Privacy Policy | Accredo by Evernorth

ACCREDO.COM Privacy Policy

Version 5.0. Last Revised: 12/22/2022

This Privacy Policy is provided by Accredo Health Group, Inc. (“Accredo”, “we”, “us” or “our”) to all visitors (“you” or “your”) who use the Accredo site located at http://www.Accredo.com (the “Site”) including Registered Patients of the Patient Website. The Site may be accessed via the World Wide Web or via a mobile application. The Site is provided to you as a service to disseminate information regarding Accredo and enable certain online and mobile interactions with Accredo and includes the Patient Website. The “Patient Website” is a patient-only account portal available through the Site which enables Registered Patients to access their personal account information and to request or order refills of certain prescription drugs. “Registered Patients” are eligible patients of Accredo that have completed the registration process for patient site access.

We are firmly committed to protecting the confidentiality and security of your Personal Information. The term “Personal Information” means any information which can be used to identify a person including by way of example, but not limitation, name, date of birth, mailing address, social media and other third party platform account identifiers, home phone number, mobile phone number, e-mail address, credit card information, and/or Social Security number.

The term “Health Information” means any information, in any form, related to the past, present, or future health or medical status, condition, or treatment of a person, including, by way of example, but not limitation, names of doctors, health conditions, medicines, and/or prescription information and history. In addition to this Privacy Policy, the “Notice of Privacy Practices” describes how we may use and disclose Health Information, and your rights to access and update your Health Information, and how to request restrictions on our use and disclosure of your Health Information. To the extent any terms in this Privacy Policy conflict with any terms in the Notice of Privacy Practices, the conflicting terms in the Notice of Privacy Practices will control and override the corresponding terms in this Privacy Policy. The “Accredo Disclosure Statement” is also made available to you on the Site and describes, among other things, how we may use and disclose your Health Information. To the extent any terms in this Privacy Policy conflict with any terms contained within the Notice of Privacy Practices and/or the Accredo Disclosure Statement, the conflicting terms in the Notice of Privacy Practices and/or the Accredo Disclosure Statement will control and override the corresponding terms in this Privacy Policy.

COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION AND HEALTH-RELATED PERSONAL INFORMATION

How We Collect Your Personal Information

Patient Registration

Registration is optional; however, Registered Patients are provided access to the Patient Website and to information and online services not provided on the public website, as well as the ability to login to the Patient Website when revisiting the Site. Only existing patients of Accredo that have previously filled a prescription with us will be able to register and use the online services. Patients of Accredo that are participants in a benefit plan managed by Express Scripts Holding Company or one of its subsidiaries will not register for access to the Patient Website but will instead be redirected to the appropriate benefit management website where they will be able to login with their credentials and be provided with similar services.

When you register as a Registered Patient, the Personal Information required to be submitted is limited to information that is reasonably necessary to allow you access to and use of the Patient Website. Once you are a Registered Patient, you may be required to provide additional Personal Information and/or Health Information as necessary to effectively use the services offered through the Patient Website. The information you disclose to us during registration and in connection with the services is provided strictly on a voluntary basis. We may also collect Non-Personal Information during the registration process as described above.

Therapy Questions

In order to process certain prescription orders, you may need to provide us with additional information relating to your therapy. For certain medications, you may be able to complete an online questionnaire to provide us with requested Health Information and other information. If you choose not to complete the questionnaire, or the questionnaire is not available for your medication, you may contact a Patient Care Advocate to provide us with the necessary information so that we can determine whether we can process your order.

Payment Authorization Limit

You may login to the Patient Website to set a payment authorization limit that we may charge you for your home delivery orders. If your order total reaches this limit, we will communicate with you using your Personal Information to seek approval before shipping your medications. You may log back into the Patient Website to alter or remove your payment authorization limit.

Healthcare Professionals Referral Forms

This Site contains referral forms for use by healthcare professionals to enroll patients in treatment regimens to be fulfilled by Accredo. Please follow the instructions included on the referral forms to complete and submit the information to us for processing. Healthcare professionals do not need to register with the Site to obtain the referrals forms, and no Personal Information is required to download the referral forms.

