As of May 9, 2007
We at McKesson Corporation are committed to maintaining the privacy and security of our customers' personal information. Through this privacy statement, McKesson wants to assure you of our commitment to privacy and security. Our privacy philosophy is based on the concept of fair information practices. This means we provide our customers with notice of how we manage information so that they can have a more informed understanding of how we operate.
If we collect information from or about you, we will tell you what information is being collected, how, by whom, and for what purposes.
We will give you options about how the personal information that you provide us may be used.
We use recognized industry safeguards to protect customer personal information from unauthorized access or use.
You will have the opportunity to update your personal information that you have provided to us. We will also take steps to make sure that any updates that are provided are processed in a timely and complete manner.
Customer Service and Recourse
We will tell you how you can contact us regarding our privacy statement and practices.
We capture the paths taken as you move from page to page (i.e., your "click stream" activity). Information we collect on McKesson.com may be used to enhance your use of this Web site in ways like these:
- Arrange the Web site in the most user-friendly way
- Customize your browsing experience of this Web site
- Communicate special offers and featured items to you, if you choose to receive such notices
- Respond to your question or suggestions
Disclosure of personal information for legal purposes and protection of McKesson.com and others: We reserve the right to share your personal information with third parties if required to do so by law or if we believe such action is necessary in order to: (a) conform with the requirements of the law or to comply with legal process served upon us; (b) protect or defend our legal rights or property, McKesson.com, or our users; or (c) investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of the terms and conditions of using McKesson.com.
Linking to Other Sites
We will give you options about how the personal information that you provide us may be used. Before we use your personal information for any purpose, we will give you choices about whether or not to allow us to engage in that use. We will give you the opportunity to keep us from using or sharing the personal information that you have provided to us for purposes other than to fulfill your request. To exercise this choice, we will allow you to notify us of your preferences during the information collection process. If there are third parties that process McKesson data, we will require them to hold all personally-identifiable information confidential, and to use our customer information only for the purpose of fulfilling their business obligation. McKesson does not sell personally identifiable information to third party marketers.
We use recognized industry safeguards to protect personally identifiable information from unauthorized access or use. We will employ industry recognized security safeguards to protect the personally identifiable information that you have provided to us from loss, misuse and unauthorized alteration. If you are required to transmit sensitive information (such as Social Security and/or credit information) to us through our Web site, we will provide you access to our secure server that allows encryption of your data as it is transmitted to us. We will protect personally identifiable information stored on the site's servers from unauthorized access using commercially available computer security products (e.g., firewalls), as well as carefully developed security procedures and practices. McKesson has been certified by third parties to security standards such as ISO 27001:2005 and has completed SAS 70 certifications.
Customer Service and Recourse
We will tell you how you can contact us regarding our privacy statement and practices. If you have any questions about this privacy statement, our information handling practices, or any other aspects of your privacy and the security of information, please send an email to Regulatoryaffairs@mckesson.com or call us at 404-338-3519. Our mailing address is: Law Department, One Post St., San Francisco, CA, USA 94104, ATTN: Privacy Officer.
We retain the flexibility to update this policy. McKesson may periodically update this policy to describe how new Web features may affect our use of your information and to let you know of new controls and features that we may provide you. McKesson will NOT apply changes to this policy retroactively to information McKesson has previously collected.
HIPAA at McKesson
As a key provider of services and technology to the healthcare industry, McKesson Corporation and its affiliated companies collectively, ("McKesson") have implemented programs to address the transaction standards, and the privacy and security implications of the rules promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").
McKesson has demonstrated the effectiveness of their information security program by maintaining a number of ISO 27001:2005 certifications across the enterprise, including the McKesson IT organization, which assists business units with IT and security-related services. The ISO 27001:2005 standard is designed to validate the selection of adequate and proportionate security controls which are examined by a third party assessing organization.
McKesson also completes annual Service Organization Controls (SOC) 1 Type II examinations performed by a third party assessing organization in accordance with the Statement on Standards for Attestation Engagements (SSAE) 16. McKesson engages the SOC 1 examination across the enterprise, including the McKesson IT organization, and other organizations within McKesson Technology Solutions. The SOC 1 report is a widely recognized report and contains relevant controls related to internal controls over financial and Sarbanes-Oxley Act reporting compliance.