Last Updated: September 26, 2024

MSK MyChart is operated by Memorial Sloan Kettering Cancer Center (“MSK,” “we”, “our” or “us”). MSK is committed to the individual privacy of every user (defined below) of MSK MyChart.  

By providing your Personal Data to MSK or otherwise using MSK MyChart, you understand that we may collect, use, and disclose your information as described in this MSK MyChart Privacy Policy (this “Privacy Policy”).  This Privacy Policy is not a contract and does not create any contractual rights or obligations.

Information collected from Patients (defined below) through MSK MyChart is Protected Health Information (defined below) that may be used and disclosed as further described in our Notice of Privacy Practices (HIPAA). If there is a conflict or inconsistency in how we describe our use or disclosure of Protected Health Information between this Privacy Policy and the Notice of Privacy Practices (HIPAA), we will follow the Notice of Privacy Practices (HIPAA).

Please use these links to jump to any portion of this Privacy Policy that interests you or scroll down to read along.

What this Policy Covers

This Privacy Policy describes how we collect, use, and disclose the Personal Data (defined below) that we collect or receive through MSK MyChart. When we say “MSK MyChart” we mean collectively:

• The MSK MyChart website;
• The MSK MyChart mobile application (“App”);
• The MSK MyChart Bedside website and mobile application (together, “MSK MyChart Bedside”); and
• Any other webpages or mobile applications that link to this Privacy Policy.

MSK MyChart is made available to MSK Patients or any Proxy account users (defined below) designated by an MSK Patient, as well as to users of certain Other Applications (defined below) that link to or use MSK MyChart as an identity verification solution.  MSK MyChart is also offered as a service to Patients of Memorial Medical Care, P.C. (“MMC”) and any Proxy account users they designate.  Any information collected from MSK or MMC Patients or Proxy account users through MSK MyChart will be used and disclosed in accordance with this Privacy Policy.  All users of MSK MyChart described above are collectively referred to in this Privacy Policy as “users”.

The Information We Collect and Use

Patient medical records include patient health information known as Protected Health Information (“PHI”), which is regulated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI includes certain information that is (a) created or received by a health care provider and relates to an individual’s past, present, or future physical or mental health or condition, health care provided to an individual, or the past, present, or future payment for health care provided to an individual; and (b) that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.  Please review our Notice of Privacy Practices (HIPAA) for information on how we may use and disclose your PHI.

When we use the term “Personal Data” we mean information that we directly associate with a specific person, or that we can reasonably use to identify a specific person such as a name or email address.  Any Personal Data we collect through MSK MyChart that is also PHI will be handled as further described in our Notice of Privacy Practices (HIPAA). We collect and use Personal Data and PHI through your use of MSK MyChart in the following ways:

1. Personal Data You Provide to Us

We collect Personal Data when you choose to share that information with us, including in the following ways.

All MSK MyChart Users:

• When you set up an MSK MyChart account, you will be asked to submit Personal Data which could include your name, mailing address, email address, phone number, date of birth, legal sex, and social security number.  We use this information to set up and administer your MSK MyChart account.
• We may collect information and use it to manage how we communicate with you. For example, we may use your email address to alert you that you have a message waiting in MSK MyChart.

Patient Users:

• If you are a registered MSK or MMC patient (“Patient”) setting up your MSK MyChart account, you may also be asked to provide other Personal Data such as your enrollment ID number, medical record number, and emergency contact information.
• Patients may choose to invite other people to access their MSK MyChart account.  This is called a “Proxy account”.  As a Patient, if you invite someone to set up a Proxy account, you can decide to give the Proxy user full access to your MSK MyChart, or you can limit their access to either clinical access only or scheduling/messaging access only. You can learn more about these access options in MSK MyChart. You can change your mind at any time. When you invite a user to create a Proxy account, you may be asked to provide other Personal Data such as the Proxy account user’s name and email address.

