Version 2.0. Last Revised: 05/04/2015
We are firmly committed to protecting the confidentiality and security of your Personal Information. The term “Personal Information” means any information which can be used to identify a person including by way of example, but not limitation, name, date of birth, mailing address, social media and other third party platform account identifiers, home phone number, mobile phone number, e-mail address, credit card information, and/or Social Security number. “Protected Health Information” means any information of a person related to health or medical status, including, by way of example, but not limitation, names of doctors, health conditions, medicines, and/or prescription information and history, paired with Personal Information.
COLLECTION AND USE OF NON-PERSONAL INFORMATION
How We Collect Non-Personal Information
General Tracking Information
When you visit the Site, and during your interactions with the Site, we may collect Non-Personal Information from you. "Non-Personal Information" means a data element or collection of data elements that by itself cannot ordinarily be associated with a specific individual. Non-Personal Information includes by way of example but not limitation, the Internet browser or computer operating system you are using, your navigation of the Site including the pages of the Site that you access, the amount of time spent on various portions of the Site, the length and dates of your visits to the Site, and certain Site data captured through your interactions with the Site. Non-Personal Information may include information provided by you through the Site or otherwise (e.g., through a third-party site) that is not Personal Information. Non-Personal Information may be collected on an aggregated, anonymous basis through web server logs, cookies, ad servers, tracking pixels, web beacons, and similar Internet tracking devices (collectively “Tracking Mechanisms”). Web servers automatically collect Non-Personal Information when you request pages of the Site or other sites. Based on certain interactions with the Site, mailings, and third-party sites, and other communications with us, certain Non-Personal Information may be associated with your Personal Information such that your Non-Personal Information is identifiable with you. You may be able to opt-out of certain third-party associations by following customization and/or opt-out options as described below.
How We Use Non-Personal Information
The collected Non-Personal Information may be used by us and our affiliated companies for a variety of analytic and developmental purposes including to improve and enhance the Site and our products and services, to create new products and services, to customize your experience on the Site and other sites that you visit on the Internet, and to identify and/or offer products, services and website functionality that may be of interest to you.
We may use different kinds of cookies including session ID cookies and persistent cookies. Session ID cookies are used to personalize your user experience, to determine ways to improve the Site, Site content, and the services offered through the Site. These cookies are deleted from your hard drive when you close your browser session. Persistent cookies are used to collect non-personally identifiable information such as Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, platform type, date/time stamp and number of clicks.
You may set your browser to accept cookies, warn you when a cookie is sent, or turn off all cookies (except Flash cookies). Check your browser’s help menu or your mobile device settings to find out how. Some mobile devices store cookies not only in areas connected to the browsers but also in an app-specific area, so you may have to check your app settings options to determine how to manage or delete cookies stored in these other areas. If you do not accept cookies, some features, services, or activities available through the Site may not function correctly and you may be unable to access certain content.
We may embed tracking pixels within various pages of the Site to enable use of site analytics. The site analytics enable us to determine the usage frequency of various areas of the Site and identify areas of the Site for enhancement. While you are visiting and after you leave the Site, we may use web beacons to notify you of areas of the Site and other aspects of our organization and its affiliated companies in which you may be interested. Certain tracking pixels and web beacons may be cleared or reset through configuration of your web browser such as by clearing your cache. We may use ad servers to provide you with offers of possible interest.
We use your IP address so that we can send data (such as the pages you request) to you and collect Non-Personal Information during the process. We aggregate this Non-Personal Information with similar Non-Personal Information collected from other users to track overall visitor traffic patterns and help us understand Site usage and preferred and most frequently used pages, products and services, to provide you with better service, to improve Site use and functionality, and to provide you with information on other products and services that may be of interest to you.
We may analyze Non-Personal Information in the aggregate to study outcomes, costs, and provider profiles, and to suggest benefit designs for employers or health plans. These studies may generate Aggregate Data (described below) which we may utilize for a variety of purposes.
We may perform statistical analyses of the traffic patterns, Site usage, and behaviors associated with the Site. We may use these analyses to generate Aggregate Data from the original Non-Personal Information. “Aggregate Data” is summary level data, such as the number of web visitors in a specific geographic area. Aggregate Data does not contain information that can be used to identify or contact you, such as your name, address, telephone number or e-mail address, and does not reflect the original form of the Non-Personal Information collected from you.
