INTERNET PRIVACY POLICY |
Version 5.0 Last Revised: 11/15/2017
This Privacy Policy is provided by your plan sponsor's pharmacy benefit manager (or underwriting insurance company as applicable) or, if not applicable, Express Scripts Holding Company (in either case, "Express Scripts" "we", "us" or "our") to all visitors ("you" or "your") who use the Express-Scripts.com site available through http://www.Express-Scripts.com (the "Site") including Registered Users of the Registered User Website. The Site may be accessed via the World Wide Web, via a mobile application, or through a website or application hosted by a third party or one of our affiliated companies. The Site is provided to you as a service to provide information about our company and, as applicable, your pharmacy benefit management of your User account and access to mail order pharmacy services and includes the Registered User Website. The "Registered User Website" (or simply "Website") is a registered user-only account portal available through the Site which enables Registered Users to access their personal account information and to use certain other services offered only to them.
"Users" are persons utilizing the Website and include Members. "Members" (or "Beneficiaries" in the case of the TRICARE program) are individual participants in a prescription drug benefit plan. "Registered Users" are persons who have registered for use of the Website and include Registered Members. Individual Members of an applicable prescription drug plan administered by Express Scripts on behalf of a plan sponsor who have successfully submitted a completed account registration form on the Site, or have completed the appropriate registration process from their plan sponsor's website, or have registered via telephone with a customer service representative, or are otherwise qualified as a beneficiary under the TRICARE program and registered through an available mechanism are all "Registered Members" (or "Registered Beneficiaries" in the case of the TRICARE program) who will be provided access to the Website after completing the registration process. Cardholders" (or "Sponsors" in the case of the TRICARE program) are Members of a prescription drug benefit plan who carry the membership under their name for themselves and their Covered Household Members. "Covered Household Members" mean individuals who are covered through the prescription drug benefit plan under the Member's account. "Spouse" means a Covered Household Member who is designated as a spouse in accordance with the terms of the prescription drug benefit plan. "Adult Dependent" means a Covered Household Member who is eighteen years of age or older. "Minor Dependent" means a Covered Household Member who is under the age of eighteen.
We are firmly committed to protecting the confidentiality and security of your Personal Information. The term "Personal Information" means any information which can be used to identify a person including by way of example, but not limitation, name, date of birth, mailing address, social media and other third party platform account identifiers, home phone number, mobile phone number, e-mail address, credit card information, and/or Social Security number. The term "Health Information" means any information, in any form, related to the past, present, or future health or medical status, condition, or treatment of a person, including, by way of example, but not limitation, names of doctors, health conditions, medicines, and/or prescription information and history.
In addition to this Privacy Policy, the "Notice of Privacy Practices" describes how we may use and disclose Health Information, and your rights to access and update your Health Information and how to request restrictions on our use and disclosure of your Health Information. To the extent any terms in this Privacy Policy conflict with any terms in the Notice of Privacy Practices, the conflicting terms in the Notice of Privacy Practices will control and override the corresponding terms in this Privacy Policy.
COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION AND HEALTH-RELATED PERSONAL INFORMATION
How We Collect Your Personal Information
Site Registration
Registration is optional; however, Registered Users are provided access to the Registered User Website and to information and online services not provided on the public website, as well as the ability to login to the Website when revisiting the Site. The Personal Information and Health Information you disclose to us during registration and in connection with the Website are provided strictly on a voluntary basis. We may also collect Non-Personal Information during the registration process as described below. Registered Members or Registered Beneficiaries may be asked to provide us with the Personal Information and/or Health Information of one or more of their Covered Household Members. In some instances, you may provide Personal Information and/or Health Information about your family members to enable utilization of certain Site functionality on their behalf.
