Effective Date: April 1, 2022
Rx Savings, LLC d/b/a Rx Savings Solutions (“Rx Savings,” “our” or “We”) respect your privacy and are committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you visit the website www.rxss.com and our practices for collecting, using, maintaining, protecting, and disclosing that information. California residents should additionally refer to the Privacy Notice for California Residents.
We will hold your personal health information or personal information in the strictest confidence, and we will keep your personal health information secure in accordance with the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA Security Rules”).
What information does Rx Savings collect?
Information You Give Us: Rx Savings collects all information that you provide to us online through completion of registration. It also includes information we collect in the following manner:
- If you use the Service, we will ask you to register with us and may ask you to provide us your contact information, your prescription medication information, other health information and location. We may also ask you for your postal address, email address, a telephone number, and for any additional necessary information for verification purposes.
- If you contact our Pharmacy Support phone line, we may ask you for your name, postal address, e-mail address, telephone number, prescription medication/health information and such other information for verification purposes in allowing us to assist you.
- Your responses to surveys that we might ask you to complete for research purposes. Details of transactions you carry out through our website and of the fulfillment of home delivery orders. Your search queries on the website.
Information from Employer/Health Plan: As part of the Service, we may have partnered with your employer, health plan, pharmacy benefit manager or other third party to provide you the Service and to provide such third-party additional services. This third party may provide us personal information and we will collect and securely store this information for the purpose of providing you and such third-party any and all services we may have agreed to provide under contract or by applicable law.
Automatic Gathering of Information: As you navigate through and interact with our website, we may use automatic data collection technologies (each, a “Service Provider”) to collect certain non-identifying information about your equipment, browsing actions, and patterns about your visit to our site or use of the Service. For example, we may keep track of how you navigate around the Service and what parts of the Service you used and/or viewed. It helps us to improve our website and to deliver a better and more personalized service. Dependent upon your internet service provider and/or browsing history other companies may collect your Web browsing movements across the Internet (not just on our website).
To do this, we and our Service Providers, use technologies (e.g., cookies, action tags, Web beacons, and GIF tags), placed at various sections within the Service delivered by e-mail or served during your Web browsing session. Some of these technologies may be disabled by changing your Web browser settings. Please consult the documentation for your Web browser on how to manage the information gathering and storage aspects of these technologies on your computer. We and our Service Providers do not collect any personal information automatically with these technologies. Unless we associate non-identifying information that we gather through use of the technology with your personal information, we will NOT treat such information as personal information.
Information from Other Sources: We may also collect information (including personal information) about you from our Service Providers and add it to the personal information we maintain. We do not sell your personal information but use it to improve our website and deliver a better service to you.
Transfer of Personal Information within the U.S. Only: Rx Savings has its headquarters in the United States. Any information we collect from you will be processed in the United States only. The United States government has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the General Data Protection Regulation (“GDPR”). In short, a finding of “adequacy” means that the European Commission has the power to determine whether a non-European Union country offers an adequate level of data protection. In the absence of an “adequacy” decision and no GDPR safeguards in place (e.g. binding corporate rules on the transfer of personal data outside the European Union), Rx Savings shall rely on derogations as set forth in Article 49 of GDPR where applicable and the protected health information safeguards required under the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule. Examples of derogations Rx Savings would rely on are that we control or process personal data: within the United States only with the user’s consent; to perform a contract; under a legal obligation; or in a manner that does not outweigh the individual’s rights and freedoms. Rx Savings seeks to apply suitable and applicable safeguards to protect the privacy and security of your personal data using data protection measures consistent with HIPAA, Health Information Technology for Economic and Clinical Health (“HITECH”) and the HITRUST Cybersecurity Framework.
If at any time you wish to confirm that Rx Savings is only processing personal data within the United States, please contact our Privacy Officer at [email protected]
How does Rx Savings use the information it collects?
To Provide Services
We use your personal information to provide you the Service, respond to your requests, to provide services to a third-party partner that is assisting to provide the Service for your benefit (such as your employee health plan or pharmacy benefit manager), and/or as otherwise necessary for us to conduct business, so long as such use is permitted by law. We may also use your personal information to contact you via email, phone, mail or text messaging if we want to communicate with you about the Service provided to you (i.e., your prescription cost savings report is ready to be reviewed or we have found you additional cost savings opportunities) and/or submissions to us or to respond to other requests.
When you register with us and provide us your phone number to receive text messages, you are specifically giving your express consent to allow us to send you text message notifications related to the Service (i.e., that you have the opportunity to save money on a prescription medication).
To Provide Promotional Messages
We may also use your personal information to send you newsletters, information about us and the Service, to notify you of changes to the Service and to provide you with up-to-date information on the Rx Savings services that may be of interest to you. We may also use non-identifying information about your visits to the Service and other Web sites in order to provide you with information regarding services that may be of interest to you, to make sure you are not shown the same content repeatedly on the Service, deliver information that is specific to your interests, and to save your password so you don’t have to re-enter it each time you visit our website.
If you do not wish to have your personal information used by us to promote our own or a third parties’ products or services, you can opt-out by logging into the website and adjusting your preferences in your account profile, by sending us a return email asking to be omitted from future email distributions or by visiting the unsubscribe link at the bottom of the email. We do not control third parties’ collection or use of your information to serve interest-based advertising.