We may use third parties to (a) operate and maintain the server(s) on which the Site operates, (b) provide Tracking Mechanism(s) that we embed in or use with the Site, (c) provide advertisements and other information to you about the Site, products, and services through a third-party site based on a prior visit to the Site, (d) analyze communications with us and interactions with the Site, (e) de-identify data, and (f) collect Non-Personal Information from you (e.g., on your interactions and/or experience with the Site and/or us). The third party may then share the Non-Personal Information, Aggregate Data, and/or other data with us.
We may disclose Non-Personal Information to third parties as follows:
- We may share Non-Personal Information with our affiliated companies and third parties who provide services to us.
- We may disclose Aggregate Data to other companies or organizations for any legitimate business purpose.
- We may disclose products and services developed using the Non-Personal Information, including products and services that disclose anonymous and/or deidentified Site data for any legitimate business purpose.
- We will not sell your Non-Personal Information to other companies or organizations.
Some of the third parties, such as Google®, Twitter®, and LinkedIn® may provide customization and/or opt-out of certain Tracking Mechanisms through their respective sites. For example, Google's Ads Settings, DoubleClick opt-out page, Twitter’s promoted content settings, LinkedIn account settings, and Network Advertising Initiative opt-out page may limit the collection and usage of certain third-party Tracking Mechanisms.
COLLECTION AND USE OF PERSONAL INFORMATION AND HEALTH-RELATED PERSONAL INFORMATION
How We Collect Your Personal Information
Ask a Question
You may submit fertility-related questions to us through our indicated feature on the Site. When submitted, a healthcare provider will review your questions and provide a response. While we strive to answer most questions in 24 hours, we may be unable to do so in a variety of circumstances. We collect a limited amount of Personal Information and Protected Health Information to enable us to respond to your questions and provide certain information to you. We may also further communicate with you when you have so specified, or in case of emergency or when required to do so by law. If you are having a medical emergency, contact your doctor or emergency services (e.g., dial 9-1-1).
Our responses are typically provided through an unsecure communication channel such as e-mail. In certain circumstances, we may contact you by telephone (e.g., to answer your question or in case of emergency). By submitting questions through our feature, you agree to accept our responses through an unsecure communication channel or other available communication channel.
When you communicate with us through social media, or provide a comment directed as us through social media, we may use social media to communicate with you. We may also promote content of interest to you through social media. You may opt out or configure your social media account settings to limit promotion of such content. No Protected Health Information will be used to promote content or shared with a social media provider in making such communications to you.
We may use certain in-house or third-party functionality to analyze your communications with us and interactions with the Site. These third parties will be required to protect any Personal Information in accordance with this Policy. Third parties will not capture, be provided with access to, nor utilize Protected Health Information as part of their analysis. Other analytics capabilities are reflected above in the description of Non-Personal Information.
How We Use Your Personal Information and Protected Health Information
- We will process and send you orders you have placed through our pharmacy.
- We may use Personal Information received through the fertility-related questions feature to respond to your questions or, when specified, to further communicate with you.
- We may share your Personal Information with other Express Scripts companies (i.e., entities which are controlling, controlled by, or under common control with Express Scripts) to provide you with more personalized and enhanced services.
- We may disclose your Personal Information to relevant third parties such as state and federal regulatory agencies, site technicians, auditors, lawyers, or other professional advisors.
- We may communicate with you via e-mail, facsimile, letter, text message, mobile application, and similar mechanisms.
- We may use third-party agents for purposes of communicating with you and/or collecting information from you.
- Statements here and elsewhere on the Site concerning the treatment of your Personal Information may not apply with respect to information already in our possession.
In certain circumstances, we may be legally compelled to release your Personal Information or Protected Health Information in response to a court order, subpoena, search warrant, law or regulation or the terms of the Notice of Privacy Practices.
“Do No Track” Signals and Similar Mechanisms
Our Site does not respond to web browser “do not track” signals and similar mechanisms. However, you may control certain Tracking Mechanisms as described above.
HOW YOU CAN CORRECT/UPDATE YOUR PERSONAL INFORMATION
You can correct or update your Personal Information at any time using the following options:
- Via the telephone: You can contact your customer service representative to correct your Personal Information at any time.
