Marsh Supermarkets Company, LLC, (“Marsh”) the operator of Marsh the Marketplace, Marsh Supermarkets, MainStreet Markets, and O’Malia Supermarkets, believes in the importance of privacy for our customers and vows to securely store and protect that privacy when customers provide us personal information. This includes a customer’s name, address, telephone numbers, e-mail addresses, credit cards, checking account information, Internet Protocol (IP) address, social media accounts and any other information that can be used to link to an individual customer. This personal information collected by Marsh Supermarkets Company, LLC will be securely stored in accordance with applicable laws and industry standards.
Marsh will guard and maintain the privacy of our customers.
The trust of our customers is highly important to Marsh. In order to maintain our customers’ trust we vow to protect the personal information that they give to us through interactions with our company. This includes purchases in our stores and our websites; the use of the Fresh IDEA and MainStreet Reward$ Cards, checks, credit and debit cards; entries in Marsh promotions, sweepstakes and contests; services from the pharmacies and websites; and personal information disclosed to us via Facebook, Twitter, Pinterest, Google+ or other social media venues.
Customer pharmacy records are safe with Marsh Supermarkets Company, LLC
Marsh cares about children and understands their special privacy needs.
We have adopted a policy to ensure the privacy of children participating online or our in-store Kids Club program. Online, Marsh follows the applicable guidelines under the federal law known as the Children’s Online Privacy Protection Act. Furthermore, our online services are geared towards a general audience and do not feature information and services geared towards children age 13 or younger. Marsh does not collect personal information from anyone known to be a child age 13 or under without such consent from the child’s parent or guardian.
If you are a parent or guardian of a child age 13 or younger and believe he or she may have disclosed personally identifiable information to Marsh, please contact us. A parent or guardian of a child age 13 or younger may review the child’s personally identifiable information and request deletion of such information if desired.
All Customers have control of their personal information.
At Marsh discretion, Marsh may utilize the services of a third-party loss prevention specialist or team of specialists in order to gain assistance in cases of suspected fraud, theft or other situations. In connection with these or other loss prevention activities, Marsh may disclose personal information as we deem necessary or appropriate without any restrictions. We may share personal customer information with our subsidiaries, affiliates, agents, representatives and trusted business partners for the limited purpose of providing services or information to Marsh or our customers at our direction. We may also provide third parties with certain information that is necessary to fulfill an order you have placed with us, such as providing your name and address to a shipping carrier for delivery or passing on your credit card information to a credit processor when you pay by credit card. All business partners and agents are required by Marsh to hold customer information in strict confidence, except as specifically set forth in this policy. Marsh cannot be held responsible for any additional information a customer provides to these third parties entities.
In order to better understand its customers, Marsh collects, stores and uses cumulative data that does not contain personally identifiable information i.e.: demographic or statistical information. This cumulative data may be shared with and used by third parties to help us better serve our customers.
Personally identifiable information will not be collected by Marsh in passive or hidden methods that the customer is not aware of except as noted below.
When visiting any of the Marsh family of websites, our sites may assign you permanent “cookies” (small amounts of data that are sent to your browser from a Web server to accomplish tasks such as storing your preferences and remembering who you are) or use web beacons (small graphics) to be stored on your computer’s hard drive. The overarching goal of these technologies for Marsh is to identify you when you visit our site so your experience can be customized and enhanced to your specific preferences.
Your browser software can be set to reject all cookies or to ask specifically for each website visited. Most browsers offer instructions on how to reset the browser if needed. Customers may also manually delete cookies from their computer if they desire. It should be noted however, that certain features are only available through the use of these technologies. If you reject a cookie, certain functions and conveniences of the site may not work properly. This is including but not limited to: logging in, purchasing items, participating in promotions and use of certain website services will not be accessible.
In order to optimize your experience during visits to our websites and for system administration, security and troubleshooting purposes, Marsh will collect certain other technical information from your computer each time you visit a page on our websites. This information may include, but is not limited to, your Internet Protocol (IP) address, your computer’s operating system, browser type and the address of a referring website, if applicable. By collecting this information, we are able to improve the content, products and services that we offer online.
