Responsible Disclosure

Responsible Disclosure Statement

If you believe you’re aware of a potential security vulnerability, please let us know by emailing our Information Protection & Security team directly at  Information.Protection@hcahealthcare.com. We also maintain an ethics line (1-800-455-1996) to receive concerns about a violation of our Code of Conduct or policies and procedures.

Please review the following prior to submitting:

  • We ask that you work with us to diagnose and correct a vulnerability prior to publicly disclosing it to ensure the safety and wellbeing of our patients and systems.
  • We ask that you refrain from including sensitive information in any submission to us, e.g. patient identifying information, as part of your initial submission to us.
  • We ask that you not perform vulnerability or similar testing on products that are actively in use for public safety reasons.
  • We ask that you not take advantage of any vulnerability you have discovered.

Notice: In the event you share information with us, you agree that the information you submit will be
considered non-proprietary and non-confidential, and that we may use such information in any manner,
without restriction. Furthermore, you agree that submitting information does not create any rights for you or
any obligation for us. As a reminder, your access and use of our Services, which includes any submissions
to us, is governed by our Privacy Policy.

Last Updated: December 10, 2020