Proxy Account Users:

• If you are registering for a Proxy account, when you set up an MSK MyChart account, you will be asked to provide Personal Data about yourself, including your name, mailing address, email address, phone number, date of birth, legal sex, and social security number. You may also be asked to provide other Personal Data such as the Patient’s name, date of birth, legal sex, Patient’s relationship to you. If you were not invited by a Patient to create a Proxy account, you may request a Proxy account subject to the consent or approval of the Patient or MSK, as required by law.       

Patient and Proxy Account Users

• When a Patient or Proxy account user sends a message to the Patient’s health care providers or other MSK staff through MSK MyChart, we collect the content of the message and the metadata associated with the message. We use this information to respond to your messages and to manage the Patient’s care.
• When a Patient or Proxy account user books appointments for the Patient through MSK MyChart, we collect information about the Patient’s contact information, health care professional and appointment confirmation, which we use to facilitate scheduling the appointment and to send appointment reminders.
• When a Patient or Proxy account user orders prescription refills through MSK MyChart we collect information about the Patient’s medication, contact information and preferred pharmacy, which we use to facilitate the prescription renewal request.
• When a Patient or Proxy account user pays medical bills through MSK MyChart we will collect payment card information, billing information, and contact information, which we use to fulfill your payment, complete your transaction and deliver an invoice to you.
• Patients admitted to MSK for inpatient care and their authorized Proxy account users may be granted access to MSK MyChart Bedside, a specialized portal with additional features and functions related to an in-patient stay, such as real-time access to information on the Patient’s lab test results, medications, and treatment plans.  MSK MyChart Bedside users may also order meals, play games, or send messages to the Patient’s healthcare providers while they are in the hospital. When a Patient or Proxy account user uses MSK MyChart Bedside, we collect information about the Patient’s health, dietary preferences, medications, test results, and the content of any messages users send to the Patient’s health care providers and any metadata associated with the messages.   We use this information to provide you the services available through MSK MyChart Bedside, to respond to your messages and to manage the Patient’s care.

Users Accessing MSK MyChart to Sign into Other Applications:

MSK allows users to access certain other applications outside of MSK MyChart (“Other Applications”), which may be owned by MSK or a third party.  MSK uses MSK MyChart to verify your identity and connect you to those Other Applications. For example, you may be asked to use MSK MyChart to verify your identity if you use an Other Application as part of an MSK research study or use the MSK Remote Monitoring Application to connect to a wearable device such as a fitness tracker or heart rate monitor.

If you use MSK MyChart to register for or access an Other Application, MSK will use the information you provide to create your MSK MyChart account, such as your name, mailing address, email address, phone number, date of birth, legal sex, and social security number, to verify your identity and connect you to the Other Application.

Some Other Applications may be governed by their own terms and conditions and may collect and use Personal Data differently from MSK MyChart.  You may be required to accept or acknowledge the Other Application’s terms of use and privacy policy.     

2. Information We Collect Automatically

We use certain technologies on MSK MyChart to automatically collect information during your use of MSK MyChart (“Other Information”).  If we associate Other Information with Personal Data, we will treat the combined information as Personal Data in accordance with this Privacy Policy.

The technologies we use to collect Personal Data and other information include the following:

• Web Log File Data.  Like most other websites or mobile applications, we collect some basic information automatically about you and store it in log files.  This information may include IP address, browser type, internet service provider, pages you visit from and pages you go to after leaving MSK MyChart, pages you visit on MSK MyChart, date and time stamp, and clickstream data.  We use this information for MSK MyChart management and administration, to improve the content, overall performance and user experience on MSK MyChart, for fraud protection and for protecting our rights.
• Data from Cookies and Other Data Collection Technologies.  We and our service providers use cookies, web beacons and similar technologies to manage MSK MyChart and to collect information about you when you use MSK MyChart.  These technologies help us to recognize you, analyze your use of MSK MyChart and identify solutions for how to make MSK MyChart more useful.  These technologies also allow us to enhance the usability of MSK MyChart by aggregating demographic and statistical data and providing this information to our service providers.
• Information for Analytics.   We use analytics providers to help us track certain information about your activity in MSK MyChart, and to evaluate and measure the use and performance of MSK MyChart.  We may combine this information with other information we have about you to help us improve MSK MyChart and our service to you. 

