Responsible Disclosure Statement

AS OF 6/1/2018

HCA Healthcare Responsible Disclosure Statement

Above all else, HCA Healthcare is committed to the care and improvement of human life. Part of that mission is to protect our patients, people, systems, and facilities.

If you believe you’re aware of a potential security vulnerability, please let us know by emailing our Information Protection & Security team directly at We also maintain an ethics line (1-800-455-1996) to receive concerns about a violation of our Code of Conduct or policies and procedures.

Please review the following prior to submitting:

  • We ask that you work with us to diagnose and correct a vulnerability prior to publically disclosing it to ensure the safety and wellbeing of our patients and systems.
  • We ask that you refrain from including sensitive information in any submission to us, e.g. patient identifying information.
  • We ask that you not perform vulnerability or similar testing on products that are actively in use for public safety reasons.
  • We ask that you not take advantage of any vulnerability you have discovered.

Notice: In the event you share information with us, you agree that the information you submit will be considered non-proprietary and non-confidential, and that we may use such information in any manner, without restriction. Furthermore, you agree that submitting information does not create any rights for you or any obligation for us.

Last Updated: April 2021