Privacy Policy

LAST UPDATED: December 8, 2022

We are committed to the care and improvement of human life. Part of that commitment includes protecting your Personal Information (defined below). We maintain information confidentiality and comply with applicable regulatory requirements.

1. Acceptance of Terms

This privacy policy (“Privacy Policy”) is published by HealthTrust Purchasing Group, L.P., (“HealthTrust,” “We,” “Us,” “Our”) to explain Our online privacy practices with respect to use and/or disclosure of information We may collect from you when you access or use this website (the “Website”) or the associated member Portal (“Portal”) (collectively “Website & Portal”).

By accessing and using Our Website & Portal, you acknowledge and fully understand Our Privacy Policy and freely consent to the information collection and use practices described in this Privacy Policy. IF YOU DO NOT CONSENT TO THE INFORMATION COLLECTION AND USE PRACTICES DESCRIBED BELOW, YOU MUST IMMEDIATELY CEASE ANY ACCESS OR USE OF OUR SERVICES.

2. Information Collected

Our Website & Portal may permit you the opportunity to provide Us with Personal Information.  As used in this Privacy Policy, “Personal information” means any information that may be used, either alone or in combination with other information, to personally identify an individual as defined by applicable state laws as noted below.

We collect certain information, including Personal Information, from and about Our users in three ways:

  • directly from you;
  • directly from our web server logs; or
  • cookies and web beacons.

2.1. Information Provided by You or Your Employer on Your behalf

We and Our service providers collect Personal Information through online forms to provide certain features of the Website & Portal to you. For example, if you wish to contact Us for more information on our GPO services via Our Website & Portal, We may request you to fill out a form with information such as your name, e-mail address, phone number, and employer. If you do not provide the information required to submit the forms, We may not be able to provide you with related features and services.

In some cases, you may have the opportunity to enter into Our secure forms any content that you choose. You are responsible for such content and We reserve the right to use such content as part of Our services.

2.2. Web Server Logs

When you access or use Our Website & Portal, We may track information to administer Our Website & Portal and analyze its usage. Examples of information We may track include, without limitation:

  • Your Internet protocol address;
  • The kind of browser or computer you use;
  • Number of links you click within Our Website & Portal;
  • State or country from which you accessed Our Website & Portal;
  • Date and time of your visit;
  • Name of your Internet service provider;
  • Third party websites you linked to or from Our Website & Portal; and
  • Pages or information you viewed on Our Website & Portal.

We use this information to analyze and improve Our Website & Portal and related GPO services, monitor traffic and usage patterns for information security purposes, and to help make our Website & Portal more useful.

2.3. Cookies and Web Beacons

Cookies are text files that are sent by servers to web browsers and stored on your computer. They tell Us which parts of Our Website & Portal you have visited so We can save your preferences for future visits to Our Website & Portal. Web beacons and pixel tags are images embedded in a webpage or e-mail for the purpose of measuring and analyzing usage and activity. Some cookies and other technologies may serve to recall Personal Information previously provided by a user. Our Website & Portal, or third-party service providers acting on Our behalf, may use cookies, web beacons, and pixel tags to help Us analyze usage and improve our functionality.

We use information collected from cookies and other technologies to improve your user experience and the overall quality of Our Website & Portal and connected GPO services. We use cookies to help Us identify and track visitors, your usage of Our Website & Portal, and your access preferences. We may use your Personal Information to see which web pages you visit Our Website & Portal, which websites you visited before coming to Our Website & Portal, and where you go after you leave Our Website & Portal. We can then develop statistics that help Us understand how Our visitors use Our Website & Portal and how to improve it. If you do not wish to have cookies placed on your computer, you should set your browsers to refuse cookies before using Our Website & Portal.  Please understand that if you do so, you may not be able to fully utilize Our Website & Portal and therefore we disclaim, and you hereby waive, any claim or liability that may arise due to your partial or incomplete access to the content of any of Our Website & Portal as a result thereof.


We may use Google Analytics cookies to help Us to analyze traffic and understand how Our customers use Our Website & Portal.  For more information on Google Analytics’ processing of Personal Information, please see  You may opt out of the use of Google Analytics here:

We reserve the right to share aggregated site statistics monitored by cookies and web beacons with Our affiliates and partner companies.

