Version 4.1 Last Revised: 08/29/2016
"Members" (or "Beneficiaries" in the case of the TRICARE program) are individual participants in a prescription drug benefit plan. Individual Members who are at least eighteen years old and who have submitted a completed account registration form on the Site, or have completed the appropriate registration process from their plan sponsor's website, or have completed the registration process via telephone with a customer service representative, or are otherwise qualified as a beneficiary under the TRICARE program are all "Registered Members" (or "Registered Beneficiaries" in the case of the TRICARE program) who will be provided access to the Member Website after completing the registration process. "Cardholders" (or "Sponsors" in the case of the TRICARE program) are Members of a prescription drug benefit plan who carry the membership under their name for themselves and their Covered Household Members. "Covered Household Members" mean individuals who are covered through the prescription drug benefit plan under the Member's account. "Spouse" means a Covered Household Member who is designated as a spouse in accordance with the terms of the prescription drug benefit plan. "Adult Dependent" means a Covered Household Member who is eighteen years of age or older. "Minor Dependent" means a Covered Household Member who is under the age of eighteen.
We are firmly committed to protecting the confidentiality and security of your Personal Information. The term "Personal Information" means any information which can be used to identify a person including by way of example, but not limitation, name, date of birth, mailing address, social media and other third party platform account identifiers, home phone number, mobile phone number, e-mail address, credit card information, and/or Social Security number. "Protected Health Information" means any information of a person related to health or medical status, including, by way of example, but not limitation, names of doctors, health conditions, medicines, and/or prescription information and history, paired with Personal Information.
COLLECTION AND USE OF NON-PERSONAL INFORMATION
How We Collect Non-Personal Information
When you visit the Site, and during your interactions with the Site, we may collect Non-Personal Information from you. "Non-Personal Information" means a data element or collection of data elements that by itself cannot ordinarily be associated with a specific individual. Non-Personal Information includes by way of example but not limitation, the Internet browser or computer operating system you are using, your navigation of the Site including the pages of the Site that you access, the amount of time spent on various portions of the Site, the length and dates of your visits to the Site, and certain Site data captured through your interactions with the Site and other sites. Non-Personal Information may include information provided by you through the Site or otherwise (e.g., through a third-party site) that is not Personal Information or Protected Health Information. Certain Non-Personal Information may be collected on an aggregated, anonymous basis through web server logs, cookies, ad servers, tracking pixels, web beacons, and similar Internet tracking devices (collectively "Tracking Mechanisms"). Web servers automatically collect Non-Personal Information, with your IP address, when you request pages of the Site or other sites. Based on certain interactions with the Site, third-party sites, mailings, other communications with us, and/or our system configurations, certain Non-Personal Information may be associated with your Personal Information such that your Non-Personal Information is identifiable with you. You may be able to opt-out of certain third-party associations by following customization and/or opt-out options as described below.
How We Use Non-Personal Information
The collected Non-Personal Information may be used by us and our affiliated companies for a variety of analytic and developmental purposes including to improve and enhance the Site and our products and services, to create new products and services, to customize your experience on the Site and other sites that you visit on the Internet, to identify and/or offer products, services and website functionality that may be of interest to you, and other legitimate business purposes.
We may use different kinds of cookies including session ID cookies and persistent cookies. Session ID cookies are used to personalize your user experience, to determine ways to improve the Site, Site content, and the services offered through the Site. These cookies are deleted from your hard drive when you close your browser session. Persistent cookies are used to collect non-personally identifiable information such as Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, platform type, date/time stamp and number of clicks.
You may set your browser to accept cookies, warn you when a cookie is sent, or turn off all cookies (except Flash cookies). Check your web browser's help menu or your mobile device settings to find out how. Some mobile devices store cookies not only in areas connected to the web browsers but also in an app-specific area, so you may have to check your app settings options to determine how to manage or delete cookies stored in these other areas. If you do not accept cookies, some features, services, or activities available through the Site may not function correctly and you may be unable to access certain content.
