Information Technology
Search IT Help Desk
Home | Privacy Statement

Privacy Statement

JOHNS HOPKINS UNIVERSITY & MEDICINE: PRIVACY STATEMENT FOR WEBSITES AND MOBILE APPLICATIONS

Effective Date: October 1, 2025

This Privacy Statement applies to the website or mobile application that is linked to this Privacy Statement (the “Services”) provided by Johns Hopkins University and Johns Hopkins Medicine or its affiliates (collectively, “Johns Hopkins,” “we,” “us,” or “our”).   

IMPORTANT NOTE: This Privacy Statement does not apply to medical information that would be considered “Protected Health Information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Johns Hopkins Medicine Notice of Privacy Practices is a separate document that describes how Johns Hopkins may use and disclose medical information about you and your rights with respect to your medical information. If there is ever any conflict between this Privacy Statement and the Notice of Privacy Practices, the Notice of Privacy Practices will apply.  

I. Collection of Information 

Information You Provide to Us 

We, and our third-party service providers, may collect information you provide directly to us, such as when you contact us, submit information via an online form, register for an account or sign up for a newsletter, submit a job application, respond to a survey, or otherwise communicate with us. The categories of information we may collect include:  

  • Contact information, such as your name, email address, phone number, and address, date of birth, and other similar identifiers; 
  • Usernames and passwords; 
  • Payment information, such as your credit card information; 
  • Personal health information, including information about your diagnosis, previous treatments, general health, and health insurance; 
  • Pictures, audio, and video, such as recordings of business calls or in the context of your attendance at events or functions we organize; 
  • Information you make available to us on a social media platform (such as by clicking on a social media icon linked from our Services), including usernames, posts, pictures, videos, and messages; 
  • Survey responses, reviews, and other user content stored or entered into the forms found in our Services; and  
  • Any other information you provide to us while using our Services. 

Information Collected Automatically 

We, and our third-party service providers, may collect certain information automatically when you use our Services through the use of cookies, pixels, and similar technologies. The categories of information we may automatically collect include: 

  • Identifiers, such as your Internet Protocol (IP) address, device and advertising identifiers, cookie IDs, and other electronic identifiers;  
  • Details regarding the device you use to interact with some of our Services, such as its location, operating system, browser type, and your internet service provider; 
  • Geolocation data of the device you are using to access Services; 
  • Details about your use of our Services, such as the pages that you visit before and after using the Services, the date and time of your visit, information about the links you click and pages you view within the Services, traffic data, location data, weblogs and other communication data.  

Information We Collect from Other Sources  

We may collect information about you from other sources, such as publicly available sources or commercially available databases (where permitted by law). The categories of information we may collect about you from other sources include: 

  • Identifiers, such as email addresses from marketing vendors; 
  • Commercial information, such as potential interests from data supplementation services; 
  • Public and government record information, including court records and government agencies; 
  • Demographics, such as your gender, age, or veteran status provided by data supplementation services or search engines; and 
  • Professional information, such as employer, salary, or job title from references, recruiters, or employment-related services. 

Cookies and Other Tracking Technologies 

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. We use cookies, pixels, and similar technologies to better understand how our Services are used and to help us serve you better. The information we collect automatically through these technologies may be linked to other information we collect about you. 

You can choose not to allow some types of cookies by using our cookie consent tool One Trust for managing your cookie settings. You can review and change your cookie settings by selecting the Manage Cookie Preferences link in the footer, where available.  

You may be able to opt out of or block the automatic collection of certain types of information by adjusting the cookie settings on your web browser or engaging directly with the third parties who conduct tracking. However, if you do this you may not be able to use the full functionality of our Services.  

Your browser or device may include “Do Not Track” functionality. Please note that our Services do not support “Do Not Track” requests at this time.  

II. How and Why We Use Information Collected  

We may use your information we collect for the following purposes:  

  • To improve and operate our Services, including to provide you with our products or services, to process and fulfill your requests, and for other customer service and business administration purposes. 
  • To interact with you, including providing interest-based content for communications for which you have requested. For example, we may collect information about your geographic location and a specific interest, so that we can highlight a program or resource close to your location. 
  • To evaluate how users use our Services, including by generating and analyzing statistics, including understanding the effectiveness of our marketing, events, promotional campaigns, and publications. 
  • To evaluate, recruit, and hire personnel. 
  • To comply with legal requirements, to detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal; and to protect the rights of Johns Hopkins. 

We may aggregate or de-identify any information collected about you, and we may use that aggregated or de-identified information for any purpose. 