3. Third Party Advertising

Advertisements appearing on Our Website & Portal may be delivered to users by advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This Privacy Policy covers the use of cookies by Us and does not cover the use of cookies by any advertisers. We and Our service providers may use information about your interactions with Our Website & Portal to predict your interests and select the ads you see on and off Our Website & Portal. This is known as interest-based advertising. In providing interest-based ads, we follow the Self-Regulatory Principles for Online Behavioral Advertising developed by the Digital Advertising Alliance (“DAA”).  For more information about interest-based advertising and how you can opt out, visit:

4. Protected Health Information

HealthTrust does not solicit, collect or need access to protected health information (“PHI”) to provide access to Our Website & Portal. Please refrain from sending us PHI.  If you do engage HealthTrust to perform a service that involves HealthTrust obtaining access to the personal information of your patients, each patient’s personal information in Our possession will be de-identified and kept confidential and protected as PHI as required by the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and the applicable provisions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.  PHI will only be disclosed as required by state or federal law. This protection extends to PHI that is oral, written, or electronic. HealthTrust is committed to protecting PHI. If there is a breach of PHI, HealthTrust is required by law to notify the member.

5. Additional Privacy Information for Portal

As a service to Our members, we also provide provisional access to a Portal which includes, among other things, information and resources regarding HealthTrust agreements, suppliers and communications.  The following additional privacy terms and protections apply to use of the Portal.

Use of the Portal may require or include pages giving you the opportunity to provide Us with personal identifying information (“PII”) about yourself. If you choose not to provide this information, it may limit your ability to use certain functions of the Portal and/or request certain services or information. When you seek access to the Portal, We need to confirm it is you so We ask you for information such as your name and email or physical address and other information such as your date of birth (which we may also use to make sure you are eligible to use the Portal in accordance with the terms) and the answers to “secret questions” to which only you know the answers. This information may be used to help administer your user account and in managing your account. We may need to ask you for the information again when you sign in from a new device.

6. How May Your Information be Used and Disclosed

If you submit or we collect Personal Information through our Website & Portal, then such Personal Information may be used in the following ways: (i) to provide, analyze, administer, and improve our Website & Portal and related GPO services; (ii) to contact you in connection with our Website & Portal or related GPO services and appointments, events or offerings that you may have registered for or requested; (iii) to identify and authenticate your access to the parts of our Portal or other password-protected services that you are authorized to access; (iv) to send you surveys and marketing materials; (v) for recruiting and human resources administration purposes; (vi) to protect Our rights or Our property and to ensure the technical functionality and security of our Website & Portal; and (vii) as required to meet our legal and regulatory obligations.

We do not sell, lease, rent or otherwise disclose the Personal Information collected from Our Website & Portal to third parties unless otherwise stated below or with your consent.

  • Service Providers & Contractors. We transfer Personal Information to service providers and contractors to perform tasks on Our behalf and to assist Us in providing Our Website & Portal. We may use service providers and contractors for security and website analytics. We use commercially reasonable efforts to only engage or interact with service providers and contractors that post a privacy policy governing their processing of Personal Information, and require them to maintain confidentiality and comply with applicable laws in the processing of Personal Information.
  • In the Event of Merger, Sale, Divestitures or Change of Control. We may transfer or assign Personal Information to an entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control.
  • Other Disclosures. We may disclose Personal Information about you if We have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce Our terms of use, purchasing agreements, or participation agreements, including investigations of potential violations thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect against harm to our or third parties’ rights, property or safety.

In addition to the uses and disclosures of information outlined above, your information may also be used and disclosed as follows:

  • If another individual is managing your account on your behalf, as authorized by you or as a personal representative under applicable law, that person can view all of your information in the Portal.
  • We may use your information to send you surveys and marketing materials.
  • We may use your information to respond to your questions and provide you services.

7. Information Security

No website can guarantee security, but We maintain industry accepted physical, electronic, and procedural safeguards to protect your personal information collected via our Website & Portal in compliance with applicable law. Please see the Terms of Use via the website homepage (“Terms of Use”) for more specific information about information security and your responsibilities.

8. Proactive Privacy Protection

In order to protect your privacy, you should:

  • Never share your username or password;
  • Always sign out when you are finished using the Portal;
  • Use only secure web browsers;
  • Employ common anti-virus and anti-malware tools on your system to keep it safe;
  • Use a strong password with a combination of letters and numbers;
  • Change your password often; and
  • Notify Us immediately if you believe your login and/or password have been compromised at

If you share your Portal username and password with another person, this will allow that person to see your confidential information. We have no responsibility concerning any breach of your confidential information due to your sharing or losing your user name or password.

9. Third Party Websites

If you use Our Website & Portal to link to another third party website, you may decide to disclose personal information at that website. In contacting that third party website, or in providing information on that website, that third party may obtain personal information about you. This Privacy Policy does not apply when you leave Our Website & Portal and go to a third party website. We encourage you to be aware when you leave Our Website & Portal and to read the privacy statements of each third party website that collects personally identifiable information.

