Privacy/Disclosure Statement

Last Revised: October 31, 2008

Express Scripts is firmly committed to protecting the confidentiality of your personal and medical information. When you enroll in an Express Scripts service, we ask for only the information required to meet your needs. Please understand that, when enrolling in a service, you are providing information on a voluntary basis. On the portion of our website that provides information regarding our recent data security incident, we collect information only for the purpose of communicating with you regarding the situation.

Express Scripts will never ask you to send personal information to us via email. If you ever receive an email that claims be from Express Scripts and asks for your social security number, credit card number, passwords or other personal or financial information or appears to be suspicious, do not reply to it or click on the link it provides. Simply delete it. Criminals send these phony email messages or direct individuals to fraudulent websites for one goal -- to steal personal information.

We have developed the following practices and policies to safeguard your information.

Your Non-Personal Information Your Personal Information Family Member Information Correct/Update Your Information Sale or Transfer of Information in the Event of Merger, Sale, or Bankruptcy E-Mail Privacy

Usage by Children Cookies Links to Other Sites Security Measures Safe Shopping Changes in Our Privacy Policy How to Send Us Your Comments

Your Non-Personal Information (Back to Top)
When you visit an Express Scripts Web site, we may collect non-personal information from you, such as the Internet browser or computer operating system you are using. We use this information only to provide you with better service connections and improved Web sites. We will not sell or disclose non-personal information to other companies or organizations.

Your Personal Information (Back to Top)
When you register for an Express Scripts service or make service elections (such as choosing a prescription benefit package under your plan), you may voluntarily provide us with personal information, such as your name and e-mail address. When personal information is combined with health or medical status information, we refer to it as "health-related personal information."

Express Scripts will not sell or disclose your personal or health-related personal information to other companies or organizations. We will use your personal and health-related personal information for only the following purposes:

We will manage your prescription benefits and process your prescription drug claims. This process may involve sharing certain information with you or your doctor, pharmacist, health plan or plan administrator. These disclosures are made in full accordance with the terms of your health plan or prescription benefit plan.

We will process and send you orders you have placed through the Express Scripts Pharmacy.

At your request, we may send you information regarding health conditions, medicines, or promotional offers.

At the request of you or your health plan, we may send you information or contact you regarding programs designed to improve your health.

Express Scripts also reserves the right to use your personal or health-related personal information to generate aggregate data (summarized data that does not identify you) for the following purposes:

Express Scripts is always seeking better ways to serve you. We may perform statistical analyses of the traffic patterns, site usage and behaviors associated with our Web sites. We may use these analyses to generate aggregate data which we may sell or disclose to other companies or organizations.

Express Scripts analyzes utilization information in the aggregate to study outcomes, costs, and provider profiles, and to suggest benefit designs for your employer or health plan. These studies generate aggregate data which we may sell or disclose to other companies or organizations.

We will use information collected on the portion of our website that provides information regarding last year's security incident, only for the purpose of communicating with you regarding the threat.

In certain circumstances, Express Scripts may be legally compelled to release your personal or health-related personal information in response to a court order, subpoena, search warrant, law or regulation. Under these circumstances, we will notify you unless doing so would violate the law or court order.

Family Member Information (Back to Top)
Express Scripts' member-dedicated Web sites may include features through which subscribers can view the prescription history for all covered household members under the age of 18. When registering to use these Web sites, subscribers can also elect to view the prescription history for any adult dependents in the household.

To view prescription history information for adult dependents, the subscriber must certify (at the time of registration) that permission has been obtained from the affected dependents. The subscriber also must agree to use the dependents' prescription history solely for the purposes of prescription benefit management. Prescription history cannot be used for any other purposes without the written consent of the adult dependents.

Correct/Update Your Information (Back to Top)
You can correct or update your personal or health-related personal information at any time using the following options:

Send an e-mail to questions@express-scripts.com.

or

Write to:
Express Scripts
Attention: Customer Service
767 Electronic Drive
Horsham, PA 19044

Sale or Transfer of Information
in the Event of Merger, Sale, or Bankruptcy (Back to Top)
Express Scripts considers the information obtained through its Web sites to be significant assets of Express Scripts. As a result, in the event Express Scripts is acquired, merges with another entity, becomes insolvent and/or declares bankruptcy, the Web sites, and any information obtained through them, may be transferred or sold to another entity, in accordance with applicable law.

E-Mail Privacy (Back to Top)
You can choose to receive e-mail from Express Scripts on selected health topics and promotions. These e-mail messages include instructions for discontinuing their receipt.

You can also use our Web sites to send an e-mail inquiry to Express Scripts, which may result in a reply being sent to an e-mail address that you provide.

Inquiries sent through our Web sites are secure and use Secure Socket Layer (SSL) technology. SSL secretly encodes information that is being sent over the Internet, helping to ensure that the information remains confidential. Express Scripts will do all that is reasonably possible to protect your information.