III. Information Shared by Us with Third Parties 

We may share the information described above as set forth in this Privacy Statement or as otherwise described at the time such information is collected from you. We will not sell, rent, or swap this information, nor will we authorize any of our third-party service providers or business partners to use this information for profiling for automated decision-making that produce legal or similarly significant effects, targeted advertising, or for their own commercial purposes without your permission. The categories of third parties with which we may share information with include: 

  • Affiliates. We may share information with a parent, subsidiary, or affiliate entity within the Johns Hopkins family. Any organization to which we provide such information is required to keep it confidential and to use such information only in accordance with this privacy statement. 
  • Service Providers. We employ other companies and individuals to perform a variety of functions on our behalf. For example, we may provide information as necessary to companies that host our Services or send communications on our behalf. These service providers may have access to information about you if it is needed to perform their functions for us, but they are not authorized by us to use or disclose such information except as necessary to perform services on our behalf or to comply with legal requirements, and they are required to maintain the information in confidence. 
  • Legally Required. We reserve the right to disclose information if required to do so by law or by a regulatory authority, including those that regulate higher education. We may also disclose information as part of an investigation or enforcement action relating to improper or illegal conduct in connection with our Services or other products, including, without limitation, any situations that may potentially involve threats to the safety or privacy of any person or misuse of our Services. 
  • Aggregated and De-identified Data. We may disclose aggregated or non-identified data to third parties without restriction. 
  • Business Partners. Johns Hopkins may securely share your information with our business partners, such as local advertisers who pay for banner ads on Johns Hopkins Services and vendors who coordinate the collection of donations to the university. These business partners may use the information received by them to contact you to offer you certain opportunities, products, services, or promotions. Once your information has been shared with a business partner, it is no longer subject to the control of Johns Hopkins or subject to this privacy statement, however Johns Hopkins requires its business partners to maintain appropriate data security. 

IV. How We Protect Your Information 

We take precautions to protect your information by establishing, implementing, and maintaining reasonable administrative, technical and physical data security safeguards to protect the information appropriate to the volume and nature of the information we collect.  

Nevertheless, you should keep in mind that no website or Internet transmission is ever completely secure or error-free, so we cannot guarantee the security of your information collected through our Services. 

The Services may offer opportunities to communicate through email. Because normal email is not encrypted, the possibility exists that unauthorized individuals may intercept email messages. Johns Hopkins, its parents, and affiliates are not responsible for the privacy and security of email messages except those stored in our system. 

V. Third-Party Links 

Occasionally, we may include or offer third-party products or services on or linked to our Services for your convenience and information. These third-party websites have separate and independent privacy policies. We are not responsible for the content and activities of these linked websites that we do not control.  

VI. COPPA (Children’s Online Privacy Protection Act) 

We do not knowingly collect or use information from children under the age of 13 on our Services. If we become aware that we have obtained information from an individual under the age of 13, we will delete such information in accordance with applicable law.  

VII. Information for Individuals Located Outside the United States 

Johns Hopkins is located in the United States. Our Services are directed only at customers in the United States. If you are using our Services, or any part thereof, from outside of the United States, please be aware that your information may be transferred to, stored, or processed in the United States and maintained on computers or servers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.   

If you are located in the European Economic Area (EEA), Switzerland, or the UK, you may have additional rights, including the right to access, correct, erase, restrict processing of, and object to processing and profiling of your information, and to complain to a supervisory authority within your jurisdiction. By using any portion of our Services, you understand and consent to the transfer of your information to the United States and those third parties with whom we share it as described in this Privacy Statement. 

VIII. California Privacy Rights 

Under California law, California residents have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personally identifiable information—such as name, email, and mailing address, and the type of services provided to the customer—that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the name and address of all such third parties. To request the above information, please email us at: [email protected] with a reference to California Disclosure Information. Please note that we are only required to respond to each customer once per calendar year. 

IX. Additional Terms Regarding Johns Hopkins Medicine MyChart 

Information collected through Johns Hopkins Medicine MyChart will be used and shared with third parties only as permitted by HIPAA and other laws protecting the privacy of health information. 

Johns Hopkins Medicine MyChart is developed by Epic Systems Corporation; please refer to Epic’s Mobile Application Privacy Policy for Patients for more detailed information about the limited ways they may interact with your information to make your use of Johns Hopkins Medicine MyChart possible. 

X. Updates to this Privacy Statement 

We reserve the right to modify this Privacy Statement at any time. We will indicate changes to the Privacy Statement by updating the “Effective Date” at the beginning of the Privacy Statement. Your continued use of the Services after any update to this Privacy Statement will constitute your acceptance of the changes.  

XI. Contact Us 

If you have any questions about this Privacy Statement, or would like to submit a request to exercise your rights under applicable law, please contact us at [email protected] or: 

Johns Hopkins Privacy Officer 

733 N. Broadway, MRB Suite 102B 

Baltimore, MD  21205 

We may have a reason under the law why we do not have to comply with your request or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.  

Because email communications are not always secure, please do not include health information or other sensitive information in your emails to us.