10. User Communications

Email communications that you send to Us via the email links on Our Website & Portal may be shared with a customer service representative, employee or agent that is most able to address your inquiry. We make reasonable efforts to respond in a timely fashion once communications are received. Once we have responded to your communication, it is discarded or archived, depending on the nature of the inquiry and all applicable laws, rules and regulations. The email functionality on Our Services does not provide a completely secure and confidential means of communication. It is possible that your email communication may be accessed or viewed by another Internet user while in transit to us. If you wish to keep your communication private, do not contact Us via email.

11. Communications Opt-Out

We may send certain messages, including electronic newsletters, notification of account statuses, and marketing communications on a periodic basis. If you wish to be removed from such messages, you may request to discontinue future ones. All such material will have information as to how to opt-out of receiving it, although certain messages (such as an account status update), may be required by law and will not have opt-out capabilities.

12. Information Retention.  We keep your personal data only as long as necessary to provide you with Our services and for legitimate and essential business purposes, such as maintaining the performance of our Website & Portal and related GPO services, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. We keep some of your personal information for as long as you are a registered member of Our services.

13. Your Privacy Rights

13.1. Under California’s “Shine the Light” law, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of personal information, such as name, e-mail and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact Us at with a reference to California Disclosure Information.  We will endeavor to respond to such requests to information access within 30 days following receipt at the e-mail address stated above. If we receive your request at a different e-mail address, we will respond within a reasonable period of time, but not to exceed 150 days from the date received. Please note that We are only required to respond to each customer once per calendar year.

13.2. California Consumer Privacy Act  (“CCPA”). This section only applies to California residents (“Consumers”). For the purposes of this section only, “Personal Information” means information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household.

13.2.1. Collection and Sharing of Personal Information.  

The chart below describes:

  • The categories of Personal Information that We have collected, disclosed, or sold about Consumers in the preceding twelve (12) months and may collect about you through Our Website & Portal.
Category Examples Source of Personal Information Collected Categories of Third Parties to Whom Personal Information was Shared or Disclosed Business or Commercial Purpose of Sharing or Disclosing Personal Information
Identifiers Name, address, e-mail address, telephone number, IP address, birth date Directly from you or from your Employer on your behalf; automatically when you use Our Website & Portal. Service Providers; Affiliates
  • Verify consumer’s identity
  • Provide customer service regarding products and features
  • Support Our internal and business operations
  • Fulfill a consumer’s request
Personal Information categories described in Cal. Civ. Code § 1798.80(e) Name, address, telephone number, employment title Directly from you or from your Employer on your behalf; automatically when you use Our Website & Portal. Service Providers; Affiliates
  • Verify consumer’s identity
  • Provide customer service regarding products and features
  • Support Our internal and business operations
  • Fulfill a consumer’s request
Internet or other similar network activity Internet protocol address, type of browser, number of links clicked within Our Website & Portal, state or country from which you accessed Our Website & Portal, date and time of visit, name of Internet service provider, third party websites you linked to from Our Website & Portal, pages or information you viewed on Our Website & Portal, number of times you have viewed an ad Automatically when you use Our Website & Portal Service Providers; Affiliates
  • Enable consumer to request information or purchase a product from Our services.
  • Support Our internal and business operations
  • Fulfill a consumer’s request


The purposes for which the categories of Personal Information shall be used, and the business or commercial purposes for collecting personal information, are described in detail in the following sections of this Privacy Policy:  Web Server Logs, Cookies and Web Beacons, Third Party Advertising, Additional Privacy Information for Portal, Protected Health Information, How May Your Information Be Used And Disclosed, and User Communications.

13.2.2. California Consumers have the following rights: Right to Request Information. You have the right to request that We disclose the following information to you, limited to the preceding twelve (12) months:

  • The categories of Personal Information that We collected about you;
  • The categories of sources from which the Personal Information is collected;
  • The business or commercial purpose for collecting or selling Personal Information;
  • The categories of third parties with whom We share Personal Information;
  • The specific pieces of Personal Information that We have collected about you;
  • The categories of Personal Information that We disclosed about you for a business purpose or sold to third-parties; and
  • For each category of Personal Information identified, the categories of third parties to whom the information was disclosed or sold.