Website Role
When you are qualified, you may register for access to the Registered User Website using your Personal Information. Depending on the role assigned to you during Website registration and thereafter, differing Website functionality may be made available to you. For example, the Website functionality available to a Registered Member and a Registered User who is not a Registered Member may differ. In some instances, you may be able to register for access to the Website (i) before you are a plan member so that we can utilize your Personal Information during an open enrollment, (ii) to enable you to take advantage of Website functionality when your membership becomes active, or (iii) otherwise. If you have multiple accounts or roles with us (e.g., based on current membership in a first plan and past membership in a second plan or, as a member and as a caregiver), you may be able to switch between the different accounts/roles while on the Website.
Utilization of Third Party Platform Login Credentials
Users may register for the Website by creating login credentials used for the site ("Express Scripts credentials"), or by using existing login credentials associated with an approved third party platform ("third party credentials"). Both types of login credentials once associated with the account of the Registered User may be interchangeably used to access the Website. You may also be able to register for access to the Website through multiple third party platforms. Regardless of the login credentials used, your account associated with the Website is the same.
If you reset your third party credentials directly with the third party platform, the resetting should not affect your access to the Website. By using third party credentials to access the Site, certain Personal Information and Non-Personal Information may be provided to us by the third party platform or otherwise. We may use any received Personal Information and Non-Personal Information in a manner consistent with this Privacy Policy.
Communication Functionality
Certain portions of the Site may be available to you that include communication functionality. The communication functionality enables real-time communication sessions with Express Scripts personnel or other persons on behalf of or in conjunction with Express Scripts ("Authorized Persons"). When used, certain Personal Information, Health Information, and/or Non-Personal Information may be shared with or collected by the Authorized Persons depending upon the nature of the communication session. In certain instances, you may be able to selectively grant permission(s) to an Authorized Person to participate with you in interacting with the Site. Certain communication functionality may be provided on the Site for limited purposes, and the Authorized Persons will be unable to provide assistance beyond such purposes.
Purchases
In addition to providing Personal Information during the registration process, you may provide us with Personal Information or Health Information on the checkout page of the Site when ordering and paying for products and/or if you choose to purchase products or services using our "e-check" electronic funds transfer program or through an automatic refill option (if available to you).
Guest Authentication and Functionality
Certain functionality on the Site requires login to the Registered User Website. Other functionality may be available without the use of login credentials. However, depending on the nature of the non-login functionality ("guest functionality"), you may be required to authenticate yourself ("guest authentication"). For example, Site features such as requesting a refill, checking order status, and paying a bill may be performed by logging into the Website or by use of guest functionality. If you have not previously registered for access to the Website, we will not use Personal Information captured during guest authentication to register you for the Website unless you have requested that we do so.
In general, we will not use the Personal Information collected during guest authentication to update your profile unless otherwise indicated. However, we may utilize the captured Personal Information to provide the associated guest functionality. For example, an e-mail address provided while requesting a refill using guest functionality may be used to confirm that your refill has been shipped. In certain instances when using guest functionality, we may communicate with you using your communication preferences and/or Personal Information contained in your profile or otherwise available to us.
Claim Processing
As applicable, we use your Personal Information and Health Information to process your prescription drug claims in accordance with membership in your Express Scripts drug benefit plan. When available, you may submit certain claims for previously filled prescription drugs through the Website instead of mailing them to us. We may request additional Personal Information and/or Health Information to process your claims.
Designated Caregiver
When available, you may be able to assign a designated caregiver ("Caregiver") in the "Profile" section of the Registered User Website to act on your behalf with various Express Scripts functions. We will request that you provide certain Personal Information about this individual. The Personal Information may include the individual's full name and date of birth which will be used by us to properly identify your Caregiver when he or she contacts us on your behalf. In certain instances, the Caregiver when so designated may receive Site and other notifications that would otherwise be sent to you. Other features and functionality may be available to the Caregiver based on your designation.
The mechanism that you use to designate the Caregiver may affect the Caregiver functionality available to you and/or the Caregiver, and the actions on your behalf that the Caregiver may make. For example, designating a Caregiver via the Website may enable a lesser number of actions the Caregiver can make on your behalf while compared to designating a Caregiver via legal designation. In some implementations, a Caregiver designated via letter can only be revoked by calling us, while a Caregiver designated via the Website can be revoked via the Website or by calling us.
