My Care Plus Privacy Notice

My Care Plus Privacy Notice

Last Updated: May 2019

We take your privacy seriously, and we want you to know how we collect, use, share and protect your information. This Privacy Notice applies to the My Care Plus public website at mycareplusonline.com (“Website”) and the mobile application (“App”), as well as the My Care Plus platform available via either the Website or App (“Platform”) and applies whether you are a patient, the legal representative of a patient, or as an authorized user from a physician practice. The Platform, Website and App (collectively, the “Tools”) are owned and managed by McKesson Specialty Health Technology Products LLC (“MSH”), a McKesson Specialty Health business.

YOUR ACCESS AND USE OF THE TOOLS ARE SUBJECT TO THIS PRIVACY NOTICE. IF YOU DO NOT AGREE WITH THE BELOW NOTICE, PLEASE DO NOT USE OR ACCESS THE TOOLS FOR ANY PURPOSE. PLEASE PRINT A COPY OF THIS PRIVACY STATEMENT FOR YOUR RECORDS.

Modifications to Privacy Notice

We may need to update this Privacy Notice as technology and our business practices change. If we make significant changes to this Notice, we will post a prominent notice and the revised Privacy Notice on the Platform. All changes will be effective upon posting such that the new Notice will only apply to information collected after the new Notice is posted.   

Protected Health Information

If you are a patient, your physician's use and disclosure of your Protected Health Information (“PHI”) is subject to your physician's practice's Notice of Privacy Practices. We cannot control any physician's use of a patient's PHI. Please contact your physician for a copy of their Notice of Privacy Practices. MSH provides the Platform on behalf of your physician's practice and protects PHI in accordance with its agreement with your practice and applicable law. If you have any questions or issues with the PHI managed by your physician’s practice, please contact them directly.

Information We Collect

The amount and type of information that we receive depends on how you use the Tools and the information you choose to submit to us via the Tools. Details about the information we collect via the Tools is below. 

Personal Information

You are not required to provide personal information to visit the Website or download the App. However, if you wish to register for the Platform, you must provide certain personal information to complete registration for the Platform to access the health records maintained by the Practice.

If you register for the Platform, we will collect personal information from you with your knowledge during the registration process and in the event you request information or services. This information may include your name, contact information (such as address, phone number), personal characteristics (such as your gender and birth date), health related information and other sensitive information (such as your financial/credit card account information). When using the App, you may log in through biometric authentication (such as face and fingerprint) and we may collect other biometric information, such as images from your phone for physician review, and voice recordings to dictate secure messages to your physician. We may combine information that we collected from you with your information from external data sources.

If you access the Platform patient registration via the Website link provided by your physician, certain basic information may be pre-filled into your Platform registration, which you will need to verify.  If you access the Platform via the App, such information may not be pre-populated.

When you register for the Platform, the registration process requires you to provide an e-mail address and choose a password for your account, which you should keep and maintain as confidential. If you choose to share your e-mail address and password you understand that those individuals to whom you share that information will have access to your personal information and will be able to add to your personal information as though they were you. You will be responsible for all activities by users resulting from sharing or not maintaining the confidentiality of your e-mail address or password.

If you are a registered user of the Platform, personal information currently stored electronically in the applicable records maintained by the physician will become accessible to MSH to provide you access to such information through the Platform. Electronic health records are not permanently stored in the Platform, but a temporary copy of them is displayed via the Platform when you are logged in with your e‑mail address and password.

We may collect information about your usage of the Platform, such as the paths taken as you move from page to page (i.e., your “click path” activity), searches made, and content viewed.  We may also collect information about the computers or mobile devices you use to access the Platform, such as hardware models, browser types, operating systems, and unique identifiers. When you log into your account through the Platform, your e-mail address and encrypted password will be logged by our system in an audit log but will not be used by us.