Reminders

When available and using the Patient Website through an app, you may elect to receive reminders for when to take your medication and/or refill your medication. We will then attempt to send you reminders through the Patient Website. In certain instances, you may not receive your reminders such as when your mobile device is switched off, your mobile device or the Patient Website is malfunctioning, or otherwise. You may cease receiving further reminders by so indicating in the Patient Website.

Communication Functionality

Certain portions of the site may be available to you that include communication functionality. The communication functionality enables real-time communication sessions with Accredo personnel or other persons on behalf of or in conjunction with Accredo (“Authorized Persons”). When used, certain Personal Information, Health Information, and/or Non-Personal Information may be shared with or collected by the Authorized Persons depending upon the nature of the communication session. Certain communication functionality may be provided on the Site for limited purposes, and the Authorized Persons will be unable to provide assistance beyond such purposes.

Guest Authentication and Functionality

Certain functionality on the Site requires login to the Patient Website. Other functionality may be available without the use of login credentials. However, depending on the nature of the non-login functionality (“guest functionality”), you may be required to authenticate yourself (“guest authentication”). For example, Site features such as requesting a refill, checking order status, and paying a bill may be performed by logging into the Patient Website or by use of guest functionality. If you have not previously registered for access to the Patient Website, we will not use Personal Information captured during guest authentication to register you for the Patient Website unless you have requested that we do so.

In general, we will not use the Personal Information collected during guest authentication to update your profile unless otherwise indicated. However, we may utilize the captured Personal Information to provide the associated guest functionality. For example, an email address provided while requesting a refill using guest functionality may be used to confirm that your refill has been shipped. In certain instances when using guest functionality, we may communicate with you using your communication preferences and/or Personal Information contained in your profile or otherwise available to us.

Communications

(A) Introduction to Communications and Preference Setting. We constantly seek to improve our ability to communicate with you in more effective ways. We may communicate with you regarding (i) information associated with the order and/or delivery of prescription drugs and/or other products from our pharmacies and/or other providers, and (ii) other information that we have been given permission to send to you. We strive to send these different types of information in accordance with available communication channels, formats, and choices that you have expressed, in each case in compliance with applicable law. While we generally communicate with you in accordance with these preferences, we may sometimes use other channels and formats to best provide you with available services.

Not all types of information and communication channels, formats, and choices may be available to you or honored at a particular time. For example, the communication preferences available to you through the Site or a Patient Care Advocate may differ from those available to others depending upon your particular prescription drug benefit plan. An expressed communication preference may not be immediately honored for all communications associated with the preference. However, the preference may be honored for future communications when possible.

(B) Service Provider Fees. The sending and receipt of communications in certain communication channels may cause you to incur messaging, data usage, or other fees from your services provider. By selecting such communication channels, you agree that you are solely responsible for these fees.

(C) In-App Communications. When our mobile application is installed, we may automatically provide you with certain in-app communications. These in-app communications may continue to be provided while the app is installed on your mobile device. For example, we may send you an in-app communication to ask about your experiences with the app. By uninstalling the app from your mobile device, such in-app communications will automatically terminate. In some instances, you may be able to select mobile application communications as part of your communication preferences to receive other communications (e.g., communications including information associated with your prescription drug benefit plan) through your app. If you uninstall the app but have not modified your communication preferences, we will send these communications to you through another available communication channel.

(D) Non-Preference Communications. We seek to provide your communications in an efficient and effective manner. We may selectively utilize known communication channels to communicate with you even when the channels are not designated communication preferences. We may also contact you regarding a particular issue or through a particular communication channel despite an otherwise stated communication preference. In certain instances, we may communicate with you through a different communication channel than an expressed communication preference, or we may utilize multiple communication channels to reach you. Examples of when we may not follow your communication preferences include when required by law, when a communication channel is or becomes unavailable, when we are unable to reach you by your preferred communication channel, when you have reached out to us by a particular communication channel and we respond by communicating with you through the same communication channel, when your communication preferences have not been designated by you through the Patient Website, or in the case of an emergency or other extenuating circumstance. You may continue to use all communication channels available to you to reach us regardless of your communication preferences.

