe a child has provided personal information through the Site, please contact us and we will delete it.

Your California Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), gives you certain rights regarding your personal information, subject to exceptions and to the law’s applicability to nonprofit organizations and to information already regulated by laws such as HIPAA:

  • Right to know the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to delete personal information we have collected from you, subject to legal exceptions (such as records we must keep for tax, grant, or legal purposes).
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing. We do not sell or share your personal information for cross-context behavioral advertising.
  • Right to non-discrimination for exercising any of these rights.

Information governed by HIPAA is generally exempt from the CCPA/CPRA. To exercise a right regarding Site information, contact us using the details below. We may need to verify your identity before responding, and you may use an authorized agent.

Your Choices

  • Email communications. PHC does not send marketing or promotional emails. The emails we may send are limited to necessary service-related and transactional messages – for example, responses to your inquiries, appointment-related messages, and donation receipts – which are not promotional and are not subject to unsubscribe.
  • Cookies and analytics. You can manage cookies through the “Cookies Settings” link in our footer, your browser settings, or the Google Analytics opt-out described above.

Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. Because there is no common industry standard for responding to DNT signals, the Site does not currently respond to them.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” above and post the updated version on this page. We encourage you to review this page periodically.

Contact Us

If you have questions about this Privacy Policy or how we handle information collected through the Site, please contact us:

Petaluma Health Center
1179 North McDowell Blvd, Petaluma, CA 94954

Phone: (707) 559-7500

For questions about your protected health information or our Notice of Privacy Practices, please contact our Privacy Officer using the contact information above.