Each Marsh The Marketplace, Marsh Supermarket, O’Malia Supermarket and MainStreet Market store has in effect security procedures for which employees may enter specific areas where information may be more likely present. Furthermore, passwords unique to each appropriate member are required for computer access where aggregate corporate information is stored.
Similarly, within the Marsh headquarters, security procedures are taken to ensure compliance with all standards to protect your personal information. Employees who violate the Company’s customer privacy safeguards are subject to disciplinary actions up to and including termination at Marsh’s determination. Employees violating such safeguards may also face further repercussions at our Legal System’s judgment.
Our family of websites has security measures in place to protect the loss, misuse, and alteration of your personal information under our control. Any time you provide Marsh with financial information, we use a secure server, which encrypts all of the information you provide and protects it from unauthorized access.
Marsh is not responsible for the content or the privacy and security standards of any third party website accessible from a link in our websites.
Marsh welcomes and appreciates your insights, remarks and questions.
If you have any insights, remarks or questions, please freely contact our Value Line at 1-800-382-8798 Monday through Friday, 8:00am to 4:30pm or online at http://www.marsh.net/contact-us/. Additionally, if preferred, we can be reached by mail here:
9800 Crosspoint Blvd.
Indianapolis, IN 46256
Pharmacy Privacy Notice
MARSH DRUGS, LLC dba MARSH PHARMACY AND MAINSTREET MARKET PHARMACY
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Marsh Drugs, LLC dba Marsh Pharmacy and MainStreet Pharmacy (“we”, “us”, or “our”) is required to maintain the privacy of Protected Health Information about you (“PHI”) and to provide you with notice of our legal duties and privacy practices with respect to PHI. PHI is information, including basic demographic information, that may identify you and that relates to your past, present or future physical or mental health condition and related health care services. This Notice of Privacy Practices (the “Notice”) describes how we may use and disclose PHI to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. It also describes your rights with respect to PHI about you.
We are required to follow the terms of this Notice as currently in effect. We will not use or disclose PHI without your written authorization, except as described in this Notice. We are required by law to (i) maintain the privacy of your PHI, (ii) provide you with notice of our legal duties and privacy practices with respect to PHI and (iii) notify you following a breach of your unsecured PHI.
We reserve the right to change our practices and this Notice and to make any new notice of privacy rights effective for all PHI we maintain. Upon your request, we will provide you with a copy of any revised notice of privacy practices.
Your Health Information Rights
With respect to PHI, you have the right to:
- Obtain a paper copy of the Notice upon request. You may request a copy of the Notice at any time. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. To obtain a paper copy, submit a written request to the Contact Office listed at the end of this Notice.
- Request restrictions on certain uses and disclosures of PHI. You may request additional restrictions on our use and disclosure of PHI about you to carry out treatment, payment or health care operations or for uses and disclosures to family members, other relatives, your close personal friend or any other person identified by you and that is directly relevant to any such person’s involvement with your care or payment related to your care. In order to request such a restriction, you must send a written request to the Contact Office listed at the end of this Notice . We are not required to agree to any such requested restriction or restrictions unless the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law and the PHI pertains solely to a health care item or service for which you or a person acting on your behalf has paid us the full usual and customary amount for the health care item or service.
- Inspect and obtain a copy of PHI. You have the right to access and copy PHI contained in a designated record set for as long as we maintain the PHI. The “designated record set” usually will include prescription and billing records. To inspect or receive a copy of PHI, you must complete a request form at the pharmacy where you received service. If we maintain the PHI that is the subject of your request in one or more designated record sets electronically and if you request an electronic copy of such information, we must provide you with access to the PHI in the electronic form and format that you request, if it is readily producible in such format or, if not, in a readable electronic form and format as agree upon by you and us.
We may charge you a fee for the costs of copying, mailing or other supplies that are necessary to respond to your request. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to PHI, you may request that the denial be reviewed in some cases.
- Request an amendment of PHI. If you feel that PHI we maintain is incomplete or incorrect, you may request that we amend it. You may request an amendment for as long as we maintain the PHI. To request an amendment, you must send a written request to the Contact Office listed at the end of this Notice.
In addition, you must include a reason that supports your request. In certain cases, we may deny your request for amendment. If we deny your request for amendment, you have the right to submit a statement of disagreement with the decision and we will provide you with a rebuttal to your statement if we prepare one.
