Print this page

Privacy/Disclosure Statement
Last Revised: December 17, 2009

Express Scripts and Medco Are Now One Company: Find the Right Privacy Promise for You

Because we have two different websites, a Privacy Promise other than the one shown below may apply to you.

If you're using the website shown on the right, read our other Privacy Promise.

If you're not sure which Privacy Promise applies to you, feel free to review both.

Express Scripts ("we" or "our") is firmly committed to protecting the confidentiality of our members' ("you" or "your") personal and medical information. In this Privacy Promise, any information containing your personally identifiable information which can be used to identify you (such as your name, mailing address, phone number, cell phone number, or e-mail address) is referred to as "Personal Information"; and any Personal Information containing your health or medical status is referred to as "Health-Related Personal Information". All other information (such as your IP address or the automatic tracking of the pages of this site that you access) is collectively referred to as "Non-Personal Information."

When you enroll in an Express Scripts service, we ask that you disclose to us only the Personal Information required to meet your needs. Please understand that, when enrolling in a service, you are providing Personal information on a voluntary basis.

We have developed the following practices and policies to safeguard your information.

Your Non-Personal Information
Express Scripts reserves the right to use your Personal Information or Health-Related Personal Information to generate (summarized data that does not identify you) for the following purposes:

• Express Scripts is always seeking better ways to serve you. We may perform statistical analyses of the traffic patterns, site usage and behaviors associated with our Websites. We may use these analyses to generate aggregate data which we may sell or disclose to other companies or organizations.
• Express Scripts analyzes utilization information in the aggregate to study outcomes, costs, and provider profiles, and to suggest benefit designs for your employer or health plan. These studies generate aggregate data which we may sell or disclose to other companies or organizations.

Top ^

General Tracking Information
When you visit an Express Scripts website, we may collect Non-Personal Information from you, such as the Internet browser or computer operating system you are using. Our web server automatically collects this information, including your IP address, when you request pages from our server. Your IP address is a number that is used by computers connected to the Internet to identify your computer so that data (such as the web pages you request) can be sent to you. We aggregate this data with data on the pages visited by other users to track overall visitor traffic patterns.We use this information only to provide you with better service connections and improved websites. We will not sell or disclose your Non-Personal Information collected from the Express Scripts website to other companies or organizations.

Top ^

Cookies
When you view one of our websites, we may store information on your computer. This information will be in the form of a cookie or similar file and will be used to determine ways to improve our websites, advertisements, products or services. With most Internet browsers, you can erase cookies from your hard drive, block all cookies, or receive a warning before a cookie is stored. Please refer to your browser's instructions or online help files to learn more about these functions.

Top ^

Your Personal Information
When you register for an Express Scripts service or make service elections (such as choosing a prescription benefit package under your plan), you may voluntarily provide us with both Personal Information and Health-Related Personal Information.

Express Scripts will not use or disclose your Personal Information or your Health-Related Personal Information in a manner inconsistent with applicable law. Examples of uses and disclosures include:

• We will manage your prescription benefits and process your prescription drug claims. This process may involve sharing certain information with you or your doctor, pharmacist, health plan or plan administrator. These disclosures are made in full accordance with the terms of your health plan or prescription benefit plan.
• We will process and send you orders you have placed through the Express Scripts Pharmacy.
• We may send you information regarding health conditions, medicines, or promotional offers.
• We may send you information or contact you regarding programs designed to improve your health.

In certain circumstances, Express Scripts may be legally compelled to release your Personal Information or Health-Related Personal Information in response to a court order, subpoena, search warrant, law or regulation. Under these circumstances, we will notify you unless doing so would violate the law or court order.

Top ^

Family Member Information
Express Scripts' member-dedicated websites may include features through which you can view the prescription history for all covered household members under the age of 18. When registering to use these websites, subscribers can also elect to view the prescription history for anyone in the household. Such information is deemed to be that adult dependent's Health-Related Personal Information under this Privacy Promise and is included in the clauses protecting each member's Personal Information and Health-Related Personal Information.

