Web Privacy Statement

Statement on website privacy practices for Rush University System for Health

Statement on website privacy practices for Rush University System for Health

This policy describes how Rush University System for Health handles information from users in the course of a visit to this website. See the Patients & Visitors section of the site for information about the Medical Center's patient care privacy policy.

Please contact our web administrator with any questions:

RUSH web administrator

Write to the web administrator at the address below:

RUSH University Medical Center
1700 W. Van Buren St., Suite 456
Chicago, IL 60612

Information Collection and sharing

Rush University System for Health is the sole owner of information collected through the website www.rush.edu. We do not collect any personally identifiable information unless users voluntarily supply it as part of a request for service or information. We do not share information collected through the website with any third-party advertisers.

Use of 'Cookies'

A "cookie" is a small file that a website puts on a user's computer with their agreement. This website uses cookies to track how visitors use the website. Cookies also streamline a user's experience of the website during a visit.

In most cases, a web browser will automatically accept cookies. Users should be able to change browser settings to disable cookies. Disabling cookies may make it more difficult to use some parts of the website. For more information about deleting cookies, see the web browser's help section.

Like many websites, www.rush.edu uses Google Analytics to gather information about how visitors use the website. Users may opt out if they do not want their data to be used by Google Analytics. Visit Google to learn how.

Email Communications

Website users may choose to communicate with the website administrator and other staff members at Rush University System for Health via email addresses shared on this website. Users should be careful when sending email. If a user sends an email to a member of the RUSH staff, that user is authorizing a response via email. If a user does not want to receive a return email, they may contact Rush University System for Health by telephone rather than sending an email. For information on security of communications between Rush University System for Health and patients, please see the patient privacy information on this site.

Normal email is not encrypted. Because of this, it is possible for unauthorized individuals to intercept emails sent to Rush University System for Health. The System is responsible for the privacy of messages that we store on our network. Rush University System for Health is not responsible for the privacy of those messages once we have sent them to a website user or a user's email provider. We are also not responsible for the privacy of messages while they are in transit from a user to the System.

Rush University System for Health encrypts certain email messages that contain sensitive information, such as patient medical and financial information. This is to protect the privacy of our patients and to comply with federal regulations. Encryption protects against unauthorized individuals intercepting these messages. A user will receive a link to a secure website where the user will need to register and log in to the secure website to view encrypted messages.

If a user notices suspicious activity, such as emails seeking personal financial information that appear to be from Rush University System for Health, contact the RUSH web administrator and the Internet Crime Complaint Center.


There are secure forms on the RUSH website for users to request services and information via the internet. Users may need to provide confidential health information to help RUSH fulfill a request. We will use this information only to help us respond to the user's request.

To prevent unauthorized access, maintain data accuracy and ensure the correct use of information, Rush University System for Health has put in place appropriate physical, electronic and administrative procedures to safeguard and secure the information we collect through these online forms. These procedures are consistent with the System's policies, and the laws and regulations of the State of Illinois.

Any personally identifiable information we collect is securely stored within a database. We use standard, industry-wide procedures to protect information we receive from visitors to the website. However, as effective as encryption technology is, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information supplied by visitors to the website will not be intercepted while being transmitted to us over the internet.

Users are prohibited from violating or attempting to violate the security of this website, including, without limitation, (a) accessing data not intended for them or logging onto a server or an account which they are not authorized to access; (b) attempting to probe, scan or test the vulnerability of a system or network, or to breach security or authentication measures without proper authorization; or (c) accessing or using the website or any portion thereof without authorization, in violation of this policy or in violation of applicable law. Violations of system or network security may result in civil or criminal liability.

Online Payments and Third-Party Intermediaries

Rush University System for Health uses processing companies to process credit card transactions. These credit card processing companies do not store, share or use personally identifiable information for any secondary purposes.

The user represents and warrants that if they are making online payments that (i) any credit card, debit card and bank account information the user supplies is true, correct and complete; (ii) the user will pay the charges incurred in the amounts posted; and (iii) the user is the person in whose name the card was issued and is authorized to make a purchase or other transaction with the relevant card and card information.

Rush University System for Health will contact the user if all or any portion of the user's order is canceled, or if additional information is required to accept the user's order. If the user's order is canceled after their credit card (or other payment account) has been charged, RUSH will issue a credit to their credit card (or other applicable payment account) in the amount of the charge.

Legal Proceedings

Though Rush University System for Health makes every effort to preserve user privacy, we may need to disclose personal information when we have a good faith belief that this is necessary to comply with a judicial proceeding, court order, government investigation or legal process served on our website.

Links From This Website

This website contains links to other websites. Rush University System for Health has no authority over third-party websites that a user may link to from this website. Each of these websites maintains its own independent privacy and data collection policies and procedures. The RUSH System is not responsible or liable for these independent methods or actions, nor for the policies or procedures of destination websites. We also do not assume responsibility for the privacy policies or procedures of any website that links users to this website.

Notification of Changes

If our website privacy policy changes, we will post changes at this page to ensure that our users are always aware of the information we collect, how we use it and under what circumstances, if any, we disclose it. We will use information in accordance with the privacy policy under which the information was collected. A user's continued use of this website shall be deemed as acceptance of the modified privacy statement.