Please see more information on analytics and data collection technologies and the choices you can make in the “Your Choices” section of this Privacy Policy.

3. Additional Uses of Personal Data

In addition to the uses described above, we may, consistent with our other legal obligations, use your Personal Data for the following purposes:

• Maintaining, delivering and improving MSK MyChart and our services;
• Contacting you to respond to your requests or inquiries and provide support;
• Send you technical notices, updates, security alerts and support and administrative messages;
• Contacting you about programs, products, or services that we believe may be of interest to you, new service announcements, or event invitations;
• Developing new resources and services;
• Conducting, managing and growing our business operations;
• Analyzing Patient experience as well as provider and hospital performance;
• Preventing, investigating and providing notice of fraud, unlawful or criminal activity or unauthorized access to or use of Personal Data, MSK MyChart or our data systems, or to meet legal obligations;
• Investigating and resolving disputes and security issues and enforcing our MSK MyChart Terms and Conditions; and
• Carrying out any other purpose for which the information was collected.

We also may use aggregated or de-identified information, which cannot reasonably be used to identify you. Once de-identified and aggregated so that data does not personally identify you (for example, we may aggregate data in order to improve our automation and improve care), it is no longer Personal Data. Such de-identified or aggregated information which does not identify individuals is not subject to this Privacy Policy.

How We Disclose Personal Data

We may disclose Personal Data collected through MSK MyChart as described in the sections above, for the reason(s) provided to you at the time we collect it, with your authorization or consent, and in the following ways:

• Patients and Proxy Account Users. If a Patient chooses to give other people access to their MSK MyChart account as Proxy account users, the Proxy account users can, depending on their access permissions as selected by the Patient, view certain parts of the Patient’s medical record that are available through MSK MyChart, such as the Patient’s treatment, test results, diagnostic and billing information, as well as other information available in the Patient’s MSK MyChart account.
• Third-Party Service Providers. We may disclose Personal Data to vendors who perform services on our behalf, including, but not limited to helping us manage MSK MyChart and your medical records, manage our communication channels and conduct analytics, providers involved in hosting and monitoring MSK MyChart, payment processors, and pharmacy providers.  Vendors with whom we share your Personal Information that is PHI are called business associates.  We will have a written contract with these business associates that makes sure they also protect the privacy of your Personal Information. MSK MyChart is developed by Epic Systems Corporation; please refer to Epic’s Mobile Application Privacy Policy for Patients for more detailed information about the limited ways they may interact with your information to make your use of MSK MyChart possible.
• Affiliates.  We may disclose Personal Data between and among MSK and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership.  For example, MSK and MMC participate in an Organized Health Care Arrangement (OHCA), which allows MSK and MMC to share Personal Data collected in MSK MyChart with each other to carry out treatment, payment, and joint health care operations activities that relate to the OHCA.
• Legal Process, Safety and Terms Enforcement.  We may disclose your Personal Data to legal or government regulatory authorities in response to a search warrant, subpoena, court order or other request for such information or to assist in investigations.  We may also disclose your Personal Data to third parties in connection with claims, disputes or litigation, when otherwise required by law, if we determine such disclosure is necessary to protect the health and safety of us or our users or to enforce our legal rights or contractual commitments that users have made.
• Business Transfers. We may disclose Personal Data as a part of a corporate business transaction, such as a merger, acquisition, reorganization, divestiture, dissolution, joint venture or financing, bankruptcy or sale of all or a portion of our assets.

Security

We seek to use reasonable physical, technical, and administrative measures designed to protect Personal Data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us as described in the “Contact Us” section below.   