To view prescription history information or other such Health-Related Personal Information for adult dependents, the subscriber must certify (at the time of registration by following the certification procedures and instructions on the registration pages of the website) that permission has been obtained from the affected dependents. The subscriber also must agree to use the dependents' prescription history solely for the purposes of prescription benefit management. By providing the certification, you understand and agree that you are strictly prohibited from using any adult dependant's Prescription history for any other purposes without the written consent of the adult dependent. Express Scripts disclaims all present and future liability for any use by you of an adult dependant's Health-Related Personal Information which exceeds the scope of your certification.

Top ^

Correct/Update Your Information
You can correct or update your Personal Information at any time using the following options:

• Sign in to our website and update your personal information.
• Send an e-mail to privacy@express-scripts.com.
• Write to:
  Express Scripts
  Attention: KANA Team
  One Express Way
  St. Louis, MO 63121

Top ^

Sale or Transfer of Information in the Event of Merger, Sale, or Bankruptcy
Express Scripts considers the information obtained through its websites to be significant assets of Express Scripts. As a result, in the event Express Scripts is acquired, merges with another entity, becomes insolvent and/or declares bankruptcy, the websites, and any information obtained through them, may be transferred or sold to another entity, in accordance with applicable law.

Top ^

E-Mail Privacy
You can choose to receive e-mail from Express Scripts on selected health topics and promotions. These e-mail messages include instructions which will allow you to opt- out from receiving any further e-mails of this type. You can also use our websites to send an e-mail inquiry to Express Scripts, which may result in a reply being sent to an e-mail address that you provide. Inquiries sent through our websites are secure and use Secure Socket Layer (SSL) technology. Learn more by reading our Security Statement.

Responses sent from the Express Scripts customer service team to your e-mail provider may not be secure or may be intercepted by third parties. By using the e-mail service, you accept the risk of transmitting information from Express Scripts to your personal e-mail address in an unsecure environment.

If you are receiving e-mail correspondence at an employer's e-mail address, please note that, under law, the employer may be permitted to view the contents of any e-mail messages received at this address. If you are concerned about the confidentiality of your e-mail messages, you may wish to use a home e-mail address.

Top ^

Usage by Children
As stated in the Family Member Information section of this Privacy Promise, Express Scripts' websites are neither intended nor designed to attract users who are under the age of 18.

Express Scripts is committed to preventing the unintentional collection of Personal Information and Health-Related Personal Information from children under the age of 13. Any Personal Information or Health-Related Personal Information of a child under 13 that is provided to Express Scripts must be provided by the registered adult subscriber, and not by a child under the age of 13 who is using the Express Scripts website.

If you are the parent or legal guardian of a child under the age of 13 whom you have reason to believe has provided his or her own Personal Information or Health-Related Personal Information directly to Express Scripts, you have the right to request the removal of that child's Personal Information or Health-Related Personal Information from the Express Scripts database. In order to request such removal, please send an e-mail to privacy@express-scripts.com.

Top ^

Links to Other Sites
Express Scripts' websites may include links to other sites that are not related to, or are not the property of Express Scripts. We are not responsible for the dependability or information security of these other sites and the policies pertain only to Express Scripts' websites.

Top ^

Security of Personal Information and Health-Related Personal Information
Express Scripts utilizes commercial firewalls and router Access Control Lists at all public network access points to appropriately restrict network traffic. To ensure the security of your Personal Information and Health-Related Personal Information, Express Scripts' websites support web browsers that use 128-bit encryption. While such browsers are not required to use Express Scripts' websites, we strongly recommend their usage when viewing or entering information. Express Scripts' internal network address space, which is where Personal Information is stored and protected, is not advertised to the Internet and all outside requests for information are blocked. A user must be properly authenticated with the appropriate access credentials in order to access any sensitive information.

Top ^

Security of Website Transactions: Safe Shopping
Express Scripts is a Payment Card Industry (PCI) certified company. The PCI Data Security Standards is a set of 220 controls which must be in place in order for companies to process credit card data. Express Scripts security is audited annually for Payment Card Industry (PCI) compliance.