We do not sell or share any of your personal information for commercial purposes with any third-party service provider.
Will Rx Savings disclose my personal information?
Disclosure In Compliance with the HIPAA Security Rule
We protect your personal health information in accordance with the HIPAA Security Rule. We may use or disclose your personal information in accordance with HIPAA. Please see the HIPAA Notice of Privacy Practices for a discussion of how your medical information may be used and disclosed in accordance with HIPAA.
Disclosure to Service Providers
We may engage Service Providers from time to time to perform business functions on our behalf, including, but not limited to, sending e-mail, maintaining customer lists, analyzing data, providing marketing assistance, processing payments, and providing customer service. We may furnish personal information to our Service Providers as required to perform these business functions on our behalf; provided, however, we will not disclose or share any of your personal health information to any Service Provider unless it is a permitted disclosure under HIPAA. The HIPAA Notice of Privacy Practices sets forth the list of disclosures that are permitted under HIPAA, 45 C.F.R. § 164.512 (2016).
We may engage Service Providers and share non-identifying information and aggregated information with them for purposes of analysis and improvement of the Service. In addition, we may select certain Service Providers to provide us with digital analytics and marketing optimization services. These Service Providers use technology, such as cookies and anonymous identifiers, to collect information on our behalf that will educate us on such things as search engine referral, how you navigate around the Service, and unique visitor identification. These Service Providers are not permitted to use personal health information, username or password information. We engage these Service Providers solely for the purpose of helping us improve the Services.
We may use and disclose de-identified health information with Service Providers for data analytics purposes. Prior to data transfer, protocols will be followed to certify the information has been properly de-identified in accordance with the HIPAA Privacy Rule. The information will be aggregated, de-identified, collected, and/or reported for purpose of research according to standard research rules, and will be stripped of patient identifiers. De-identified data sets will contain no protected health information. When the de-identified health information is shared with Service Providers or a third-party, the recipient will not have access to a crosswalk file or any other means of re-identifying patients or linking PHI.
These Service Providers analyze the information collected on our behalf and return it to us through a secure web connection for our use in understanding your use of the Service and how to better serve you. These Service Providers will be contractually prohibited from using our information for any other purpose and are required to maintain all information collected and their analyses in strictest confidence. You may choose to continue to benefit from the improved experience with the Service that such analyses provide to you, but maintain your anonymity. You may also choose to deactivate the ability of these Service Providers to analyze your browsing behavior at the Service by setting your Web browser to reject cookies and other technology.
Disclosure to Law Enforcement
From time to time, we may be required to disclose your personal information in response to a court order, subpoena, government investigation, or as otherwise required by law. We also reserve the right to share information with law enforcement agencies concerning any activities that we, in good faith, believe to be unlawful. We also may share certain personal information when we believe that such sharing is reasonably necessary to protect the rights, property, and safety of others and ourselves.
How can I review and revise my personal information?
You may review and change your personal information by logging into your Service account profile and updating it. You may also modify your personal prescription medication profile at any time by logging into your account.
We are ready to assist you in checking or changing your personal profile. You may reach us by any means found on the “Contact Us” page of www.rxss.com. We cannot delete your personal health information pursuant to the HIPAA Privacy Rule. We cannot accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If you are a California resident, California law may provide you with additional personal information rights and choices. To learn more about your California privacy rights, please see our Privacy Notice for California Residents.
How can I opt-out of receiving communications from Rx Savings?
If you would prefer not to receive our e-mail offers, please click on the “unsubscribe” link or follow the instructions in our e-mail message. To unsubscribe from text messages, text “STOP” to our opt-out number
- Text message opt-out: 1-913-210-8326
It may take Rx Savings up to ten (10) business days to reflect your preferences in our databases.
How does Rx Savings protect my personal information?
Rx Savings has implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. In addition, we use other means, such as firewalls and encryption to safeguard the confidentiality of this information. The safety and security of your information also depends on you. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information. Any transmission of personal information in public or non-secure areas of the website are at your own risk.
The safety of children is very important to us. We are committed to protecting children’s privacy on the Internet and we comply fully with the Children’s Online Privacy Protection Act. Our website is not intended for children under the age of 13. If you are under 13, do not use or provide any information on this website. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us through the “Contact Us” page of www.rxss.com.
Use of Voice Assistant Devices.
Communication of health information through the use of the Services in connection with a voice assistant device contains the risk of unauthorized interception of the transmission. While Rx Savings is fully compliant with the HIPAA Rules, the voice device itself is not HIPAA compliant. Voice assistant devices collect and store both the spoken utterance from the user and the skill’s response. While the user may delete this data held by the voice assistant device in the application’s settings there remains a high risk that health information could be inadvertently disclosed to an unauthorized third-party. By using the Service in connection with a voice assistant device, you acknowledge and consent that such use may or may not always be secure, as defined under 45 C.F.R. § 164.402. As such, Rx Savings will not be liable for any unauthorized disclosures that occur while in transmission.
How to Contact Us.
Rx Savings, LLC
Attn: Privacy Officer
5440 W. 110th Street, Suite 200
Overland Park, KS 66211
Toll Free: 1-800-268-4476