Responses sent from the Express Scripts customer service team to your e-mail provider may not be secure or may be intercepted by third parties. By using the e-mail service, you accept the risk of transmitting information from Express Scripts to your personal e-mail address in an unsecure environment.

If you are receiving e-mail correspondence at an employer's e-mail address, please note that, under law, the employer may be permitted to view the contents of any e-mail messages received at this address. If you are concerned about the confidentiality of your e-mail messages, you may wish to use a home e-mail address.

Usage by Children (Back to Top)
Express Scripts' Web sites are neither intended nor designed to attract users who are minor children.

Furthermore, Express Scripts has no intention of collecting personal information from minor children. Where appropriate, we specifically instruct minor children not to submit such information without the consent of a parent or guardian.

To request the removal of personal information submitted by a minor child, please send an e-mail to questions@express-scripts.com.

Cookies (Back to Top)
When you view one of our Web sites, we may store information on your computer. This information will be in the form of a "cookie" or similar file and will be used to determine ways to improve our Web sites, advertisements, products or services. With most Internet browsers, you can erase cookies from your hard drive, block all cookies, or receive a warning before a cookie is stored. Please refer to your browser's instructions or online help files to learn more about these functions.

Links to Other Sites (Back to Top)
Express Scripts' Web sites may include links to other sites that are not related to, or are not the property of, Express Scripts. We are not responsible for the dependability or information security of these other sites, and the policies in our Security/Privacy Statement pertain only to Express Scripts' Web sites.

Security Measures (Back to Top)
To ensure the security of your personal and health-related personal information, Express Scripts' Web sites support Web browsers that use 128-bit encryption. While such browsers are not required to use Express Scripts' Web sites, we strongly recommend their usage when viewing or entering information.

In addition, Express Scripts' Web sites use a Secure Socket Layer (SSL) protocol. As an added security precaution, all personal and health-related personal information is kept on a physically separate server with firewalls that meet or exceed industry standards to prevent intruders from gaining access.

Safe Shopping (Back to Top)
Express Scripts' Web sites use Secure Socket Layers (SSL) to ensure the confidentiality of your check card or credit card information. As your order is transmitted to us, SSL technology prevents other parties from viewing or obtaining your card information.

After receiving your order, we separate your card information from the rest of your order data. We then store your card information on a separate server that is not accessible from the Internet. This prevents external parties, as well as unauthorized internal personnel, from viewing your information.

Changes in Our Privacy Policy (Back to Top)
Express Scripts uses your personal and health-related personal information only as described in the privacy policy when the information is collected from you. However, subject to the terms below, we reserve the right to change the terms of this privacy/disclosure policy at any time. Changes to the Privacy/Disclosure Policy will be posted on this site.

Announcements of policy changes will include any applicable instructions for rejecting the additional use, disclosure, or sale of your information.

How to Send Us Your Comments (Back to Top)
We welcome your comments. If you have general feedback regarding our privacy/disclosure policy, please send an e-mail to feedback@express-scripts.com.

Specific questions regarding the enforcement of this policy should be directed to Express Scripts' Chief Compliance Officer at privacy@express-scripts.com.

FAQ

What is Express Scripts? (Back)
The title "Express Scripts" encompasses all departments, divisions, affiliates, and subsidiaries of Express Scripts, Inc.

What is non-personal information? (Back)
Non-Personal information is information that can not personally identify you or be used to contact you. Examples include type of Internet browser, type of computer operating system, and the domain name of the Web site and / or Internet service provider from which you linked to our site or advertisement.

What is personal information? (Back)
Personal information is information that could be used to identify or contact you. Examples include your name, e-mail address, mailing address, social security number and telephone number.

What is aggregate data? (Back)
Aggregate data is summary level data, such as the number of members of a specific gender, in a specific zip code, that have chosen a specific benefit plan. Aggregate data does not contain information that can be used to identify or contact you, such as your name, address, telephone number or e-mail address.

What is a subscriber? (Back)
A subscriber is the holder of the prescription benefit. Dependents are covered by the subscriber's benefit.

What is an adult dependent? (Back)
An adult dependent is a dependent 18 or more years of age. Adult dependents have privacy rights through which they may choose not to share their prescription history information with other household members, including spouses, parents or guardians.

What is a Cookie? (Back)
A "cookie" is a unique identifier that a web site transfers to your hard drive for record-keeping purposes. Express Scripts' cookies are used to personalize your user experience and include only information which you or your health plan have already provided to Express Scripts. Our cookies are deleted from your hard drive when you close your browser session.

What is a server? (Back)
A server is the computer or computer program that houses and/or distributes data.

What is a firewall? (Back)
A firewall is a set of related programs that protects the resources of a private network from users from other networks.