Contacting Us
After login, you may contact us by selecting the Contact Us portion of the Website. In this portion of the Website, you may be able to communicate more directly regarding specific issues to designated personnel at Express Scripts. Your use of this feature is in accordance with any additional posted terms and restrictions including, but not limited to, turnaround time for our response. Do not use this feature if you are experiencing an emergency or are out of medication; contact your doctor, other healthcare provider, or us as appropriate.
Communications
Web Profile Maintenance and Termination
Your web profile that enables access to the Website will generally be active after registration. If your coverage with Express Scripts is termed (e.g., you are no longer a Member), you may continue to utilize your web profile to obtain account access for a certain period of time. After such period of time elapses, your web profile is subject to deletion. If you later regain coverage (e.g., you again become a Member), you may be required to create a new web profile to regain access to the Website. Depending on the length of time between losing and regaining coverage, you may be able to access your prior history for a period of time. If you choose to manually delete your web profile, your online access to the Website will terminate. However, we will continue to communicate with you in accordance with your previously established communication preferences. You can modify such preferences by re-registering for access to the Website, following instructions contained within an e-mail, or otherwise.
Social Media
When you communicate with us through social media, or provide a comment directed at us through social media, we may use social media to communicate with you. We may also directly communicate with you through social media in accordance with any expressed social media preferences in your communication preferences. We may also promote content of interest to you through social media. You may opt out or configure your social media account settings to limit promotion of such content.
Analytics
We may use certain in-house or third-party functionality to log and analyze your communications with us and interactions with the Site. This functionality enables us to communicate with you about our services, and to monitor the services provided to you, so that we can improve your Site experience and address certain Site or benefit related issues. These third parties will be required to protect your Personal Information and Health Information in a manner consistent with this Privacy Policy. Other analytics capabilities are reflected in the description of Non-Personal Information.
Other Uses and Disclosure of Your Personal Information We will not use or disclose your Personal Information or your Health Information in a manner inconsistent with applicable law, this Privacy Policy or the Notice of Privacy Practices. Examples of our uses and disclosures include:
Compelled and Necessary Disclosures
In certain circumstances, we may be legally compelled to release your or your Covered Household Member's Personal Information in response to a court order, subpoena, search warrant, or law or regulation, or the terms of the Notice of Privacy Practices. In addition, we may disclose your Personal Information and Health Information as reasonably necessary in accordance with law to protect the rights or property of us, our affiliates, and our users, or to enforce the terms and conditions associated with the Site including this Privacy Policy and the Terms of Use.
Covered Household Members Personal Information and Health Information
Our Website may include features through which Registered Members may view their own Health Information (such as their prescription history) and their Personal Information. In some cases, Cardholders may use the Website to view Health Information and Personal Information or manage the benefit on behalf of any Covered Household Members. Spouses and Adult Dependents may similarly register with the Website to access their own Health Information and Personal Information. The Cardholder, Spouse, or Adult Dependent may grant access to another person to view the granting person's Health Information. Covered Household Members who are either Minor Dependents or flagged are not provided with access to the Website, but may continue to call the number on the back of their benefit card to transact business with Express Scripts.
The availability of the Health Information and Personal Information of the Cardholder and other Covered Household Members may depend on Cardholder preferences, plan/program preferences, available Website functionality, and applicable law. For example:
How You Can Correct/Update Your Personal Information and/or Health Information
You can correct or update your Personal Information or Health Information at any time using the following options:
Express Scripts
Attention: KANA Team
One Express Way, St. Louis, MO 63121
COLLECTION, USE, AND DISCLOSURE OF NON-PERSONAL INFORMATION
Collection of Non-Personal Information
When you visit the Site, and during your interactions with the Site, we may collect Non-Personal Information from you. "Non-Personal Information" means a data element or collection of data elements that by itself cannot ordinarily be associated with a specific individual. Non-Personal Information includes by way of example but not limitation, the Internet browser, or operating system you are using, your navigation of the Site including the pages or displays of the Site that you access, the amount of time spent on various portions of the Site, the length and dates of your visits to the Site, and certain Site data captured through your interactions with the Site and other sites. Non-Personal Information may include information provided by you through the Site or otherwise (e.g., through a third-party site) that is not Personal Information or Health Information. Certain Non-Personal Information may be collected on an aggregated, anonymous basis through web server logs, cookies, ad servers, tracking pixels, web beacons, and similar Internet tracking devices (collectively "Tracking Mechanisms"). Web servers automatically collect Non-Personal Information, with your IP address, when you request pages or displays of the Site or other sites. Based on certain interactions with the Site, third-party sites, mailings, other communications with us, and/or our system configurations, certain Non-Personal Information may be associated with your Personal Information such that your Non-Personal Information is identifiable with you.
