Effective March 1, 2018
1. OUR PRIVACY PRACTICES
SilverScript Insurance Company is committed to protecting the privacy and confidentiality of your personal information
in accordance with law and our own company policies. This notice describes our privacy practices for both current and
former enrollees in our health insurance program. It explains how we use your health information and when we may share
it. It also tells you about your rights with respect to your health information. We are required by law to maintain
the privacy of your health information and to provide to you with this notice. We are also required to notify you if
there is a breach of your health information.
When we refer to "health information" in this notice, we mean financial, health and other information about you that
is non-public, and that we obtain so that we can provide you with health insurance coverage. It includes demographic
information, and other information that may identify you and that relates to your past, present or future physical or
mental health and related health care services.
Our workforce is required to comply with our policies and procedures to protect the confidentiality of health
information, and will be subject to a disciplinary process if they violate them. We maintain physical, electronic
and process safeguards to protect against unauthorized access to your health information, and authorized access is
on a “need-to-know” basis only.
2. THE HEALTH CARE INFORMATION WE COLLECT
We obtain information from a variety of sources, not all of which apply to every enrollee. Following are the general categories of information we collect:
- Information provided on enrollment forms, surveys and our Website, such as your name, address and date of birth
- Information from pharmacies, physicians or other health care providers, Long Term Care facilities or health plans
- Information provided by your employer or other plan sponsor regarding any group plan that you may have
- Information we obtain from your transactions with us, our affiliates, or others, such as health care providers
- Information we receive from consumer or medical reporting agencies or others, such as state regulators and law enforcement agencies.
3. HOW WE MAY USE OR DISCLOSE YOUR HEALTH INFORMATION
We may use and disclose your health information as follows.
We may use and disclose your health information to your pharmacy, doctors or other health care providers to help
them provide medical care to you. For example, we may provide information about other medications you are taking
to a pharmacist filling your prescription so as to avoid harmful drug interactions. We may also share your health
information with health care providers to help coordinate and manage your health care. For example, we may talk
to your doctor to suggest a medication therapy management program that can help improve your health.
We may use and disclose your health information to determine your eligibility for coverage and benefits, and
to see that the treatment and services you receive are properly billed and paid for. For example, we may use your
health information to pay the pharmacies that fill your prescriptions. Other payment activities include claims
management, drug utilization review and other related administrative functions. We are prohibited from using or
disclosing any genetic information about you for underwriting purposes.
For Health Care Operations
We may use and disclose certain health information to conduct our health care operations. Examples of health care
operations include: performing quality assessment and improvement activities; evaluating provider and health plan
performance; performing auditing functions; fraud and abuse detection and compliance activities; resolving internal
grievances; and addressing problems or complaints; making benefit determinations; administering a benefit plan; and
providing customer care.
To Make Health-Related Communications to You
We may use and disclose your health information in order to inform you about health-related products and services. For example, we may contact you:
- To remind you to refill your prescription or otherwise follow your drug therapy regimen.
- To tell you about possible treatment options or medication alternatives that maybe beneficial to you.
- To tell you about health-related program benefits and services that may be of interest to you.
To the Plan Sponsor of a Group Health Plan
Under certain circumstances, we may share limited health information about you with the sponsor of a group health plan
through which you receive health benefits. For example, we may share information with a plan sponsor related to your
enrollment or disenrollment in the plan, as well as summary health information to enable the plan sponsor to obtain
bids from other health plans. We may also share information for plan administration purposes if certain protections
are included in the plan document.
For the Treatment, Payment, and Health Care Operations of Other Health Plans or Health Care Providers
We may disclose your health information for another health plan or health care provider’s treatment, payment, and,
if certain conditions are met, health care operations. For example, we may disclose your health information when
it would facilitate payment for services under another health plan.
OTHER USES AND DISCLOSURES
We may also make the following types of uses and disclosure of your health information:
- To a friend or family member who is involved in your care or to someone who helps pay for your care if you
are not present or do not object and we believe it is in your best interests in the circumstances.
This includes disclosure to an entity assisting in a disaster relief effort so that your family or
those involved in your care can be notified about your condition, status or location.
- To entities performing any business functions for us, provided the entity agrees to protect and safeguard
your health information, and to use and disclose it only as permitted by us.
- To conduct medical research, provided that additional measures are taken to protect your privacy.