Social Media

When you communicate with us through social media, or provide a comment directed at us through social media, we may use social media to communicate with you. We may also directly communicate with you through social media in accordance with any expressed social media preferences in your communication preferences. We may also promote content of interest to you through social media. You may opt out or configure your social media account settings to limit promotion of such content.

Analytics

We may use certain in-house or third-party functionality to log and analyze your communications with us and interactions with the Site. This functionality enables us to communicate with you about our services, and to monitor the services provided to you, so that we can improve your Site experience and address certain Site or benefit related issues. These third parties will be required to protect your Personal Information and Health Information in a manner consistent with this Privacy Policy. Other analytics capabilities are reflected in the description of Non-Personal Information.

Other Uses and Disclosure of Your Personal Information

We will not use or disclose your Personal Information in a manner inconsistent with applicable law, this Privacy Policy, the Notice of Privacy Practices, or the Accredo Disclosure Statement. Examples of our uses and disclosures include:

We will process and send you orders you have placed through our pharmacy. This process may involve sharing certain Personal Information and/or Health Information and communicating with you and/or your doctor, pharmacist, health plan, or plan administrator. These disclosures are made in accordance with the terms of your health plan.
We may share your Personal Information and Health Information with selected service providers or consultants acting on our behalf. Those third parties will be required to protect your Personal Information in a manner consistent with this Privacy Policy.
We may utilize selected service providers to make targeted non-personal communications to an aggregated audience regarding our offerings and other potentially relevant information of interest to you. These communications will not be based on your Health Information.
We may share your Personal Information with other Accredo companies (i.e., entities which are controlling, controlled by, or under common control with Accredo) to provide you with more personalized and enhanced services.
We may disclose your Personal Information to relevant third parties such as auditors, lawyers, or other professional advisors.
If you choose to use the feature, we process received login credentials stored within a third party device (e.g., Apple Touch ID®) to facilitate login to the Patient Website.
We may use your Personal Information and Non-Personal Information in communicating with you via e-mail, facsimile, letter, text message, mobile application, through the Site via a pop-up message, or otherwise.
We may send you promotional offers or marketing information that may be of interest to you.
We may use third-party agents for purposes of communicating with you and/or collecting information from you.
Statements here and elsewhere on the Site concerning the treatment of your Personal Information may not apply with respect to information already in our possession.

Compelled and Necessary Disclosures

In certain circumstances, we may be legally compelled to release your Personal Information and Health Information in response to a court order, subpoena, search warrant, law or regulation, or the terms of the Notice of Privacy Practices and/or the Accredo Disclosure Statement. In addition, we may disclose your Personal Information and Health Information as reasonably necessary to protect the rights or property of us, our affiliates, and our users, or to enforce the terms and conditions associated with the Site including this Privacy Policy and the Terms of Use.

How You Can Correct/Update Your Personal Information and/or Health Information

You can correct or update your Personal Information or certain Health Information at any time using the following options:

Via the Site: Login to the Patient Website and update certain Personal Information.
Via the Phone: Call a Patient Care Advocate using the phone number on your prescription label.

STATE-SPECIFIC PRIVACY INFORMATION FOR RESIDENTS OF CALIFORNIA, COLORADO, CONNECTICUT, VIRGINIA, AND UTAH

Residents of California, Colorado, Connecticut, Virginia, and Utah may have additional rights with respect to personal information we collect about them, depending on the effective dates of those states' laws. Residents of these states who wish to request further information about our compliance with these state laws or who have questions may email us privacy@express-scripts.com. You can view the U.S. State Privacy Notice here.