You may be able to opt-out of certain third-party associations by following third party customization and/or opt-out options. Google®, Twitter®, and LinkedIn® may provide customization and/or opt-out of certain Tracking Mechanisms through their respective sites. For example, Google's Ads Settings, DoubleClick opt-out page, Twitter's promoted content settings, LinkedIn account settings, and Network Advertising Initiative opt-out page may limit the collection and usage of certain third-party Tracking Mechanisms.
Use of Non-Personal Information
The collected Non-Personal Information may be used by us and our affiliated companies for a variety of analytic and developmental purposes including to improve and enhance the Site and our products and services, to create new products and services, to customize your experience on the Site and other sites that you visit on the Internet, to identify and/or offer products, services and website functionality that may be of interest to you, and other legitimate business purposes.
We may use different kinds of cookies including session ID cookies and persistent cookies. Session ID cookies are used to personalize your user experience, to determine ways to improve the Site, Site content, and the services offered through the Site. These cookies are deleted from your hard drive when you close your browser session. Persistent cookies are used to collect non-personally identifiable information such as Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, platform type, date/time stamp and number of clicks.
You may set your browser to accept cookies, warn you when a cookie is sent, or turn off all cookies (except Flash cookies). Check your web browser's help menu or your mobile device settings to find out how. Some mobile devices store cookies not only in areas connected to the web browsers but also in an app-specific area, so you may have to check your app settings options to determine how to manage or delete cookies stored in these other areas. If you do not accept cookies, some features, services, or activities available through the Site may not function correctly and you may be unable to access certain content.
We may embed tracking pixels within various pages of the Site to enable use of site analytics. The site analytics enable us to determine the usage frequency of various areas of the Site and identify areas of the Site for enhancement. While you are visiting and after you leave the Site, we may use web beacons to notify you of areas of the Site and other aspects of our organization and its affiliated companies in which you may be interested. Certain tracking pixels and web beacons may be cleared or reset through configuration of your web browser such as by clearing your cache. We may use ad servers to provide you with offers of possible interest.
We use your IP address so that we can send data (such as the pages you request) to you and collect Non-Personal Information during the process. We aggregate this Non-Personal Information with similar Non-Personal Information collected from other users to track overall visitor traffic patterns and help us understand Site usage and preferred and most frequently used pages, products and services, to provide you with better service, to improve Site use and functionality, and to provide you with information on other products and services that may be of interest to you.
When using the Site through a mobile application, we may use different kinds of software and hardware identifiers to personalize your user experience, to determine ways to improve the Site, Site content, and the services offered through the Site. These identifiers may be deleted or rendered otherwise inaccessible when you close your browsing session. Certain identifiers may be used to collect non-personally identifiable information such as IP addresses, device type and other device details, Internet Service Provider (ISP), operating system and other platform details, date/time stamp and number of clicks. We may embed certain identifiers within various displays of the Site to enable use of Site analytics. Site analytics enable us to determine the usage frequency of various portions of the Site and identify portions of the Site for enhancement.
We may analyze Non-Personal Information in the aggregate to study outcomes, costs, and provider profiles, and to suggest benefit designs for employers or health plans. These studies may generate Aggregate Data (described below) which we may utilize for a variety of purposes.