Links to Other Websites or Mobile Applications

MSK MyChart may contain links to websites or mobile applications owned and operated by third parties.  Other websites may also reference or link to our MSK MyChart. These other web sites are not controlled by MSK. A link to a third party’s website or mobile application does not imply an endorsement of that website’s or mobile application’s content or services.  This Privacy Policy does not apply to, and we are not responsible for, the privacy practices of third-party websites or mobile applications that are not owned by us.  We encourage you to read privacy statements of any third-party websites or mobile applications to learn about their information practices. Visiting these other websites and mobile applications is at your own risk.

How we Respond to “Do Not Track” Signals

Some web browsers have “Do Not Track” or similar features that allow you to tell each website you visit that you do not want your activities on that website tracked. At present, MSK MyChart does not respond to “Do Not Track” signals and consequently, MSK MyChart will continue to collect information about you even if your browser’s “Do Not Track” feature is activated.

Notices to Individuals Located Outside of the United States

1. Notice to Individuals Located in the United Kingdom, European Economic Area, and Switzerland

This Privacy Policy describes ways in which you may provide information to MSK using MSK MyChart.  Personal Data about individuals located in the European Economic Area, United Kingdom, or Switzerland (generally referred to here as the “EU”) are subject to special protections under EU law when the processing of those data are within the scope of the European Union’s General Data Protection Regulation (EU Regulation 2016/679), its incorporation into the laws of England and Wales, Scotland, and Northern Ireland by virtue of the UK European Union (Withdrawal) Act 2018 and/or the Swiss Federal Act on Data Protection, as applicable (together, the “GDPR”).  This Notice to Individuals Located in the United Kingdom, European Economic Area, and Switzerland (the “GDPR MSK MyChart Notice”) applies to MSK’s processing of Personal Data that is within the scope of the GDPR, which we call collectively the “GDPR Processing Activities.”  This GDPR MSK MyChart Notice applies only to GDPR Processing Activities involving Personal Data collected through MSK MyChart.  When you use MSK MyChart to transfer your Personal Data to MSK in the United States for GDPR Processing Activities, MSK is a controller of this Personal Data.

Please be aware that if you use MSK MyChart to transfer your Personal Data to MSK in order to seek care at an MSK facility or a second opinion at MSK, you will be provided a copy of our GDPR Patient Notice and our Notice of Privacy Practices (HIPAA), which will govern our use of protected health information.  The GDPR MSK MyChart Notice will not apply to MSK’s use of such information.

We rely on separate and overlapping bases to process your Personal Data lawfully.  MSK will use the Personal Data provided through or collected on MSK MyChart only for the purposes described in this Privacy Policy.   MSK’s legal bases for processing your Personal Data include providing you with the information or services that you have requested, protecting your vital interests, furthering our legitimate interests, and your consent, if applicable.  When we process special categories of Personal Data, including data concerning your health, our legal bases for processing such data include protecting your vital interests, furnishing a medical diagnosis, performing preventive or occupational medicine or assessment of the working capacity of our workforce, carrying out our obligations under employment or social protection laws, and your consent, if applicable.  Legitimate interests that we rely on in processing your Personal Data include (i) improving and customizing MSK MyChart for you, (ii) understanding how MSK MyChart is being used, (iii) exploring ways to develop and grow our operations, (iv) ensuring the safety and security of MSK MyChart, and (v) enhancing protection against fraud, spam, harassment, intellectual property infringement, crime and security risks.  Without the ability to collect and process your Personal Data, MSK would not be able to achieve those interests.  We may also use your Personal Data for purposes, including scientific research if applicable, that are compatible with the purposes for which such data were initially collected.

If our processing is based solely on consent, you have the right to withdraw your consent.