By being PCI certified, Express Scripts undergoes a thorough examination and review of our security infrastructure by an independent third party to ensure we are in compliance with industry standards. This review is performed annually and has checkpoints throughout the year that ensure security thresholds are maintained between certifications. Express Scripts currently has its PCI Report on Compliance (ROC) certifying compliance with PCI requirements.

Express Scripts' websites use Secure Socket Layers (SSL) to ensure the confidentiality of your check card or credit card information. As your order is transmitted to us, SSL technology prevents other parties from viewing or obtaining your card information.

After receiving your order, we separate your card information from the rest of your order data. We then store your card information on a separate server that is not accessible from the Internet. This prevents external parties, as well as unauthorized internal personnel, from viewing your information.

Top ^

Outgoing Transmission Security
Express Scripts' websites use a Secure Socket Layer (SSL) protocol for all outgoing transmissions. SSL secretly encodes information that is being sent over the Internet, helping to ensure that the information remains confidential. Express Scripts will do all that is reasonably possible to protect your information.

Top ^

Changes in Our Privacy Policy
Express Scripts uses your Personal Information collected from you only within the scope of use described in this Privacy Promise. However, subject to the terms below, we reserve the right to change the terms of this Privacy Promise at any time without advance notice to you. Changes to this Privacy Promise will be prominently posted at the top of this page, along with a reference to the updated effective date. In addition, you will receive notice of the changes in the form of a pop up notice when you next sign in.

Announcements of policy changes will include any applicable instructions for rejecting the additional use, disclosure or sale of your information.

Top ^

Your Acceptance of this Policy
By using this website, you signify your acceptance of the terms of our Privacy Promise. If you do not agree to the terms of this Privacy Promise, please do not use our website. We reserve the right, at our discretion, to change, modify, add, or remove portions from this Privacy Promise at any time, therefore, we recommend that you be aware of notices of any changes that will be provided to you, including the effective date at the top of this Privacy Promise, and that you review this Privacy Promise from time to time. Your continued use of our website following the posting of changes to these terms means you accept these changes.

Top ^

How to Send Us Your Comments
We welcome your comments. If you have general feedback regarding this Privacy Promise, please send an e-mail to privacy@express-scripts.com. Upon submission, any suggestions you make regarding the website become the property of Express Scripts, and Express Scripts shall have the right to use any of your comments or suggestions without further permission from or notice to you.

Specific questions regarding the enforcement of this policy should be directed to Express Scripts' Chief Compliance Officer at privacy@express-scripts.com.

Top ^

FAQ

What is Express Scripts?
The title "Express Scripts" encompasses all departments, divisions, affiliates and subsidiaries of Express Scripts, Inc.

What is Non-Personal Information?
Non-Personal information is information that can not personally identify you or be used to contact you. Examples include type of Internet browser, type of computer operating system, and the domain name of the website and / or Internet service provider from which you linked to our site or advertisement.

What is Personal Information?
Personal information is information that could be used to identify or contact you. Examples include your name, e-mail address, mailing address, social security number and telephone number.

What is Health-Related Personal Information?
Health-Related Personal Information is any information that relates to your health or medical status, including names of your doctors, health conditions, medicines, etc.

What is aggregate data?
Aggregate data is summary level data, such as the number of members of a specific gender in a specific zip code, that have chosen a specific benefit plan. Aggregate data does not contain information that can be used to identify or contact you, such as your name, address, telephone number or e-mail address.

What is a subscriber?
A subscriber is the holder of the prescription benefit. Dependents are covered by the subscriber's benefit.

What is an adult dependent?
Adult dependents have privacy rights through which they may choose not to share their prescription history information with other household members, including spouses, parents or guardians.

What is a Cookie?
A "cookie" is a unique identifier that a website transfers to your hard drive for record-keeping purposes. Express Scripts uses two kinds of cookies – session ID and persistent cookies. Session ID cookies are used to personalize your user experience and include only information which you or your health plan have already provided to Express Scripts. These cookies are deleted from your hard drive when you close your browser session. Persistent cookies are used to collect non-personally identifiable information such as Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, platform type, date/time stamp and number of clicks.

What is a server?
A server is the computer or computer program that houses and/or distributes data.

What is a firewall?
A firewall is a set of related programs that protects the resources of a private network from users from other networks.