We may embed tracking pixels within various pages of the Site to enable use of site analytics. The site analytics enable us to determine the usage frequency of various areas of the Site and identify areas of the Site for enhancement. While you are visiting and after you leave the Site, we may use web beacons to notify you of areas of the Site and other aspects of our organization and its affiliated companies in which you may be interested. Certain tracking pixels and web beacons may be cleared or reset through configuration of your web browser such as by clearing your cache. We may use ad servers to provide you with offers of possible interest.
We use your IP address so that we can send data (such as the pages you request) to you and collect Non-Personal Information during the process. We aggregate this Non-Personal Information with similar Non-Personal Information collected from other users to track overall visitor traffic patterns and help us understand Site usage and preferred and most frequently used pages, products and services, to provide you with better service, to improve Site use and functionality, and to provide you with information on other products and services that may be of interest to you.
We may analyze Non-Personal Information in the aggregate to study outcomes, costs, and provider profiles, and to suggest benefit designs for employers or health plans. These studies may generate Aggregate Data (described below) which we may utilize for a variety of purposes.
We may perform statistical analyses of the traffic patterns, Site usage, and behaviors associated with the Site. We may use these analyses to generate Aggregate Data from the original Non-Personal Information. We may combine, separate, aggregate, or otherwise parse and process Non-Personal Information. The parsing and processing of such information may generate Aggregate Data. "Aggregate Data" is summary level data, such as the number of web visitors in a specific geographic area. Aggregate Data does not contain information that can be used to identify or contact you, such as your name, address, telephone number or e-mail address, and does not reflect the original form of the Non-Personal Information collected from you.
We work with third parties to:(a) operate and maintain the server(s) on which the Site operates, (b) enable login to the Member Website utilizing third party platform login credentials, (c) provide communication functionality, (d) provide Tracking Mechanism(s) that we embed in or use with the Site, (e) provide advertisements and other information to you about the Site, products, and services through a third-party site based on a prior visit to the Site, (f) analyze communication with us and interactions with the Site, (g) de-identify data, and (h) collect Non-Personal Information from you (e.g., on your interactions and/or experience with the Site and/or us). The third party may then share the Non-Personal Information, Aggregate Data, and/or other data with us.
We may disclose Non-Personal Information to third parties as follows:
- We may share Non-Personal Information with our affiliated companies, third parties who provide services to us, and other parties that you have authorized.
- We may disclose Aggregate Data to other companies or organizations for any legitimate business purpose.
- We may disclose products and services developed using the Non-Personal Information, including products and services that disclose anonymous and/or deidentified Site data for any legitimate business purpose.
- We will not sell your Non-Personal Information to other companies or organizations.
Some of the third parties, such as Google®, Twitter®, and LinkedIn® may provide customization and/or opt-out of certain Tracking Mechanisms through their respective sites. For example, Google's Ads Settings, DoubleClick opt-out page, Twitter's promoted content settings, LinkedIn account settings, and Network Advertising Initiative opt-out page may limit the collection and usage of certain third-party Tracking Mechanisms.
COLLECTION AND USE OF PERSONAL INFORMATION AND HEALTH-RELATED PERSONAL INFORMATION
How We Collect Your Personal Information and Protected Health Information
Registration is optional; however, Registered Members (or "Registered Beneficiaries" in the case of the TRICARE program) are provided access to the Member Website and to information and online services not provided on the public website, as well as the ability to login to the Member Website when revisiting the Site. The Personal Information and Protected Health Information you disclose to us during registration and in connection with the Member Website are provided strictly on a voluntary basis. We may also collect Non-Personal Information during the registration process as described above. When you become a Registered Member or Registered Beneficiary, you may be asked to provide us with the Personal Information and/or Protected Health Information of one or more of your Covered Household Members.
Utilization of Third Party Platform Login Credentials
Users may register for the Member Website by creating login credentials used for the site ("Express Scripts credentials"), or by using existing login credentials associated with an approved third party platform ("third party credentials"). Both types of login credentials once associated with the account of the Registered Member (or "Registered Beneficiaries" in the case of the TRICARE program) may be interchangeably used to access the Member Website. You may also be able to register for access to the Member Website through multiple third party platforms. Regardless of the login credentials used, your account associated with the Member Website is the same.