We may perform statistical analyses of the traffic patterns, Site usage, and behaviors associated with the Site. We may use these analyses to generate Aggregate Data from the original Non-Personal Information. We may combine, separate, aggregate, or otherwise parse and process Non-Personal Information. The parsing and processing of such information may generate Aggregate Data. "Aggregate Data" is summary level data, such as the number of web visitors in a specific geographic area. Aggregate Data does not contain information that can be used to identify or contact you, such as your name, address, telephone number or e-mail address, and does not reflect the original form of the Non-Personal Information collected from you.
Disclosure of Non-Personal Information
We may disclose Non-Personal Information as follows:
"Do Not Track" Signals and Similar Mechanisms
Our Site does not respond to web browser "do not track" signals and similar mechanisms. However, you may control certain Tracking Mechanisms as described above.
TRANSFER OF PERSONAL INFORMATION, HEALTH INFORMATION AND NON-PERSONAL INFORMATION
All Personal Information, Health Information, and Non-Personal Information obtained through our Site are owned by us. Accordingly, if we are acquired, merge with another entity, or we divest one or more of our businesses, affiliates or subsidiary companies, the Sites, and any Personal Information, Health Information, and Non-Personal Information obtained through them, may be transferred to an applicable entity for the purposes of continuation of services, in accordance with applicable law and the Notice of Privacy Practices.
RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
Subject to any applicable business, legal, or regulatory requirements, we securely destroy Personal Information when it is no longer required to fulfill our services and commitments to you or to enforce our rights or meet our obligations.
THIRD-PARTY USAGE
We may use third parties to: (a) operate and maintain the server(s) on which the Site operates, (b) enable login to the Website utilizing third party platform login credentials, (c) provide communication functionality, (d) encrypt message, (e) provide Tracking Mechanism(s) that we embed in or use with the Site, (f) provide advertisements and other information to you about the Site, products, and services through a third-party site based on a prior visit to the Site, (g) analyze communication with us and interactions with the Site, (h) de-identify data, and (i) collect Non-Personal Information from you (e.g., on your interactions and/or experience with the Site and/or us). The third party may then share the Personal Information, Non-Personal Information, Aggregate Data, and/or other data with us.
USAGE BY CHILDREN AND ON BEHALF OF CHILDREN
Our Site is neither intended for nor designed to attract users who are under the age of 18. If you are under the age of 18, or we are not otherwise able to offer Site functionality to you because you are deemed a minor, do not use the Site. However, depending upon the Site functionality available to you, a partner, guardian, or similar legally authorized person ("Authorized Person") may register for access to the Website and use it on your behalf. Upon turning 18, we will cease providing Website access to the Authorized Person. Depending on the Site functionality available to you, we may (i) permanently disable the Authorized Person's account, (ii) require you to register for desired access to the Website, (iii) provide a notification of your options associated with the Website, (iv) request that you indicate whether the Authorized Person may continue to act on your behalf, (v) seek confirmation that you have taken over the account for access to the Website on behalf of the Authorized person, and/or (vi) otherwise communicate with you and/or the Authorized Person in accordance with applicable law, your communication preferences, your health plan's preferences, or otherwise.
We are committed to preventing the unintentional collection of Personal Information and Health Information from children under the age of 13. Any Personal Information and Health Information of a child under 13 that is provided to us must be provided by a parent or legal guardian, and not by a child under the age of 13 who is using the Site.
If you are the parent or legal guardian of a child under the age of 13 whom you have reason to believe has provided his or her own Personal Information or Health Information to us, you have the right to review and request the removal of that child's Personal Information and/or Health Information from our database. In order to request such removal, please send an e-mail to privacy@express-scripts.com. You will be required to verify your identity as the child's parent or legal guardian in order to view their Personal Information or Health Information or have it removed.