If available, you may choose to use the secure messaging feature of the Platform which will allow the exchange of communications, questionnaires and surveys between you and the provider and which may contain identifiable health information. Communications sent via this feature are recorded and maintained by MSH. Users of the Platform can view the trail of messages received and sent via their account. MSH does not edit the content of these communications.

Users, who must be 18 years of age or older, may choose to receive autodialed text messages related to Platform. By providing your mobile phone number to MSH, you acknowledge that text messages will be sent that may include information related to your care or your health generally, your use of the Platform, or your experiences with MSH, the Tools, or your physician’s practice. If your mobile number changes, please update it immediately in your My Care Plus account. MSH is not liable for any information delivered via text, which occurs because of a mobile device number change that is not reported.  If you no longer want to receive text messages from My Care Plus, reply STOP or contact My Care Plus Support (855-887-6788) for assistance. Users will receive a final text confirming the cancellation from My Care Plus.

Tracking Technologies

Cookies

Like many companies, we may use cookies on the Platform. Cookies are small pieces of information that are stored by your browser on your computer or mobile device. They enhance your online experience by saving your preferences and personalizing your experience while you are visiting a website.

When you access our Platform, we may place session or persistent cookies on your computer or mobile device. Session cookies are used to complete transactions with this Platform and for other purposes, such as counting the number of visits to our certain web pages. Session cookies are eliminated when you exit your browser.

Persistent cookies may also be stored on your computer or mobile device. When you log in, this type of cookie tells us whether you've visited us before or if you are a new visitor. The cookie doesn't obtain any health information about you or provide us with any way to contact you, and the cookie doesn't extract any information from your computer or mobile device.

The "help" portion of the toolbar on most browsers will tell you how to prevent your browser from accepting certain types of cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Please note that disabling session cookies may prevent you from using some features or areas of the Platform. Disabling persistent cookies may also impact your use and access of the Platform and will not allow you to see any personalization (including your health record) on the Platform that you may activate.

In addition, if you visit our Platform again after deleting a cookie, a new cookie may be activated.

Since third parties may use their own cookies when you click on a hypertext link to their site or service, you should carefully review the privacy notice of other sites you link to from our Platform.

HTML5

We use local storage such as HTML5 to collect and store content information and preferences. Third parties who we partner with to provide certain features on our site or to display advertising use local storage such as HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 local storage.

IP Addresses and Log Files

We may also log and track IP addresses for systems administration purposes and for reporting usage trends. Your IP address is usually associated with the physical place from which you enter the Internet, the name of the domain and host from which you access the Internet, the browser software you use and your operating system, and the date and time you access the Platform. By collecting your IP address, we may record the page that linked you to the Platform, the web pages you visit, the ads you see or click on, and other information about the type of web browser, computer/mobile device, platform and settings you are using, and any search terms you enter on the Platform. IP addresses are not used to track an individual user’s session. This information helps us determine how often different areas of the Platform are visited.

We may combine information collected automatically (such as IP addresses, cookies or click path monitoring) with any previously submitted personal information that we may have received from you.

Geographic Location

We may collect your geographic location based on your IP address and other data from location tracking technologies, such as sensor data from your device that may provide information on nearby Wi-Fi access points and cell towers. When using the App, your location may be used to check you in at your physician’s office, and to provide you with transportation options or directions to your physician’s practice.

In addition, the Tools may use Google Maps API(s). Pursuant to the Google Maps APIs Terms of Service, use of those features is subject to Google’s Privacy Policy. For information on how Google categorizes location information, please visit Types of location data used by Google. Both the Google Terms of Serviceand Google’s Privacy Policyare incorporated into this Privacy Policy by this reference.