You may withdraw your consent by contacting us as set forth in the “Contact Us” section below.  Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent, if we have a legal basis to do so.  For example, we may retain certain information if we need to do so to comply with an independent legal obligation, or if it is necessary to do so to pursue our legitimate interest in keeping MSK MyChart safe and secure, or if deleting the information would undermine the integrity of a research study in which you are enrolled.

MSK is located in the United States.  When you enter your Personal Data through MSK MyChart, the data is being transferred to, stored, and processed in the United States, and could be transferred to, stored and processed in another country outside of the EU.  Please be aware that the appropriate EU government authorities have not found the United States, and possibly other countries to which your Personal Data may be transferred, to provide adequate safeguards for the protection of Personal Data.  However, MSK will take steps to maintain the privacy of your Personal Data as described in this Privacy Policy.  If MSK transfers your Personal Data outside the EU, we will do so in reliance on mechanisms recognized under the GDPR.  This includes (i) transferring your Personal Data to countries that appropriate EU government authorities have determined to provide adequate data protection, (ii) obtaining your consent to transfer your Personal Data outside the EU after first informing you about the possible risks of such a transfer, (iii) transferring your information outside the EU if the transfer is necessary to the performance of a contract between you and MSK, including to provide treatment to you, or if the transfer is necessary to the performance of a contract between your physician or other health care provider located in the EU, and the contract was entered into in your interest, (iv) transferring your information outside the EU if necessary to establish, exercise or defend legal claims, or (v) transferring your Personal Data outside the EU to protect your vital interests.

We will retain your Personal Data for as long as is necessary for the purposes set out in this Privacy Policy (for example, if you have an account, for as long as your account is active), subject to your right, under certain circumstances, to have certain of your Personal Data erased, as discussed in the next paragraph, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights.

If your Personal Data is processed for GDPR Processing Activities, you have the right to (1) see Personal Data that MSK holds about you and receive any details required to be provided to you under applicable law, (2) correct or update your Personal Data, if inaccurate, (3) limit collection and use of your Personal Data under certain circumstances (for example, if you think it is inaccurate), (4) receive your Personal Data in an electronic format as required by law, except Personal Data that has been used for public interest purposes or for MSK’s required legal obligations, (5) request deletion of your Personal Data, subject to MSK’s need to keep such data to comply with legal requirements, for purposes of public health or to preserve the integrity of a research study, or to allow MSK to defend itself from legal claims, and (6) file a complaint with a data protection authority (see this link).  If you have questions about the processing of your Personal Data or rights associated with your Personal Data, see the section “Contact Us” below.

2. Notice to Individuals Located in the People’s Republic of China

Individuals located in the People’s Republic of China are afforded certain protections where the handling of their Personal Data is within the scope of the Personal Information Protection Law of the People’s Republic of China (the “PIPL”).

This notice applies to MSK’s processing of Personal Data that is within the scope of the PIPL, and describes how the information that you transmit to MSK via MSK MyChart will be used by MSK. If you travel to the United States to receive treatment, this notice will not apply to the health care information collected or generated about you at MSK. Instead, you will receive a separate notice that describes how such information will be treated by MSK under U.S. federal and state law.

In this notice, Personal Data shall have the same meaning as “Personal Information” under the PIPL.  Personal Data includes information that relates to you, including but not limited to your name, address, and demographic information.  Personal Data also includes “Sensitive Personal Data”, which is Personal Data that is specially protected under the PIPL. Sensitive Personal Data includes but is not limited to information about your past and present medical health, biometric characteristics, religious beliefs, specially-designated status, and your financial accounts, as well as the Personal Data of minors under the age of 14.

MSK is a Handler of your Personal Data for the purposes of the PIPL.

