Privacy Policy

Utah Department of Health Privacy Policy


The State of Utah (State) is committed to protecting the privacy of those accessing its websites. The purpose of this policy is to inform those accessing State websites about the collection and use of the personally identifiable information of its users.

This privacy policy statement applies to all State executive branch agency websites except those administered by the State Board of Education, the Board of Regents, institutions of higher education, and except as described below in the section called “State Agency Privacy Policies and How They Relate to This Policy.”

HB25 Governmental Internet Information Privacy Act Description

Definition of Personally Identifiable Information (PII)

For the purposes of this policy “personally identifiable information” means any information collected online that could serve to identify an individual, such as:

  • First and last name
  • Physical address
  • E-mail address
  • Telephone number
  • Social Security number
  • Credit card information
  • Account Number
  • Bank account information
  • Any combination of personal information that could be used to determine identity

Collection of Information

The following information may be automatically collected and retained if you look or search through our web pages, or download information:

  • the Internet domain and Internet Protocol (IP) address of the computer you are using to access our site;
  • the type of browser and operating system used to visit our site;
  • the date and time of when you access our site; and
  • which portions of the website you visit.

The data collected serve as part of our statistical analysis about the use of our websites so we may better design online services and improve access to them. We do not attempt to gain personally identifiable information about individual users and associate it with IP addresses. The State does not use the information automatically collected to ascertain your personally identifiable information.

Except where specified, you do not have to provide personally identifiable information to visit or download information from State websites. Unless you choose to make your personally identifiable information available to us, the State does not collect such information from you. The State does not use or place Spyware on your computer. Be aware that government agencies may request personally identifiable information from you in order to perform requested specialized services.

How Personally Identifiable Information is used by the governmental entity

E-mail or other information requests sent to a State website may be saved and used to respond to the request, forward the request to the appropriate agency, communicate updates to the State site that may be of interest to citizens, or provide the State web designer with valuable customer feedback to assist in improving the website.

Any personally identifiable information an individual provides to a State site will be used solely by the State of Utah, its entities, and third party agents with whom it has contracted to perform a state function on its behalf, unless the information is designated as public record by an individual State agency as authorized under Title 63, Chapter 2, 302, 303, 304 of the Utah Code , entitled “Government Records Access and Management Act” (GRAMA), and the State agency’s website provides conspicuous notice that such information is subject to public access.

The Utah Health Code (Title 26 of the Utah Code) provides for collection, use, and disclosure of information in many ways different than provided in the Government Records Access and Management Act. Notable differences can be found in the Vital Statistics Act (Title 26, Chapter 2), the Utah Medical Examiner Act (Title 26, Chapter 4), the Communicable Disease Control Act (Title 26, Chapter 6), the Utah Health Data Authority Act (Title 26, Chapter 33a), and in Title 26, Chapter 3 (dealing with health statistics).

Collection and Use of Information
Children’s Personally Identifiable Information

Except as otherwise permitted by law, the State does not knowingly collect and use or disclose the personally identifiable information of a child under the age of 13.

The Utah Department of Health collects personally identifiable information on children under age thirteen for public health purposes such as to register births and deaths, to assist schools and health care providers to verify immunization status, to pay for health care services provided to Medicaid and Children’s Health Insurance recipients, and to conduct epidemiological studies to improve the public health of the state.

Personally Identifiable Information
Available or Collected from Governmental Websites

Information collected is subject to the access provisions of GRAMA and other applicable sections of the Utah Code, federal regulations, and federal law. Consequently, certain communications may be subject to public disclosure. However, in these instances you will be notified on either the portal or on the agency website under the conditions described below in “State Agency Privacy Policies and How They Relate to This Policy.”

All records that are prepared, owned, received, or retained by a governmental entity that may be reproduced by certain means are considered public, unless they are private, controlled or protected as outlined in Sections 63-2-302, 63-2-303, and 63-2-304 of the Utah Code, or are records to which access is restricted according to court rule, other State law, federal law, or federal regulation. Information that is generally considered public record under GRAMA – and not made confidential elsewhere in the Utah Code or by federal law – may be subject to electronic access through websites.