TRANSFER OF PERSONAL INFORMATION, PROTECTED HEALTH INFORMATION, AND NON-PERSONAL INFORMATION
All Personal Information, Protected Health Information, and Non-Personal Information obtained through our Site are owned by us. Accordingly, if we are acquired, merge with another entity, or we divest one or more of our businesses, affiliates or subsidiary companies, the Sites, and any Personal Information, Protected Health Information, and Non-Personal Information obtained through them, may be transferred to an applicable entity for the purposes of continuation of services, in accordance with applicable law and the Notice of Privacy Practices.
USAGE BY CHILDREN
Our Site is neither intended for nor designed to attract users who are under the age of 18. We are committed to preventing the unintentional collection of Personal Information and Protected Health Information from children under the age of 13. Any Personal Information and Protected Health Information of a child under 13 that is provided to us must be provided by a parent or legal guardian, and not by a child under the age of 13 who is using the Site.
If you are the parent or legal guardian of a child under the age of 13 whom you have reason to believe has provided his or her own Personal Information or Protected Health Information to us, you have the right to request the removal of that child's Personal Information and/or Protected Health Information from our database. In order to request such removal, please send an e-mail to email@example.com. You will be required to verify your identity as the child’s parent or legal guardian in order to have their Personal Information or Protected Health Information removed.
We are committed to protecting the privacy and security of this Site. We take reasonable technical and procedural precautions to protect the information received by us. Our Internet infrastructure is protected using industry recognized commercial security products, including current encryption technology, and best practice procedures for maintenance of the website. In addition, our infrastructure is monitored 24 hours a day, seven days a week.
No method of transmission over the Internet or storage of data on an Internet server is 100% secure. Although we use commercially acceptable and reasonable precautions to protect your information, we do not guarantee its absolute security.
We will provide you with advance notice of a major change prior to your access of any portion of the Site for which registration is required. For example, we may (i) require that you reaccept the updated version of the web policies, (ii) send you an electronic notification advising of the update to the web policies, (iii) include a notice on the Site viewable without login advising of the update to the web policies, and/or (iv) advise you of the updated web policies during a phone call. We do not ordinarily provide advance notice of a minor change.
HOW TO SEND US YOUR COMMENTS
Specific questions regarding the enforcement of this policy should be directed to firstname.lastname@example.org.
NOTICE OF PRIVACY PRACTICES
Effective Date: August 22, 2013
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
When this Notice refers to the Express Scripts Affiliated Covered Entity or the “Express Scripts ACE”, it is referring to Express Scripts Holding Company (“Express Scripts”) and each of the Express Scripts subsidiaries or affiliates that are covered entities, including but not limited to: Accredo Health Group, Inc.; ESI Mail Pharmacy Service, Inc.; Express Scripts Specialty Distribution Services, Inc.; Medco Containment Insurance Company of New York; and Medco Containment Life Insurance Company. A full list of covered subsidiaries or affiliates can be found at Express-Scripts.com/subsidiaries.
Each of the Express Scripts subsidiaries or affiliates listed is a covered entity under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder (collectively, “HIPAA”). Each of the above-listed subsidiaries is under the common control and ownership of Express Scripts.
Pursuant to 45 C.F.R. § 164.105(b), each of the above- listed Express Scripts subsidiaries or affiliates hereby designates itself as a single affiliated covered entity for purposes of compliance with HIPAA. The single affiliated covered entity shall be known as the “Express Scripts ACE.” This designation may be amended from time to time to add new covered entities that are under the common control and ownership of Express Scripts.
This Notice of Privacy Practices (“Notice”) describes:
- How we (that is, each of the subsidiaries that compose the Express Scripts ACE) may use and disclose your protected health information (“PHI”)
- Your rights to access and amend your PHI
We are required by law to:
- Maintain the privacy of your PHI
- Provide you with notice of our legal duties and privacy practices with respect to PHI
- Abide by the terms of the Notice currently in effect for the Express Scripts ACE
PERMITTED USES AND DISCLOSURES OF YOUR PHI
We may use and disclose your PHI for the following purposes:
Treatment – We may use and disclose your PHI to healthcare professionals or other third parties to provide, coordinate and manage the delivery of healthcare. For example, your pharmacist may disclose PHI about you to your doctor in order to coordinate the prescribing and delivery of your drugs. We also may provide you with treatment reminders and information about potential side effects, drug interactions and other treatment-related issues involving your medicine.