COLLECTION, USE, AND DISCLOSURE OF NON-PERSONAL INFORMATION

Collection of Non-Personal Information

When you visit the Site, and during your interactions with the Site, we may collect Non-Personal Information from you. “Non-Personal Information” means a data element or collection of data elements that by itself cannot ordinarily be associated with a specific individual. Non-Personal Information includes by way of example but not limitation, the Internet browser, or operating system you are using, your navigation of the Site including the pages or displays of the Site that you access, the amount of time spent on various portions of the Site, the length and dates of your visits to the Site, and certain Site data captured through your interactions with the Site and other sites. Non-Personal Information may include information provided by you through the Site or otherwise (e.g., through a third-party site) that is not Personal Information or Health Information. Certain Non-Personal Information may be collected on an aggregated, anonymous basis through web server logs, cookies, ad servers, tracking pixels, web beacons, and similar Internet tracking devices (collectively “Tracking Mechanisms”). Web servers automatically collect Non-Personal Information, with your IP address, when you request pages or displays of the Site or other sites. Based on certain interactions with the Site, third-party sites, mailings, other communications with us, and/or our system configurations, certain Non-Personal Information may be associated with your Personal Information such that your Non-Personal Information is identifiable with you.

You may be able to opt-out of certain third-party associations by following third party customization and/or opt-out options. Google®, Twitter®, and LinkedIn® may provide customization and/or opt-out of certain Tracking Mechanisms through their respective sites. For example, Google's Ads Settings, DoubleClick opt-out page, Twitter’s promoted content settings, LinkedIn account settings, and Network Advertising Initiative opt-out page may limit the collection and usage of certain third-party Tracking Mechanisms.

Use of Non-Personal Information

The collected Non-Personal Information may be used by us and our affiliated companies for a variety of analytic and developmental purposes including to improve and enhance the Site and our products and services, to create new products and services, to customize your experience on the Site and other sites that you visit on the Internet, to identify and/or offer products, services and website functionality that may be of interest to you, and other legitimate business purposes.

We may use different kinds of cookies including session ID cookies and persistent cookies. Session ID cookies are used to personalize your user experience, to determine ways to improve the Site, Site content, and the services offered through the Site. These cookies are deleted from your hard drive when you close your browser session. Persistent cookies are used to collect non-personally identifiable information such as Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, platform type, date/time stamp and number of clicks.

You may set your browser to accept cookies, warn you when a cookie is sent, or turn off all cookies (except Flash cookies). Check your web browser’s help menu or your mobile device settings to find out how. Some mobile devices store cookies not only in areas connected to the web browsers but also in an app-specific area, so you may have to check your app settings options to determine how to manage or delete cookies stored in these other areas. If you do not accept cookies, some features, services, or activities available through the Site may not function correctly and you may be unable to access certain content.

We may embed tracking pixels within various pages of the Site to enable use of site analytics. The site analytics enable us to determine the usage frequency of various areas of the Site and identify areas of the Site for enhancement. While you are visiting and after you leave the Site, we may use web beacons to notify you of areas of the Site and other aspects of our organization and its affiliated companies in which you may be interested. Certain tracking pixels and web beacons may be cleared or reset through configuration of your web browser such as by clearing your cache. We may use ad servers to provide you with offers of possible interest.

We use your IP address so that we can send data (such as the pages you request) to you and collect Non-Personal Information during the process. We aggregate this Non-Personal Information with similar Non-Personal Information collected from other users to track overall visitor traffic patterns and help us understand Site usage and preferred and most frequently used pages, products and services, to provide you with better service, to improve Site use and functionality, and to provide you with information on other products and services that may be of interest to you.

When using the Site through a mobile application, we may use different kinds of software and hardware identifiers to personalize your user experience, to determine ways to improve the Site, Site content, and the services offered through the Site. These identifiers may be deleted or rendered otherwise inaccessible when you close your browsing session. Certain identifiers may be used to collect non-personally identifiable information such as IP addresses, device type and other device details, Internet Service Provider (ISP), operating system and other platform details, date/time stamp and number of clicks. We may embed certain identifiers within various displays of the Site to enable use of Site analytics. Site analytics enable us to determine the usage frequency of various portions of the Site and identify portions of the Site for enhancement.

We may analyze Non-Personal Information in the aggregate to study outcomes, costs, and provider profiles, and to suggest benefit designs for employers or health plans. These studies may generate Aggregate Data (described below) which we may utilize for a variety of purposes.