Description of Personal Data Handling

MSK will handle your Personal Data for the following purposes:

• To diagnose your condition.
• To provide treatment to you and/or a medical opinion to you and/or your health care provider in your country.
• To follow-up with you and/or your health care provider in your country before, during, or after your treatment or medical opinion is provided.
• To seek payment from you or a third-party (such as an insurance company or national health benefits program) making payment on your behalf.
• To comply with MSK’s statutory duties, responsibilities, and obligations, including responding to requests of regulatory agencies.
• To establish and defend against legal claims.
• To support MSK’s business and institutional interests (for example, conducting quality assurance and improvement activities and managing MSK’s business operations).
• To respond to your questions and/or your requests to exercise your rights over your Personal Data as provided by the PIPL.
• If you are a Proxy account user, to allow you to register a Proxy account and monitor parts of the medical record of the Patient who granted you access to their MSK MyChart account.

In order to achieve the purpose for which MSK will handle your Personal Data, MSK will handle the following categories of Personal Data and Sensitive Personal Data:

• Basic personal information, such as your name, date of birth, gender, family relation, address, personal phone number, or email.
• Personal identity information, such as your ID number, passport, or resident certificate.
• Physiological and health information, including records generated in connection with your medical treatment, such as pathological information, hospitalization records, physician’s instructions, test reports, surgical and anesthesia records, nursing records, medication administration records, drug and food allergy, fertility information, medical history, diagnosis and treatment, family illness history, history of present illness, and history of infection, and personal health information such as weight and height.
• Personal property information, such as financial information or insurance information.
• Other information, such as emergency contacts.
• Employees or contractors of MSK, such as physicians, pharmacists, nurses, administrative staff and other members of the MSK workforce, who are involved in your treatment or rendering a medical opinion to you, or who act in furtherance of MSK’s business and institutional interests.

MSK will retain your Personal Data for the period necessary to fulfill the purposes outlined in this notice, unless a different retention period is required or permitted by law.

In order to achieve the above purposes, MSK will use various handling methods, including by collecting your Personal Data from you, your health care providers, and others involved in your medical treatment through email, secure web forms, physical mail, and/or digital portals designed to facilitate healthcare services.  Once MSK receives your Personal Data, MSK will store your Personal Data in a data center owned by MSK, as well as in platforms owned by MSK or provided by entrusted persons designed to store and/or handle health data, such as an electronic medical record system and radiology imaging platform.

The following types of persons and entities at, or affiliated with, MSK, will handle your Personal Data in order to achieve the purposes outlined in this notice:

• Contractors, vendors, collaborating entities and other entrusted persons that provide services to MSK in support of MSK’s medical services to you or in furtherance of MSK’s business and institutional interests.

Sensitive Personal Data

In order to fulfil the purposes of the Personal Data handling described in this notice, it will be necessary for MSK to handle the categories of your Sensitive Personal Data described in the section above. Without handling your Sensitive Personal Data, MSK would not be able to provide you with medical services or operate its business, as your Sensitive Personal Data is required for MSK to perform necessary actions such as diagnosing your medical condition, providing treatment or medical opinions to you, seeking payment for services, or allowing you to exercise your rights provided by the PIPL.

The handling of your Sensitive Personal Data by MSK may influence your rights and interests in various ways, some of which may not be knowable by you or MSK at the time your Personal Data is handled by MSK. However, your rights and interests may be influenced as follows:

• You may receive medical services intended to benefit your health and well-being, including a diagnosis, medical opinion, or treatment provided to your or your healthcare provider in your country.
• As Sensitive Personal Data is Personal Data that, according to the PIPL, is considered information that may cause harm to your dignity or grave harm to your personal or property security if leaked or illegally used, there is inherently a heightened risk to individuals whenever their Sensitive Personal Data is handled.  However, MSK has various measures in place intended to mitigate or eliminate risks to your Sensitive Personal Data, including but not limited to: information security and access management programs and a staff data privacy training program.