Analytics

The Tools uses third-party analytics tools (e.g., Google Analytics) to collect and process data about your use of the Tools, including when you visit the Tools, URLs of the websites that you visit prior to visiting the Tools and when you visit those websites, and IP addresses assigned to the devices from where you access the Internet. Our analytics providers may set and read cookies to collect this data and your web browser will automatically send data collected by those cookies to our analytics providers. Our analytics providers use this data to provide us with reports that we will use to improve the Tool’s structure and content. For more information on how Google uses this data, visit Google’s Privacy Policyand Google’s page on How Google uses data when you use our partners' sites or apps. To prevent this data from being used by Google Analytics, follow the instructions to download and install the Google Analytics Opt-out Browser Add-onfor each web browser you use. Using the Google Analytics Opt-out Browser Add-on will not prevent MSH from using other analytics tools and will not prevent data from being sent to the Tools itself or to Google. For more information about how Google Analytics uses cookies to measure user interactions on websites, visit Google Analytics Cookie Usage on Websites. You may disable cookies as discussed above, but that may impact your use and enjoyment of the Tools.

 “Do Not Track” Signals

Some web browsers have a ''Do Not Track'' feature. This feature allows you to tell websites you visit that you do not want to have your online activity tracked over time and across websites. These features are not yet uniform across browsers and not broadly supported. This Platform is not currently set up to respond to those signals.

Surveys

Users of the Platform may have the opportunity to participate through the Platform in various surveys from MSH depending on the survey and as permitted by law.

If you choose not to receive MSH survey invitations through the Platform you may change your privacy settings within the Platform.  This setting will not change survey requests that you may receive from your physician or health care provider as a communication via the Platform.  Surveys from your health care provider are treated by the Platform as any other communication from your provider, as set forth above.

Any survey responses that you choose to submit may be aggregated, deidentified and provided or sold to third parties as set forth below.

Use and Disclosure of Your Information

We will not sell, share or rent the information that is collected via the Platform to others in ways that differ from what is disclosed in this Privacy Notice.

Personal Information

We may use any personal information or other information that you voluntarily provide us to provide you with information, products or services that you may request from MSH.

If you are a registered user of the Platform, any personal information that you share via the Platform will be made accessible to your physician and may become a part of the records maintained by your physician. Once personal information becomes part of your record, these records will be subject to your practice's Notice of Privacy Practices.

To the extent permitted by applicable law, and to the extent permitted by any required authorization, MSH may use your participation in the Platform to communicate to you special offers and featured items from third parties, MSH, MSH's affiliates, and/or other suppliers and vendors. If you are receiving additional sponsored communications and special offers, you may modify your preferences to receive such materials from MSH via the Platform at any time or by contacting us using the contact information below.  Certain communications may also have instructions to opt-out of similar communications.   We will implement your modification within five days after request is received. MSH cannot control any communications and other materials that you may receive directly from third parties to whom you have provided your information.

We will also use your information to customize your browsing experience and communicate with you and otherwise respond to your questions and suggestions regarding use of the Platform as may be permitted by applicable law.

We may share your information only with our suppliers and vendors to the limited extent permitted by applicable law. We require those suppliers and vendors to comply with all applicable data privacy laws and regulations, including HIPAA. We do not sell, lease or rent your identifiable health information. We may also use your geographic location to provide you with specific content and direct you to your closest service providers to the extent permitted by applicable law.

We may also need to share information with companies, organizations or individuals outside of MSH if we have a good faith belief that access, use, preservation, or disclosure of that information is reasonably necessary to:

  • Meet applicable laws, regulations, legal processes or enforceable governmental requests or investigations
  • Enforce the Terms of Use, including investigation of potential violations
  • Detect, prevent, or otherwise address fraud, security or technical issues
  • Protect against harm to the rights, property or safety of our users, MSH, or the public as required or permitted by law
  • Engage in a merger, acquisition, reorganization, or sale of all or a portion of MSH assets.

The above disclosures shall only involve non-PHI personal information. To the extent PHI may need to be shared, such sharing will only occur if such disclosure complies with HIPAA.