Please note, under California Law, that We are only required to respond to such requests from you twice in a twelve-month period. Right of Deletion.You have the right to request that We delete any Personal Information about you which we have collected from you, subject to exceptions within the law. Right to Opt-Out. We do not sell your Personal Information for monetary payments. However, the definitions of ‘personal information,’ ‘share,’ and ‘sale’ under the California law are broad. Because of the breadth of these definitions under the California law, We have provided opt-out links. You have the right to direct Us not to sell or share your Personal Information. Right to Opt-In. Unless proper consent is acquired, a business shall not sell or share the personal information of consumers if the business has actual knowledge that the consumer is less than 16 years of age.  We do not have actual knowledge that we collect, share, or sell the Personal Information of minors under the age of 16. Right to Limit Use and Disclosure of Sensitive Personal Information. You may request specific limitations on further sharing, use, or disclosure of your sensitive Personal Information, as defined by California privacy laws, which is collected or processed for “the purpose of inferring characteristics about a consumer.”  However, We do not collect or process sensitive Personal Information for this purpose. Right to Correction. You have the right to request that We maintain accurate Personal Information about you and correct any Personal Information about you which We have collected from you, subject to exceptions within the law. 

If you would like to exercise your rights, please refer to the below section “Consumer Requests.”

13.3. Your Nevada Privacy Rights

We comply with the requirements of the Nevada Privacy law, which provides residents with choices regarding how we share information. Nevada Covered Personal Information (“Nevada Personal Information”) includes personally identifiable information about a Nevada consumer collected online, such as an identifier that allows the specific individual to be contacted. Nevada Personal Information also includes any other information about a Nevada consumer collected online that can be combined with an identifier to identify the specific individual.  We may collect the following categories of covered information about you through Our Website & Portal:

  • First and Last Name;
  • Physical Address;
  • Email Address;
  • Telephone Number; and
  • User Name.

Information on how we may disclose your Nevada Personal Information is described in detail in the above section “How May Your Information be Used and Disclosed.”

Third parties may collect covered information about your online activities over time and across different Internet websites or online services when you use the Website & Portal.

We do not sell your Nevada Personal Information for monetary payments. However, the definitions of ‘personal information,’ ‘share,’ and ‘sale’ under the law are broad. Because of the breadth of these definitions under the law, We have provided opt-out links. You have the right to direct Us not to sell or share your Nevada Personal Information..

If you use or visit Our Website & Portal, you may review and request changes to any of your covered information that is collected.

If you would like to exercise your rights, please refer to the below section “Consumer Requests.”

14. Consumer Requests.  You may exercise your consumer rights by clicking on the following link and completing the request form, emailing us Personal Information Request or by calling us at 844-422-3282. Non-Discrimination. We may not discriminate against you because you exercise any of your rights under the CCPA, including, but not limited to:

  • Denying goods or services to you;
  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  • Providing a different level or quality of goods or services to you; or
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services. Verifying Requests. CCPA requires Us to verify your identity when you make a consumer request to help protect your privacy and maintain security.  If you request access to or deletion of your Personal Information, We may require you to provide additional information, including but not limited to: name, email address, telephone number, or company. When you make such a request, We will respond within the time frames legally required and provide an explanation for any denials of requests. Authorized Agents.  You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf.  Your agent may contact Us to make a request on your behalf. Even if you choose to use an agent, We may, as permitted by law, require:

  • The authorized agent to provide proof that you gave written permission to the authorized agent to submit the request;
  • You to verify your identity directly with Us; or
  • You to directly confirm with Us that you provided the authorized agent permission to submit the request

15. International Visitors

Our Services directed through Our Website & Portal are intended solely for businesses located in the United States.  Visitors from outside the United States should refer to Our HealthTrust Europe domain at  If you are using Our Website & Portal from outside the United States, your information may be transferred to, stored or processed in the United States, where Our servers are located and Our central database is operated. Although the data protection and other laws of the United States and other countries might not be as comprehensive as those in your country, We take steps to protect your privacy, including, for transfer of Personal Information from the European Economic Area, the use of contractual clauses (known as “Model Clauses” or “Standard Contractual Clauses”) that have been approved by the European Commission. By using Our Website & Portal, you understand and agree that your information may be transferred to Our facilities and those third parties with whom We share it as described in this Privacy Policy.

16. Children May Not Use the Services or Portal

We will never ask for or knowingly collect information from children through the Services or Portal. If you are a child, you are not permitted to use Our Website & Portal or related GPO services and should immediately exit our Website & Portal. If you think that We have collected personal information from a child through Our Website & Portal, please contact us at and We will dispose of the information as required by applicable law.

17. Policy Changes

We reserve the right to change the terms of this Privacy Policy at any time by posting those changes in revisions to this Privacy Policy, so that you are always aware of our processes related to collection, use and disclosure of information. We urge you to check here for any updates to this Privacy Policy from time to time. Unless otherwise indicated, any changes to this Privacy Policy will apply immediately upon posting to Our Website.

18. What if I have Questions or Concerns Regarding this Privacy Policy?

If you have any questions or concerns about this Privacy Policy or the information practices of Our Website & Portal, please contact us at

You may also contact us at:

HCA Healthcare
Data Protection Officer
One Park Plaza
Nashville, TN 37203