Payment – We may use and disclose PHI about you to receive payment for our services, manage your account, fulfill our responsibilities under your benefit plan, and process your claims for drugs you have received. For example, we may give PHI to your health plan (or its designee) so we can confirm your eligibility for pharmacy benefits, or we may submit claims to your health plan, employer or other third party for payment.
Healthcare Operations – We may use and disclose your PHI to carry on our own business planning and administrative operations. We need to do this so we can provide you with high-quality services. For example, we may use and disclose PHI about you to assess the use or effectiveness of certain drugs, develop and monitor medical protocols, and to provide information regarding helpful health-management services.
Information That May Be of Interest to You – We may use or disclose your PHI to contact you about treatment options or alternatives that may be of interest to you. For example, we may call you to remind you of expired prescriptions, the availability of alternative drugs, or to inform you of other products that may benefit your health.
Individuals Involved in Your Care or Payment for Your Care – We may disclose PHI about you to someone who assists in or pays for your care. Unless you write to us and specifically tell us not to, we may disclose your PHI to someone who has your permission to act on your behalf. We will require this person to provide adequate proof that he or she has your permission.
Parents or Legal Guardians – If you are a minor or under a legal guardianship, we may release your PHI to your parents or legal guardians when we are permitted or required to do so under federal and applicable state law.
Business Associates – We arrange to provide some services through contracts with business associates so that they may help us operate more efficiently. We may disclose your PHI to business associates acting on our behalf. If any PHI is disclosed, we will protect your information from unauthorized use and disclosure using confidentiality agreements. Our business associates may, in turn, use vendors to assist them in providing services to us. If so, the business associates must enter into a confidentiality agreement with the vendor, which protects your information from unauthorized use and disclosure.
Research – Under certain circumstances, we may use and disclose PHI about you for research purposes. Before we use or disclose PHI about you, we will remove information that personally identifies you, obtain your written authorization or gain approval through a special approval process designed to protect the privacy of your PHI. In some circumstances, we may use your PHI to generate aggregate data (summarized data that does not identify you) to study outcomes, costs and provider profiles, and to suggest benefit designs for your employer or health plan. These studies generate aggregate data that we may sell or disclose to other companies or organizations. Aggregate data does not personally identify you.
Abuse, Neglect or Domestic Violence – We may disclose your PHI to a social service, protective agency or other government authority if we believe you are a victim of abuse, neglect or domestic violence. We will inform you of our disclosure unless informing you would place you at risk of serious harm.
Public Health – We may disclose your PHI for public health activities and purposes, such as reporting adverse events, post-marketing surveillance in connection with FDA-regulated entities’ legal obligations (for example, pharmaceutical manufacturer reporting or connections with an FDA-mandated Risk Evaluation and Mitigation Strategies (REMS) program) and product recalls. We may also disclose your PHI to a person or company that is regulated by the U.S. Food and Drug Administration, such as a pharmaceutical manufacturer, for the purpose of: reporting or tracking product defects or problems; repairing, replacing, or recalling defective or dangerous products or monitoring the performance of a product after it has been approved for use by the general public. We may receive payment from a third party for making disclosures for public health activities and purposes.
Health Oversight – We may disclose PHI to a health oversight agency performing activities authorized by law, such as investigations and audits. These agencies include governmental agencies that oversee the healthcare system, government benefit programs, and organizations subject to government regulation and civil rights laws.
Creation of De-Identified Health Information – We may use your PHI to create data that cannot be linked to you by removing certain elements from your PHI, such as your name, address, telephone number, and member identification number. We may use this de-identified information to conduct certain business activities; for example, to create summary reports and to analyze and monitor industry trends.
To Avert Serious Threat to Health or Safety – We may disclose your PHI to prevent or lessen an imminent threat to the health or safety of another person or the public. Such disclosure will only be made to someone in a position to prevent or lessen the threat.
Judicial Proceedings – We may disclose your PHI in the course of any judicial proceeding in response to a court order, subpoena or other lawful process, but only after we have been assured that efforts have been made to notify you of the request.
Law Enforcement – We may disclose your PHI, as required by law, in response to a subpoena, warrant, summons, or, in some circumstances, to report a crime.
Coroners and Medical Examiners – We may disclose your PHI to a coroner or a medical examiner for the purpose of determining cause of death or other duties authorized by law.