PII is used by the governmental entities for the purpose of conducting official state business. A governmental entity may share PII with another governmental entity if it is designated as a record that is private, controlled, or protected as described in Section 63-2-206 unless such data sharing is expressly prohibited, authorized or required by federal law, state law, or federal regulation. In some instances a Governor’s directive or executive order may limit or prohibit data sharing even though Section 63-2-206 may permit such data sharing.

Data Security and Quality

The State of Utah is committed to data security and the data integrity of personally identifiable information available from or collected by State government websites. The State has taken precautions to protect personally identifiable information from loss, misuse, or alteration. Any authorized third parties responsible for this information are committed to the same principles, and are required by contract to follow the same policies and guidelines as the State of Utah in protecting this information. Visitors should be aware, however, that even though protections are in place, the State cannot guarantee against the occurrence of hardware failure, unauthorized intrusion or other technical problems.

Procedures for Access by the User to View or Correct Personally Identifiable Information

Unless otherwise prohibited by State law, federal law, or federal regulation, an individual may access and correct personally identifiable information whether or not the inaccuracy was created by accident, unauthorized access, or a change in circumstances. The State also reserves the right to use any legally appropriate measures to prevent, monitor, and investigate any attempt to deface, delete or otherwise tamper with or abuse a State website, server, database, information system or other State technology asset. For a description of the individual processes used by agencies to view or correct PII please use’s “Live Help” section. See also “Security Measures” section.

In some circumstances and for some databases, the Utah Department of Health does not allow the individual to access or correct personally identifiable information. In some of those circumstances, the Utah Department of Health will alter information if allowed by statute or required by court order. Examples include epidemiological information, Medicaid billing information, regulatory enforcement information, and vital records information.

State Agency Privacy Policies and How They Relate to This Policy

A privacy policy issued by a State agency for its website may provide additional detail to, but not conflict with, this privacy policy, except as required by an applicable State law, federal law, or federal regulation. Any State agency or organization who collects or uses personally identifiable information in a manner inconsistent with this policy as a result of an applicable State law, federal law, or federal regulation, will adopt and issue a privacy policy of its own. The privacy policy it issues shall describe how its collection and use of personally identifiable information differs from the State’s practices as set forth in this policy. The agency’s privacy policy will be conspicuously posted for your review. The privacy policy issued by the agency or organization will apply to its own website. In addition to this policy, we also recommend that you refer to the applicable agency privacy policy to obtain a description about how your personal information is collected and used or contact or Live Help.

An agency may not substitute its own privacy policy for this policy, unless a state law, federal regulation or federal statute requires an agency to treat personally identifiable information in a way that is inconsistent with this policy. In this case, an agency may opt-out of the specific provision of this policy which conflicts with the state statute, federal regulation or federal statute. If that occurs, the remainder of the provisions of this policy shall apply to the agency.

A full description of how agencies are to inform you if your personal information is treated any differently than as described in this policy is provided in R365-5-1 et seq. of the Utah Administrative Code, which governs the actions of state agencies.

The collection, use, and dissemination of some information is without the individual’s permission.

Non-State Websites

Visitors may link to various websites from State web pages. The State is not responsible for the privacy practices or content of external sites. Many of these sites, particularly those in the private sector, may not be subject to GRAMA, other sections of the Utah Code, or federal law. Those visiting external sites are advised to check the applicable privacy statement and be cautious about providing personally identifiable information without a clear understanding of how the information will be used.

Changes to and Versions of the Privacy Policy

This privacy policy may be changed at any time; any changes will be posted on this web page. The version number and date the policy was last revised will be noted on the policy. Information collected while a particular version of this policy is in effect will be handled in accordance with that version. The previous version of this policy was titled and dated: Privacy Policy Statement for State of Utah Websites, Version 3.0, April 30, 2004.

If you have questions, comments, or concerns, please contact us by calling 801-538-6003.