Certain portions of the site may be available to you that include communication functionality. The communication functionality enables real-time communication sessions with Express Scripts personnel or other persons on behalf of or in conjunction with Express Scripts ("Authorized Persons"). When used, certain Personal Information, Protected Health Information, and/or Non-Personal Information may be shared with or collected by the Authorized Persons depending upon the nature of the communication session. Certain communication functionality may be provided on the Site for limited purposes, and the Authorized Persons will be unable to provide assistance beyond such purposes.
In addition to providing Personal Information during the registration process, you may provide us with Personal Information or Protected Health Information on the checkout page of the Site when ordering and paying for products and/or if you choose to purchase products or services using our "e-check" electronic funds transfer program or through an automatic refill option.
Should you choose to assign a Designated Caregiver ("Caregiver") in the "Profile" section of the Member Website, you will be asked to provide Personal Information about this individual. The Personal Information may include the individual's full name, date of birth and gender which will be used by us to properly identify your Caregiver when he or she contacts us on your behalf.
After login, you may contact us by selecting the Contact Us portion of the Member Website. In this portion, you may be able to communicate more directly regarding specific issues to designated personnel at Express Scripts. Your use of this feature is in accordance with any additional posted terms and restrictions including, but not limited to, turnaround time for our response. Do not use this feature if you are experiencing an emergency or are out of medication; contact your doctor, other healthcare provider, or us as appropriate.
We constantly seek to improve our ability to communicate with you in more effective ways. Our communications to you may provide (i) information associated with your prescription drug benefit plan, (ii) information associated with the order and/or delivery of prescription drugs and/or other products from our pharmacies and/or other providers, and (iii) other information that you have given us permission to send. We strive to send these different types of information in accordance with available communication channels, formats, and choices that you have expressed, in each case in compliance with applicable law. Not all types of information and communication channels, formats, and choices may be available to you or honored at a particular time. For example, the communication preferences available to you through the Site may differ from those available to others depending upon your particular prescription drug benefit plan. An expressed communication preference may not be immediately honored for all communications associated with the preference. However, the preference may be honored for future communications when possible. We may also communicate with you through one or more communication channels to enable us to more effectively provide our services to you and on behalf of your plan sponsor.
Certain communications may include additional ways for you to express preferences. When your preference is expressed in this manner, such preference may be limited to a certain type of information, communication channel, and/or communication format as applicable. For example, if you select an opt-out option available in a particular e-mail, you may only have opted-out of a certain type of e-mail (e.g., promotional e-mails). We encourage you to review your communication preferences page(s) from time to time to review your communication options and expressed preferences.
The sending and receipt of communications in certain communication channels may cause you to incur messaging, data usage, or other fees from your services provider. By selecting such communication channels, you agree that you are solely responsible for these fees.
By registering for use of the Member Site, we will preselect your preference of having us communicate with you through your provided e-mail address and, as applicable, through our secure message center. This communication preference will provide you with certain communications through e-mail and the secure message center that were previously provided by automated outbound telephone calls or mail, and some additional communications that you would not have otherwise received. If you have previously expressed a preference to receive communications through a different communication channel, your preference will be retained. You may modify your communication preferences on the communication preferences page of the Member Site. For example, if you do not wish to receive e-mails or certain types of e-mails from us, you may so designate on the communication preferences page. In general, once you have authorized us to utilize a particular manner of communicating with you, we may cease communicating with you through other communication channels, unless otherwise required by law.
Communications may be provided to you through our secure message center. You may be notified of these communications through another communication channel that you have designated. In some instances, you may be able to select secure message center communications as part of your communication preferences. When secure message center communications is selected, we may provide certain information associated with your prescription drug benefit plan and information associated with the order and/or delivery of prescription drugs and/or other products from our pharmacies and/or other providers that would otherwise be provided to you through mail. You will be alerted of the availability of such information so that you can conveniently and securely access it. For example, we may send you an e-mail to notify you that a communication including prescription drug information for a prescription drug that has been shipped to you is available in the secure message center.
When our mobile application is installed, we may automatically provide you with certain in-app communications. These in-app communications may continue to be provided while the mobile application is installed on your mobile device. For example, we may send you an in-app communication to ask about your experiences with the mobile application. By uninstalling the mobile application from your mobile device, such in-app communications will automatically terminate. In some instances, you may be able to select mobile application communications as part of your communication preferences to receive other communications (e.g., communications including information associated with your prescription drug benefit plan) through your mobile application. If you uninstall the mobile application but have not modified your communication preferences, we will send these communications to you through another available communication channel.