Your Rights Provided in the Law

You have certain rights with respect to your Personal Data as provided in the PIPL, including as follows:

• You have the right to consult or copy Personal Data that MSK holds about you.
• You have the right request that your Personal Data be transferred to another Personal Data Handler. If you make this request, MSK will transfer your Personal Data or provide a channel through which you may transfer your Personal Data.
• You have the right to correct or update your Personal Data if it is inaccurate.
• You have the right to limit or refuse the collection and use of your Personal Data unless laws or administrative regulations stipulate otherwise.
• If information handling is based on your consent, you have the right to rescind consent.
• You have the right to request the deletion of your Personal Data.  However, there are limits on your ability to request deletion of your Personal Data. For example, MSK may keep and use some or all of your Personal Data if necessary to comply with legal requirements (for example, legal and regulatory obligations related to the maintenance of medical records at MSK), or where the deletion of your Personal Data is technically hard to realize, in which case MSK shall cease handling your Personal Data except for storage and shall take necessary security protective measures.

If you have questions about the processing of your Personal Data or rights associated with your Personal Data, see the section “Contact Us” below.

Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy at any time. If we make changes, we will notify you by revising the “Last Updated” date at the top of this Privacy Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). Therefore, please check this Privacy Policy periodically for updates and to stay informed about our information practices.

Your Choices

Account Information

You may request that we update, correct or delete information about you in MSK MyChart, or close your MSK MyChart account at any time by contacting us as described in the “Contact Us” section below.  Please note that even if you close your account, we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.

Requests to update, correct or delete information about you in MSK MyChart will only apply to your MSK MyChart account, and will not result in changes to your health information in your medical record. If you would like to ask us to correct or amend health information about you in your medical record, please contact our Health Information Management department at 646-227-2089.  Please review our Notice of Privacy Practices (HIPAA) for information related to your health information.

Native Applications, Push Notifications, and other Interactive Features

MSK MyChart may interact with your Personal Data to provide certain features, such as video visits or mobile appointment check-in. The first time you try to use any of these features, we will ask for your consent within MSK MyChart and will only allow you to use a feature if you give consent. You do not have to provide consent if you do not want to allow MSK MyChart to interact with your data as requested. 

MSK MyChart may also offer other location-based services, such as check-in for in-person appointments or allowing you to find healthcare providers near you. The first time you try to use any features that use your location, we will ask for your consent within MSK MyChart and will only access your location if you give consent. You do not have to provide consent if you do not want to allow MSK MyChart to use your location. We do not store your location data.

Some features of MSK MyChart may require access to certain native applications on your device, such as the camera, microphone, Bluetooth, photo/media/files storage applications (e.g., to take and upload photos and videos). If you decide to use these features, we will ask you for your consent prior to accessing the native applications on your device and collecting information. Note that you can revoke your consent at any time by changing the settings on your device.

With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device or within MSK MyChart.

Cookies and Analytics Tools

Most browsers allow you to turn off certain cookies if you do not want your preferences tracked.  However, your cookie feature on your browser must be turned “on” so you can use MSK MyChart. The “help” menu on most internet browsers contains information on how to control cookies, or you can visit www.aboutcookies.org/how-to-control-cookies/.

Contact Us

If you need technical assistance with MSK MyChart or have any other questions about using MSK MyChart, you may go to the Message Center section within MyChart and select “ask a customer service question.”  You may also contact the MSK MyChart Help Desk by calling 1(800) 248-0593 or 1(646) 227-2593.

To ask questions about the Privacy Policy or other privacy-related matters, you may contact our Privacy Office in the following ways:

Mailing Address

Privacy Office
Memorial Sloan Kettering Cancer Center
633 Third Avenue
New York, NY 10017

Telephone

646-227-2056

Email

[email protected]

If you are in the European Union, you may address GDPR-related inquiries to our EU representative at:

EU-REP.Global GmbH

Attn: MSKCC

Hopfenstr. 1d, 24114 Kiel, Germany

[email protected]

If you are in the United Kingdom, you may address UK GDPR privacy-related inquiries to our UK representative at:

DP Data Protection Services UK Ltd.

Attn: MSKCC

16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

[email protected]