- To comply with state and federal laws that require the release of your health information
- To public health authorities or others acting under their authority for purposes such as reporting adverse
reactions to medications or problems with medical products, or if we believe there is a serious threat
to your health and safety or that of others
- To health oversight agencies for activities such as audits, inspections, licensure and peer review activities
- For legal or administrative proceedings, such as pursuant to a court order, search warrant or subpoena
- To support law enforcement activities; for example, we may provide health information to law enforcement agents
for the purpose of identifying or locating a fugitive, material witness or missing person
- To correctional institutions or law enforcement officials if you are an inmate or under the custody of a law enforcement official
- To report information to a government authority regarding child abuse, neglect or domestic violence
- To share information with a coroner or medical examiner as authorized by law, or with funeral directors, as necessary to carry out their duties
- To use or share information for procurement, banking or transplantation of organs, eyes or tissues
- To report information regarding job-related injuries as required by your state worker compensation laws
- To share information related to specialized government functions, such as military and veteran activities, national security and intelligence activities and protective services for the President and others
- To a third party, for example, in connection with any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all
or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), but solely to the extent permitted by applicable law.
- To personalize your experience on the Services, including by presenting products and content tailored to you, and for our business purposes,
such as data analysis, audits, fraud monitoring and prevention, developing our Services and new products and services, determining the
effectiveness of our promotional campaigns, and operating and expanding our business activities.
- To our service providers, who provide services such as website hosting, data analysis, payment processing, order fulfillment,
information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
4. USES AND DISCLOSURES REQUIRING WRITTEN AUTHORIZATION
Your written authorization is required for the following types of uses and disclosures
of your health information:
- Most uses and disclosures of psychotherapy notes (if applicable)
- Uses and disclosures for marketing purposes, except for face-to-face communications and the provision of
promotional gifts of nominal value. If we will receive payment for making such a marketing communication,
the authorization is required to state this.
- Uses and disclosures that qualify as a sale of health information. If we will receive direct or indirect
payment in exchange for your health information, the authorization is required to state this.
In addition to the above, any other uses and disclosures of your health information not described elsewhere
in this Notice will be made only with your prior written authorization. If you provide a written authorization
and you change your mind, you may revoke your authorization in writing at any time. Once an authorization has
been revoked, we will no longer use or disclose the health information as outlined in the authorization; however,
you should be aware that we will not be able to retract a use or disclosure that was previously made based on a
5. YOUR HEALTH INFORMATION RIGHTS
You have certain rights regarding health information, as described below. To exercise any of these rights, you
must send a request in writing, with any additional information required, to: SilverScript Insurance Company
c/o CVS Caremark, Attn: Privacy Officer -- MC 016, P.O. Box 52072, Phoenix, AZ 85072-2072. Please include your
card identification number on your written correspondence. If you have given someone medical power of attorney
or if someone is your legal representative, such as your caregiver, that person can exercise your rights and
make choices about your health information.
- Right to Inspect and Copy. You have the right to inspect and copy health
information that we maintain about you. You may also ask us to provide a copy of your health information
to another person. In that case, your written request must be signed by you, must clearly identify the person
to whom the copy is to be sent, and must state where the copy is to be sent. If you request a copy of the
information, we may charge a fee for the costs of copying, mailing or, if you agree to receive a summary or
explanation of the information, the cost of preparing the summary or explanation. We may deny your request
in certain circumstances. If your request is denied, you may ask that we review the denial.
- Right to Correct. If you believe that health information we maintain about you
is inaccurate or incomplete, you may ask us to correct it. In your request, you must include a reason that
supports the change you request. If we did not create the information, you must explain why you believe the
person who created it is no longer available to correct it. We may deny your request in certain circumstances.
If so, you may submit a statement disagreeing with the denial, which will be added or linked to the information
- Right to an Accounting of Disclosures. You have the right to receive a list of
certain non-routine disclosures (e.g., disclosures not related to treatment, payment, or operations) we make of
health information about you. In your request, you must specify the time period for which you want the list.
The first list you request in any 12 month period will be free of charge; after that, we may charge a fee to
cover the costs of providing this information to you.
- Right to Request Restrictions. You have the right to request a restriction on how we
use or disclose health information about you for treatment, payment or health care operations. You also have the
right to request a restriction on disclosures to someone involved in your care or the payment of your care, like
a family member. If you request a restriction, you must specify what information you want restricted and in what
way. We are not required to agree to a requested restriction.
- Right to Request Confidential Communications.You have the right to request that we send
communications involving health information about you by a certain method of communication or to a certain address
if you believe that disclosure of some or all of your health information could endanger you. If you request a
confidential communication, your request must include a statement that the disclosure of your health information
could endanger you, and it must state how or where you wish to be contacted. We will agree to all reasonable requests.