- Receive an accounting of disclosures of PHI. You have the right to receive an accounting of the disclosures we have made of PHI in the 6 years prior to the date on which the accounting is requested for most purposes other than treatment, payment or health care operations. The accounting will exclude disclosures:
- We have made directly to you;
- To friends or family members involved in your care;
- To notify, or to assist in the notification of (including identifying or locating), a family member, your personal representative or another person responsible for your care, your location, general condition or death;
- Incident to a use or disclosure otherwise permitted or required by law;
- Pursuant to a valid authorization provided by you;
- As part of a limited data set in accordance with law;
- For national security or intelligence purposes; or
- To correctional institutions or law enforcement officials in accordance with law.
The right to receive an accounting is subject to certain other exceptions, restrictions and limitations. To request an accounting, you must submit your request in writing to the Contact Office listed at the end of this Notice.
Your request must specify the time period for the disclosures we have made during the period commencing no sooner than 6 years from the date on which you request the accounting. We will provide the first accounting you request within a 12 month period to you free of charge, but we may charge you for the cost of providing additional accountings. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time.
- Request communications of PHI by alternative means or at alternative locations. For instance, you may request to receive communications of PHI from us only in writing or at a different location or post office box. To request confidential communication of PHI about you, you must submit your request in writing to the Contact Office listed at the end of this Notice.
Your request must state how or when you would like to be contacted. We will accommodate all reasonable requests.
Examples of How We May Use and Disclose PHI
The following categories describe and provide examples of different ways that we use and disclose PHI about you when, in our professional judgment, it is in your best interest, when the information is requested by the Indiana Board of Pharmacy or by a law enforcement officer charged with enforcement of laws pertaining to drugs or devices or the practice of pharmacy, or when the disclosure is essential to our business operations.
For treatment. Examples: Information obtained by the pharmacist will be used to dispense prescription medications to you or to coordinate or manage health care with a health care provider involved in your care or to consult with a health care provider relating to your treatment. This would include contacting and communicating with any health care professionals (or their representatives) involved in your care as we deem appropriate. We will also document in your record information related to the medications dispensed to you and services provided to you.
For payment. Example: We will contact your insurer or pharmacy benefit manager to determine whether it will pay for your prescription and the amount of your co-payment responsibility. We will collect from you or a third party payor the amount due for prescription medications dispensed to you. The information on or accompanying the communication may include information that identifies you, as well as the prescriptions you are taking.
For health care operations. Example: We may use or disclose information in your health record to monitor the performance of the pharmacists providing treatment to you or to detect and prevent fraud and abuse by appropriate methods or for compliance programs. This information will be used in an effort to continually improve the quality and effectiveness of the health care and service we provide.
We may also use or disclose PHI for the following purposes:
Business associates. There are some services provided by us through contracts with business associates. Examples include billing, claims processing and administration and data analysis. When these services are contracted for, we may disclose PHI to our business associates so that they can perform the job we have asked them to do and collect from you or your third-party payor for services rendered. To protect PHI, the business associate must appropriately safeguard the PHI as part of our contract with the business associate.
Communications with individuals involved in your care or payment for your care: Health professionals such as pharmacists, using their professional judgment, may disclose to your representative involved in your care (i.e., a family member, other relative, close personal friend or neighbor or any person you identify) PHI that is relevant to your care, assistance in matters pertaining to your care or therapy and to that person’s involvement in your care. We may also disclose PHI to such person that is relevant to payment related to your care.
Personal communications: We may contact you to provide refill reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you.
Food and Drug Administration (FDA): We may disclose to the FDA or its agents PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post marketing surveillance information to enable product recalls, repairs or replacement.
Worker’s Compensation: We may disclose PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.
Public health: As required by law, we may disclose PHI about you to public health or legal authorities charged with preventing or controlling disease, injury or disability.
As required by law: We must disclose PHI when required to do so by law.
Health oversight activities: We may disclose PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations and inspections, as necessary for our licensure and for the government to monitor the health care system, government programs and compliance with civil rights laws.