Organ, Eye and Tissue Donation – We may disclose your PHI to organizations involved in organ transplantation to facilitate donation and transplantation.
Workers’ Compensation – We may disclose your PHI to comply with workers’ compensation laws and other similar programs.
Fund Raising – We may use your PHI to send you fundraising communications, but you have the right to opt out of receiving such communications.
Specialized Government Functions, Military and Veterans
– We may disclose your PHI to authorized federal officials to perform intelligence, counterintelligence, medical suitability determinations, Presidential protection activities, and other national security activities authorized by law. If you are a member of the U.S. armed forces or of a foreign military, we may disclose your PHI as required by military command authorities or law. If you are an inmate in a correctional institution or under the custody of a law enforcement official, we may disclose your PHI to those parties if disclosure is necessary for: the provision of your healthcare; maintaining the health or safety of yourself or other inmates or ensuring the safety and security of the correctional institution or its agents.
As Otherwise Required By Law – We will disclose PHI about you when required to do so by law. If federal, state or local law within your jurisdiction offers you additional protections against improper use or disclosure of PHI, we will follow such laws to the extent they apply.
Other Uses and Disclosures – Most uses and disclosures of psychotherapy notes (where appropriate), uses and disclosures for marketing purposes and disclosures that constitute a sale of PHI require an authorization. Any of these activities and any other uses and disclosures of your PHI not listed in this Notice will be made only with your authorization unless we are permitted by applicable law to make such other use and disclosure in which case we shall comply with applicable law. You may revoke your authorization, in writing, at any time unless we have taken action in reliance upon it. Written revocation of authorization must be sent to the address listed below.
YOUR RIGHTS WITH RESPECT TO YOUR PHI
You have the following rights regarding the PHI we maintain about you:
Right to Inspect and Copy – Subject to some restrictions, you may inspect and copy PHI that may be used to make decisions about you. If we maintain an electronic health record containing your PHI, you have the right to request that we send a copy of your PHI in an electronic format to you or to a third party that you identify.
Right to Amend – If you believe PHI about you is incorrect or incomplete, you may ask us to amend the information. You must provide a reason supporting your request to amend.
Right to an Accounting of Disclosures – You have the right to request an accounting of disclosures of your PHI. This accounting identifies the disclosures we have made of your PHI other than for treatment, payment or healthcare operations. The provision of an accounting of disclosures is subject to certain restrictions.
Right to Request Restrictions – You have the right to request a restriction or limitation on the PHI we use and disclose about you for treatment, payment or healthcare operations. You may also request your PHI not be disclosed to family members or friends who may be involved in your care or paying for your care. Your request must: be in writing; state the restrictions you are requesting and state to whom the restriction applies. We are not required to agree to your request. If we do agree, we will comply with your request unless the restricted information is needed to provide you with emergency treatment. We will agree to your request to restrict PHI disclosed to a health plan for payment or healthcare operations (that is, non-treatment) purposes if the information is about a medication for which you paid us, out-of-pocket, in full.
Confidential Communications – You may ask that we communicate with you in an alternate way or at an alternate location to protect the confidentiality of your PHI. Your request must state an alternate method or location you would like us to use to communicate your PHI to you.
Right to be Notified – You have the right to be notified following a breach of unsecured PHI if your PHI is affected.
Right to a Paper Copy of This Notice – You have the right to request a paper copy of this Notice at any time. For pre-recorded information about how to obtain a copy of this Notice and answers to frequently asked questions, please call toll-free 877.279.6391. Even if we have agreed to provide this Notice electronically, you are still entitled to a paper copy. You may obtain a copy of this Notice from our website at Express-Scripts.com/privacy/.
Right to File a Complaint – If you believe we have violated your privacy rights, you may file a written complaint to Express Scripts at the address listed below. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services. You will not face retaliation for filing a complaint.
Written complaints, written revocation of authorization to use or disclose PHI, written requests for a copy of your PHI, amendment to your PHI, an accounting of disclosures, restrictions on your PHI or confidential communications may be mailed to:
Attn: Privacy Officer
P.O. Box 66561
St. Louis, MO 63166-6561
Please include your name, address, and patient ID number.
We reserve the right to revise this Notice - A revised Notice will be effective for PHI we already have about you, as well as any PHI we may receive in the future. We will communicate revisions to this Notice through our website, Express-Scripts.com/privacy.