We may perform statistical analyses of the traffic patterns, Site usage, and behaviors associated with the Site. We may use these analyses to generate Aggregate Data from the original Non-Personal Information. We may combine, separate, aggregate, or otherwise parse and process Non-Personal Information. The parsing and processing of such information may generate Aggregate Data. “Aggregate Data” is summary level data, such as the number of web visitors in a specific geographic area. Aggregate Data does not contain information that can be used to identify or contact you, such as your name, address, telephone number or e-mail address, and does not reflect the original form of the Non-Personal Information collected from you.

Disclosure of Non-Personal Information

We may disclose Non-Personal Information as follows:

We may share Non-Personal Information with our affiliated companies, third parties who provide services to us, and other parties that you have authorized.
We may disclose Aggregate Data to other companies or organizations for any legitimate business purpose.
We may disclose products and services developed using the Non-Personal Information, including products and services that disclose anonymous and/or deidentified Site data for any legitimate business purpose.
We will not sell your Non-Personal Information to other companies or organizations.

“Do Not Track” Signals and Similar Mechanisms

Our Site does not respond to web browser “do not track” signals and similar mechanisms. However, you may control certain Tracking Mechanisms as described above.

Transfer of Personal Information, Health Information and Non-Personal Information

All Personal Information, Health Information, and Non-Personal Information obtained through our Site are owned by us. Accordingly, if we are acquired, merge with another entity, or we divest one or more of our businesses, affiliates or subsidiary companies, the Sites, and any Personal Information, Health Information, and Non-Personal Information obtained through them, may be transferred to an applicable entity for the purposes of continuation of services, in accordance with applicable law.

RETENTION AND DESTRUCTION OF PERSONAL INFORMATION

Subject to any applicable business, legal, or regulatory requirements, we securely destroy Personal Information when it is no longer required to fulfill our services and commitments to you or to enforce our rights or meet our obligations.

THIRD-PARTY USAGE

We may use third parties to: (a) operate and maintain the server(s) on which the Site operates, (b) enable login to the Patient Website utilizing third party platform login credentials, (c) provide Tracking Mechanism(s) that we embed in or use with the Site, (d) provide advertisements and other information to you about the Site, products, and services through a third-party site based on a prior visit to the Site, (e) analyze communication with us and interactions with the Site, (f) de-identify data, and (g) collect Non-Personal Information from you (e.g., on your interactions and/or experience with the Site and/or us). The third party may then share the Personal Information, Non-Personal Information, Aggregate Data, and/or other data with us.

USAGE BY CHILDREN AND ON BEHALF OF CHILDREN

Our Site is neither intended for nor designed to attract users who are under the age of 18. If you are under the age of 18, or we are not otherwise able to offer Site functionality to you because you are deemed a minor, do not use the Site. However, depending upon the Site functionality available to you, a partner, guardian, or similar legally authorized person (“Authorized Person”) may register for access to the Patient Website and use it on your behalf. Upon turning 18, we will cease providing Patient Website access to the Authorized Person. Depending on the Site functionality available to you, we may (i) permanently disable the Authorized Person’s account, (ii) require you to register for desired access to the Patient Website, (iii) provide a notification of your options associated with the Patient Website, (iv) request that you indicate whether the Authorized Person may continue to act on your behalf, (v) seek confirmation that you have taken over the account for access to the Patient Website on behalf of the Authorized person, and/or (vi) otherwise communicate with you and/or the Authorized Person in accordance with applicable law, your communication preferences, your health plan’s preferences, or otherwise.

We are committed to preventing the unintentional collection of Personal Information and Protected Health Information from children under the age of 13. Any Personal Information and Health Information of a child under 13 that is provided to us must be provided by a parent or legal guardian, and not by a child under the age of 13 who is using the Site.

If you are the parent or legal guardian of a child under the age of 13 whom you have reason to believe has provided his or her own Personal Information or Health Information to us, you have the right to request the removal of that child's Personal Information and/or Health Information from our database. In order to request such removal, please send an e-mail to privacy@express-scripts.com. You will be required to verify your identity as the child’s parent or legal guardian in order to have their Personal Information or Health Information removed.