At times, we may utilize communication channels not designated in your communication preferences, or may contact you regarding a particular issue or through a particular communication channel despite an otherwise stated communication preference. In certain instances, we may communicate with you through a different communication channel, or we may utilize multiple communication channels to reach you. Examples of when we may not be able to fully follow your communication preferences include when required by law, when a communication channel is or becomes unavailable, when we are unable to reach you by your preferred communication channel, when you have reached out to us by a particular communication channel and we respond by communicating with you through the same communication channel, or in the case of an emergency or other extenuating circumstance. You may continue to use all communication channels available to you to reach us regardless of your communication preferences.
Depending on the functionality available to you through the Site, you may be able to set communications preferences (i) at an individual level so that they are only applicable to you, or (ii) at a family level when you are the Cardholder (or Sponsor) so that the communication preferences are applicable to your Covered Household Members.
You may also be able to designate certain uses of your Protected Health Information with our communications. For example, you may be able to designate whether certain Protected Health Information can be included in communications to you regarding your prescription drug benefit plan and order and/or delivery of prescription drugs. You may also be able to authorize use of your Protected Health Information to send you promotional communications with information and opportunities that may be of interest to you. For example, such promotional communications could include the opportunity to purchase additional products, engage in promotional surveys, obtain additional health and wellness information, and the like.
When you communicate with us through social media, or provide a comment directed at us through social media, we may use social media to communicate with you. We may also directly communicate with you through social media in accordance with any expressed social media preferences in your communication preferences. We may also promote content of interest to you through social media. You may opt out or configure your social media account settings to limit promotion of such content.
We may use certain in-house or third-party functionality to analyze your communications with us and interactions with the Site. The analysis enables to us to monitor the services that we provide so that we can improve the services provided to you. These third parties will be required to protect any Personal Information and Protected Health Information in accordance with this Policy. Other analytics capabilities are reflected above in the description of Non-Personal Information.
How We Use Your Personal Information and Protected Health Information
- We will manage your prescription benefits and process your prescription drug claims. This process may involve sharing certain Personal Information and/or Protected Health Information with you and/or your doctor, pharmacist, health plan or plan administrator. These disclosures are made in accordance with the terms of your health plan or prescription benefit plan.
- We will process and send you orders you have placed through our pharmacy.
- If you choose to use a third party payment solution, we may communicate with the third party payment provider to facilitate the transaction.
- We may utilize selected service providers to make targeted non-personal communications to an aggregated audience regarding our offerings and other potentially relevant benefit information of interest to you. These communications will not be based on your Protected Health Information.
- We may share your Personal Information with other Express Scripts companies (i.e., entities which are controlling, controlled by, or under common control with Express Scripts) to provide you with more personalized and enhanced services.
- We generally manage your Personal Information separately from the Personal Information held by your plan sponsor. However, from time to time and at our discretion, we may communicate with your plan sponsor or payor to enable verification and/or correction of your Personal Information for benefit communication purposes.
- We may disclose your Personal Information to relevant third parties such as state and federal regulatory agencies, site technicians, auditors, lawyers, or other professional advisors.
- We may act on behalf of or otherwise cooperate with your health plan or plan sponsor to enable sending of health or plan sponsor information to you using your Personal Information.
- If you choose to use the feature, we process received login credentials stored within a third party device (e.g., Apple Touch ID) to facilitate login to the Member Website.
- We may communicate with you via e-mail, facsimile, letter, text message, mobile application, and similar mechanisms.
- We may use third-party agents for purposes of communicating with you and/or collecting information from you.
- Statements here and elsewhere on the Site concerning the treatment of your Personal Information and Protected Health Information may not apply with respect to information already in our possession.
In certain circumstances, we may be legally compelled to release your or your Covered Household Members' Personal Information or Protected Health Information in response to a court order, subpoena, search warrant, law or regulation or the terms of the Notice of Privacy Practices.