Aggregate, Deidentified Data

We may aggregate and deidentify in accordance with HIPAA personal information, either alone or with other data to create anonymous "aggregate data" regarding the users of our Website and Platform. Aggregate and deidentified data is information that describes the habits, treatment plans, usage patterns, other medical record data and/or demographics of users as a group but does not reveal the identity of users. This data will not identify you but will be used as statistical information to determine such things as user demographics and usage patterns of our Tools. MSH may use aggregate data to understand the needs of our community of users and determine what kinds of programs and services we can help provide. Aggregate and deidentified data may also be provided or sold to third parties, including for getting targeted content to you by third-party vendors, suppliers, business partners and/or affiliates a picture of our community and services and/or participation in surveys or receipt of emails from third parties.

Other Use and Ownership

We also reserve the right to share your information collected from the Tools with third parties to the extent permitted by applicable law including but not limited to the requirements under HIPAA, and, in the case of identifiable protected health information, pursuant to MSH's business associate agreement with the applicable physician practice.

MSH maintains full rights to any information collected on the Tools, and may freely collect, use and disclose such information unless prohibited by this Privacy Notice or applicable law as stated above.

Security

While no website, portal or mobile application can guarantee security, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your personal information collected via the Tools as required by applicable law. While we cannot guarantee that loss, misuse or alteration to data will not occur, we use industry standards, such as Secure Socket Layers ("SSL") technology, to help safeguard against such occurrences. In certain areas, the information passed between your browser and our system is encrypted with SSL technology (which covers any messages, personally identifiable information or communications a person directs to MSH or the clinician team) to create a protected connection to help ensure confidentiality.

Our data center is both physically and electronically secured. Our servers are protected from open access to the Internet by using firewall and encryption technology. We limit access to personally identifiable information about you to our employees and third-party agents, who we reasonably believe need to have access to your information to provide you with the information or services you request via the Website and Platform.

If a breach in our security systems occurs and there is a possibility that an unauthorized person acquires your personal information, we will notify you of such a breach as may be required by applicable law.

To help maintain security, you should never share your login credentials and should always sign out when you are finished using the Platform.

Access

You may access and update certain information in your profile settings in the Platform. You may also update your privacy and communications preferences by contacting My Care Plus Support through this link: https://www.mycareplusonline.com/contact-form, or by calling 1-855-887-6788 (toll free). We will also take steps to make sure any updates that you provide are processed in a timely and complete manner. Changes to your personal information, such as demographics and health information, should be provided to your Practice.

We will retain your information for as long as your account is active, as reasonably useful for commercial purposes, or as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.

Third-Party Websites

If you use the Tools to link to another website which is not controlled or maintained by MSH, you may decide to disclose personal information at that website. For example, you might provide your contact information to obtain an information packet from an organization. Please be aware that in contacting that site, or in providing information on that site, that third party may obtain personal information about you. This Privacy Notice does not apply when you leave the Tools and go to a third-party website. We structure the Tools so that no personal or health information goes in the search string or URL when you move from the Tools to a linked web site. We encourage you to be aware when you leave our Tools and to read the privacy statements of each site that collects personally identifiable information.

Accessing the Platform Outside of the United States

If you are using our Tools from outside the United States, please be aware that your information may be transferred to, stored or processed in the United States, where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country, but please be assured that we take steps to protect your privacy. By using the Tools, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this Privacy Notice.

Transfer of Data

In the event of a change in control of MSH or sale by MSH of substantially all its assets or other acquisition, merger or reorganization, any information owned by or in the control of MSH may be transferred to such MSH successor, who will comply with the terms of this Privacy Notice.

Important Note Regarding Children

The Platform is not directed toward children under 18 years of age and MSH does not knowingly collect or use information from children under 18 through the Platform. Any information submitted via the Platform regarding a minor under the age of 18 must be submitted by the minor's legal representative. To the extent permitted by applicable state law, minors may access their identifiable health information through their physicians.

Contact Us

If you have any questions about this Privacy Notice, please contact us at:

McKesson Corporation
ATTN: Privacy Officer (Privacy Notice, My Care Plus)
2 National Data Plaza NE (3rd Floor)
Atlanta, GA, 30329
Email: privacy@mckesson.com
My Care Plus Support: (855) 887-6788