LINKING POLICY
Our Site may contain hyperlinks allowing our users to connect to other websites owned by us and our affiliated companies and websites owned by our third-party vendors, distributors, and providers ("Linked Sites"). You may also access our Site through a hyperlink embedded in a Linked Site. We provide hyperlinks to the Linked Sites to enable you to conveniently access websites that may be of interest to you. Please note that once you click on a hyperlink that transfers you from our Site to a Linked Site, you have left our Site, and this Privacy Policy will immediately cease to apply to any subsequent activity on the Linked Site. We are under no obligation to notify you when you have left our Site and have accessed a Linked Site. Use of any Linked Site will be governed by the privacy policy, terms of use, and/or other policies (if any) on the Linked Site. You may, at your option, participate in surveys or provide other information to our affiliates that control a Linked Site, and that information may be shared with us or with others subject to the privacy policy terms set forth on that Linked Site. Certain Non-Personal Information that you choose to provide through a Linked Site (such as comments) that is subsequently provided to us by the Linked Site provider in connection with a service engagement may be identifiable to us as your Personal Information.
SECURITY STATEMENT
We are committed to protecting the privacy and security of this Site. We take reasonable technical and procedural precautions to protect the information received by us. Our Internet infrastructure is protected using industry recognized commercial security products, including current encryption technology, and best practice procedures for maintenance of the website. In addition, our infrastructure is monitored 24 hours a day, seven days a week.
No method of transmission over the Internet or storage of data on an Internet server is 100% secure. Although we use commercially acceptable and reasonable precautions to protect your information, we do not guarantee its absolute security.
YOUR ACCEPTANCE OF THIS PRIVACY POLICY
You are deemed to have assented to the terms and conditions contained in this Privacy Policy when you use the Site and/or when you have indicated in your online registration that you accept the Terms of Use into which this Privacy Policy is incorporated. You are deemed to have read and accepted this Privacy Policy each time you access the Site and/or the Website after initial registration by using your login credentials. If you do not agree to the terms of this Privacy Policy, please do not use the Site. The terms and conditions contained in this Privacy Policy are subject to and may be superseded by applicable Federal and State laws.
RELATIONSHIP TO THE TERMS OF USE
This Privacy Policy, and your and our performance in connection herewith, is further governed by and subject to the Terms of Use for the Site, including but not limited to the disclaimer, limitation of liability, governing law, jurisdiction, and venue provisions set forth therein.
CHANGES IN OUR PRIVACY POLICY
We use Personal Information, Health Information, and Non-Personal Information collected from you pursuant to the Site only within the scope of use described in this Privacy Policy. However, we reserve the right, from time to time in our sole and absolute discretion, to change, to modify, or to add terms or remove terms from this Privacy Policy. Changes to this Privacy Policy will be reflected when we post a new version number and updated revision date. The version number includes a major number, a decimal point, and a minor number. A change to the major number reflects a significant change to the policy, while a change to the minor number reflects a less significant change to the policy. Examples of significant changes include additional provisions that reflect new Site functionality, significant modifications to existing provisions, and more significant changes to Site functionality that cause provisions to be modified, added, or removed. Examples of less significant changes include additional provisions that clarify current Site functionality, minor modifications to existing provisions, and less significant changes to Site functionality that cause provisions to be modified, added, or removed.
We will provide an advance notice of a major change prior to your access of any portion of the Site for which registration is required. For example, we may (i) require that you reaccept the updated version of the web policies, (ii) send an electronic notification advising of the update to the web policies, (iii) include a notice on the Site viewable without login advising of the update to the web policies, and/or (iv) advise you of the updated web policies during a phone call. We do not ordinarily provide advance notice of a minor change.
We recommend that you check the version number and revision date prior to using the Site, and that you review this Privacy Policy on a frequent basis. Your continued use of the Site and/or utilization of any Site benefits after this Privacy Policy has been updated (and after advance notice for a major change) indicates your agreement and acceptance of the updated version of the Privacy Policy.
POLICY COMMENTS AND ASSISTANCE
We welcome your comments on this Privacy Policy. If you have general feedback, please e-mail us. Specific questions regarding the enforcement of this Privacy Policy should be directed to privacy@express-scripts.com. For technical assistance with the Site, please contact our technical support by calling 1-800-711-5672.
^back to top |