"Do Not Track" Signals and Similar Mechanisms
Our Site does not respond to web browser "do not track" signals and similar mechanisms. However, you may control certain Tracking Mechanisms as described above.
Covered Household Members Personal Information and Protected Health Information
Our Member Website may include features through which Registered Members may view their own Protected Health Information (such as their prescription history) and their Personal Information. In addition, Cardholders may use the Member Website to view Protected Health Information and Personal Information or manage the benefit of any Covered Household Members under the age of eighteen. Spouses and Adult Dependents may similarly register with the Member Website to access their own Protected Health Information and Personal Information. The Cardholder, Spouse, or Adult Dependent may grant access to another person to view the granting person's Protected Health Information. Covered Household Members who are either Minor Dependents or flagged are not provided with access to the Member Website, but may continue to call the number on the back of their benefit card to transact business with Express Scripts.
The availability of the Protected Health Information and Personal Information of the Cardholder and other Covered Household Members may depend on Cardholder preferences, client preferences, available Member Website functionality, and applicable law. For example, the Cardholder may be able to:
- view the Protected Health Information of all Covered Household Members including Adult Dependents.
- grant access to a Spouse and/or Adult Dependents to view the Protected Health Information and Personal Information;
- grant access to a Spouse to view the Protected Health Information and Personal Information of only designated Minor Dependents while preventing the viewing of the Protected Health Information and Personal Information of other Minor Dependents; and
- grant access to a Spouse to view the Protected Health Information and Personal Information of Minor Dependents while preventing the viewing of the Protected Health Information and Personal Information of the Cardholder.
How You Can Correct/Update Your Personal Information and/or Protected Health Information
You can correct or update your Personal Information or Protected Health Information at any time using the following options:
- Login to the Member Website and update your Personal Information.
- Call the Customer Service number on your Member ID card.
- Write to:
Attention: KANA Team
One Express Way, St. Louis, MO 63121
TRANSFER OF PERSONAL INFORMATION, PROTECTED HEALTH INFORMATION AND NON-PERSONAL INFORMATION
All Personal Information, Protected Health Information, and Non-Personal Information obtained through our Site are owned by us. Accordingly, if we are acquired, merge with another entity, or we divest one or more of our businesses, affiliates or subsidiary companies, the Sites, and any Personal Information, Protected Health Information, and Non-Personal Information obtained through them, may be transferred to an applicable entity for the purposes of continuation of services, in accordance with applicable law and the Notice of Privacy Practices.
USAGE BY CHILDREN
Our Site is neither intended for nor designed to attract users who are under the age of 18. We are committed to preventing the unintentional collection of Personal Information and Protected Health Information from children under the age of 13. Any Personal Information and Protected Health Information of a child under 13 that is provided to us must be provided by a parent or legal guardian, and not by a child under the age of 13 who is using the Site.
If you are the parent or legal guardian of a child under the age of 13 whom you have reason to believe has provided his or her own Personal Information or Protected Health Information to us, you have the right to request the removal of that child's Personal Information and/or Protected Health Information from our database. In order to request such removal, please send an e-mail to firstname.lastname@example.org. You will be required to verify your identity as the child's parent or legal guardian in order to have their Personal Information or Protected Health Information removed.
We are committed to protecting the privacy and security of this Site. We take reasonable technical and procedural precautions to protect the information received by us. Our Internet infrastructure is protected using industry recognized commercial security products, including current encryption technology, and best practice procedures for maintenance of the website. In addition, our infrastructure is monitored 24 hours a day, seven days a week.
No method of transmission over the Internet or storage of data on an Internet server is 100% secure. Although we use commercially acceptable and reasonable precautions to protect your information, we do not guarantee its absolute security.
We will provide you with advance notice of a major change prior to your access of any portion of the Site for which registration is required. For example, we may (i) require that you reaccept the updated version of the web policies, (ii) send you an electronic notification advising of the update to the web policies, (iii) include a notice on the Site viewable without login advising of the update to the web policies, and/or (iv) advise you of the updated web policies during a phone call. We do not ordinarily provide advance notice of a minor change.
HOW TO SEND US YOUR COMMENTS
Specific questions regarding the enforcement of this policy should be directed to email@example.com.