Linking Policy

Our Site may contain hyperlinks allowing our users to connect to other websites owned by us and our affiliated companies and websites owned by our third-party vendors, distributors, and providers (“Linked Sites”). You may also access our Site through a hyperlink embedded in a Linked Site. We provide hyperlinks to the Linked Sites to enable you to conveniently access websites that may be of interest to you. Please note that once you click on a hyperlink that transfers you from our Site to a Linked Site, you have left our Site, and this Privacy Policy will immediately cease to apply to any subsequent activity on the Linked Site. We are under no obligation to notify you when you have left our Site and have accessed a Linked Site. Use of any Linked Site will be governed by the privacy policy, terms of use, and/or other policies (if any) on the Linked Site. You may, at your option, participate in surveys or provide other information to our affiliates that control a Linked Site, and that information may be shared with us or with others subject to the privacy policy terms set forth on that Linked Site. Certain Non-Personal Information that you choose to provide through a Linked Site (such as comments) that is subsequently provided to us by the Linked Site provider in connection with a service engagement may be identifiable to us as your Personal Information.

SECURITY STATEMENT

We are committed to protecting the privacy and security of this Site. We take reasonable technical and procedural precautions to protect the information received by us. Our Internet infrastructure is protected using industry recognized commercial security products, including current encryption technology, and best practice procedures for maintenance of the website. In addition, our infrastructure is monitored 24 hours a day, seven days a week.

No method of transmission over the Internet or storage of data on an Internet server is 100% secure. Although we use commercially acceptable and reasonable precautions to protect your information, we do not guarantee its absolute security.

Your Acceptance of this Privacy Policy

You are deemed to have assented to the terms and conditions contained in this Privacy Policy when you use the Site and/or when you have indicated in your online registration that you accept the Terms of Use into which this Privacy Policy is incorporated. You are deemed to have read and accepted this Privacy Policy each time you access the Site and/or the Patient Website after initial registration by using your login credentials. If you do not agree to the terms of this Privacy Policy, please do not use the Site. The terms and conditions contained in this Privacy Policy are subject to and may be superseded by applicable Federal and State laws.

RELATIONSHIP TO THE TERMS OF USE

This Privacy Policy, and your and our performance in connection herewith, is further governed by and subject to the Terms of Use for the Site, including but not limited to the disclaimer, limitation of liability, governing law, jurisdiction, and venue provisions set forth therein.

Changes in Our Privacy Policy

We use Personal Information, Health Information, and Non-Personal Information collected from you pursuant to the Site only within the scope of use described in this Privacy Policy. However, we reserve the right, from time to time in our sole and absolute discretion, to change, to modify, or to add terms or remove terms from this Privacy Policy. Changes to this Privacy Policy will be reflected when we post a new version number and updated revision date. The version number includes a major number, a decimal point, and a minor number. A change to the major number reflects a significant change to the policy, while a change to the minor number reflects a less significant change to the policy. Examples of significant changes include additional provisions that reflect new Site functionality, significant modifications to existing provisions, and more significant changes to Site functionality that cause provisions to be modified, added, or removed. Examples of less significant changes include additional provisions that clarify current Site functionality, minor modifications to existing provisions, and less significant changes to Site functionality that cause provisions to be modified, added, or removed.

We will provide an advance notice of a major change prior to your access of any portion of the Site for which registration is required. For example, we may (i) require that you reaccept the updated version of the web policies, (ii) send an electronic notification advising of the update to the web policies, (iii) include a notice on the Site viewable without login advising of the update to the web policies, and/or (iv) advise of the updated web policies during a phone call. We do not ordinarily provide advance notice of a minor change.

We recommend that you check the version number and revision date prior to using the Site, and that you review this Privacy Policy on a frequent basis. Your continued use of the Site and/or utilization of any Site benefits after this Privacy Policy has been updated (and after advance notice for a major change) indicates your agreement and acceptance of the updated version of the Privacy Policy.

POLICY QUESTIONS AND FEEDBACK

We welcome your questions and comments on this Privacy Policy and the Terms of Use. If you have general comments regarding these policies, please e-mail us. Specific questions regarding the enforcement of these policies should be directed to privacy@express-scripts.com. For technical assistance with the Site, please contact our technical support by calling 877-ACCREDO (222-7336).