- Right to Paper Copy of this Notice.You have the right to obtain a paper copy of this notice
at any time by writing to the address provided below, even if you have previously agreed to receive it electronically.
You may also view a copy of this notice on our Website at www.SilverScript.com.
6. STATE LAW
In some situations, state privacy or other applicable laws may provide greater privacy protections than those stated in
this notice. For example, depending on the state in which you reside, there may be additional laws related to the use
and disclosure of health information related to HIV status, communicable diseases, reproductive health, genetic test
results, substance abuse, mental health and mental retardation. When appropriate, we will follow those state or other
7. CHANGES TO THIS NOTICE
We reserve the right to change this notice, and to make the changes effective for health information about you that we
already have, as well as for any health information we obtain or create in the future.
We will retain health information about you even after your insurance coverage with us terminates, since it may be
necessary to use and disclose it for the reasons described above. However, we will have in place policies and
procedures to continue to protect the information. We will post a copy of our most current notice on our website
at www.SilverScript.com. The effective date of the notice will be on the first page. In addition, paper copies
of the most current notice may be obtained by sending a written request to SilverScript Insurance Company, c/o CVS
Caremark, Attn: Privacy Officer -- MC 016, P.O. Box 52072, Phoenix, AZ 85072-2072.
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the
Department of Health and Human Services. To file a complaint with us, you must send it in writing to SilverScript
Insurance Company c/o CVS Caremark, Attn: Privacy Officer -- MC 016, P.O. Box 52072, Phoenix, AZ 85072-2072. You can
file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to
200 Independence Ave., S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting
. We will not retaliate against you in any
way for filing a complaint, and the service you receive from us will be unaffected.
The Services may contain links to, or otherwise make available, third-party websites, services, or other resources not
operated by us or on our behalf (“Third Party Services”). These links are provided as a convenience only and do not
constitute an affiliation with, endorsement, or sponsorship of the Third Party Services. Any information you provide
security of the information you provide to them or their handling of your information. We recommend that you review the
In addition, we are not responsible for the information collection, use, disclosure, or security policies and practices
of other organizations, such as Apple, Google, Microsoft, RIM, or any other app developer, app provider, operating system
provider, wireless service provider, or device manufacturer.
We seek to use reasonable physical, technical, and administrative safeguards to protect personal information within our
organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have
reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your
account with us has been compromised), please immediately contact us in accordance with the “Contact Information” section
below. You are responsible for maintaining the confidentiality of your Services access information and password and for
restricting access to your device, and you agree to accept responsibility for all activities that occur under your password.
11. FRAUDULENT SITES, SPAM, & PHISHING
Please be aware that there may be fraudulent websites that illegally use SilverScript or CVS logos and other aspects of the
SilverScript or CVS brand. SilverScript or CVS is in no way associated with any fraudulent websites. These sites may circulate
their presence on the internet via spam email or through fraudulent phishing practices.
These sites have not been authorized by SilverScript or CVS to use our name, and we work aggressively to identify their source
and have them shut down. If you are in receipt of this type of spam email, to help protect your privacy you should avoid replying
to it or forwarding it to other people.
12. OTHER INFORMATION
Like many other websites and online services, we collect information about website traffic and usage patterns through the use of
cookies, Web server logs, and other, similar technologies. We use this information for various purposes, such as to ensure that
the website functions properly, to facilitate navigation, to personalize your experience, to understand use of the website, to
diagnose problems, and to otherwise administer the website.
Cookies are small text files we transfer to your computer's hard drive. These small text files help us personalize content on our
pages. Your browser software can be set to reject or accept cookies. Instructions for resetting the browser are available in the
Help section of most browsers.
used. Reviewing our web server logs and our users’ use of our site helps us to, among other purposes, statistically monitor how
many people are using our site and for what purpose.
Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider.
An IP address may be identified and logged automatically in our server log files whenever a user accesses the website, along with
the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by
many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels of the website,
helping diagnose server problems, and administering the website.
We may use Adobe Flash Local Stored Objects (“LSOs”) and other technologies to, among other things, collect and store information
about your use of the website. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash
player to block Flash LSO storage using the tools contained in the
You can also control Flash LSOs by going to the
and following the
instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to "information"
on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player
8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that
setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
We do not respond to browser do-not-track signals.
website and your use of other websites or online services.
13. CONTACT INFORMATION
If you have any questions about this notice, please contact us at:
SilverScript Insurance Company c/o CVS Caremark
Attn: Privacy Officer -- MC 016, P.O. Box 52072
Phoenix, AZ 85072-2072