Judicial and administrative proceedings: If you are involved in a lawsuit or a dispute, we may disclose PHI in response to a court or administrative order. We may also disclose PHI in response to a subpoena, discovery request or other lawful process by someone else involved in the dispute, but only if the person or entity making the request or filing for the subpoena or other lawful process has made efforts to tell you about the request or to obtain an order protecting the requested PHI.
We are permitted to use or disclose PHI for the following purposes:
Research: We may disclose PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
Coroners, medical examiners and funeral directors: We may release PHI to a coroner or medical examiner for the purpose of identifying a deceased person, determining a cause of death or other duties as authorized by law. We may also disclose PHI to funeral directors consistent with applicable law to carry out their duties.
Organ or tissue procurement organizations: Consistent with applicable law, we may disclose PHI to organ procurement organizations or other entities engaged in the procurement, banking or transplantation of organs for the purpose of facilitating organ, eye or tissue donation and transplantation.
Notification: We may use or disclose PHI to notify or assist in notifying a family member, personal representative or another person responsible for your care, your location and general condition.
Correctional institution: If you are or become an inmate of a correctional institution, we may disclose to the institution or its agents PHI necessary for your health and the health and safety of others.
To avert a serious threat to health or safety: We may use and disclose PHI when necessary to prevent or lessen a serious threat to your health and safety or the health and safety of the public or another person.
Military and veterans: If you are a member of the armed forces, we may release PHI as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate military authority.
National security and intelligence activities: We may release PHI to authorized federal officials for the conduct of intelligence, counterintelligence and other national security activities authorized by law.
Protective services for the President and others: We may disclose PHI to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
Victims of abuse, neglect or domestic violence: We may disclose PHI to a governmental authority, such as a social service or protective services agency, if we reasonably believe you are a victim of abuse, neglect or domestic violence. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else or the law enforcement or public official that is to receive the report represents that it is necessary and will not be used against you.
Other Uses and Disclosures of PHI
- We must obtain an authorization from you for any use or disclosure of psychotherapy notes except:
To carry out the following treatment, payment or health care operations:
- For use by the originator of the psychotherapy notes for treatment
- For use or disclosure by us for our own training programs in which students, trainees or practitioners in mental health learn under supervision to practice or improve their skills in group, joint, family or individual counseling
- For a use or disclosure by us to defend us in a legal action or other proceeding that you bring
- A use or disclosure required by the Secretary of Health and Human Services to investigate or determine our compliance with applicable law
- A use or disclosure to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law
- A disclosure with respect to the oversight of the originator of the psychotherapy notes to a health oversight agency for oversight activities authorized by law, including audits; civil , administrative or criminal investigations; inspections; licensure or disciplinary actions; civil, administrative or criminal proceedings or actions; or other oversight activities necessary for appropriate oversight of the health care system,, government benefit programs for which health information is relevant to beneficiary eligibility, entities subject to government regulatory programs for which health information is necessary for determining compliance with programs standards, or entities subject to civil rights laws for which health information is necessary for determining compliance.
- We must obtain an authorization from you for any disclosure of PHI which is a sale of PHI, which authorization must state that the disclosure will result in remuneration to us.
- We must obtain an authorization from you for any use or disclosure of PHI for marketing except if the marketing is in the form of (i) a face-to-face communication by us to you or (ii) a promotional gift of nominal value that we provide. If the marketing involves direct or indirect remuneration to us from a third party, the authorization must state that such remuneration is involved.
- We will obtain your separate written authorization before we use or disclose PHI for purposes other than those described in this Notice or as otherwise permitted or required by law in the event that we need to make such a use or disclosure.
You may revoke any authorization at any time by submitting such revocation in writing to the Contact Office listed at the end of this Notice. Upon receipt of the written revocation, we will stop using or disclosing PHI, except to the extent that we have already taken action in reliance on the authorization.
Chip and Signature
If you have questions or would like additional information about our privacy practices, you may contact us as follows at the contact office listed below. If you believe your privacy rights have been violated, you can file a complaint with us by writing to or calling us at the contact office listed below or with the Secretary of Health and Human Services. We will not retaliate against you for filing a complaint.
For More Information or to Report a Problem
Customer data security and privacy are key priorities to Marsh. We continue to protect all customer personal information, including credit card data.
We have a full team of professionals aggressively working to transition our point of sale systems to be compatible with the new Chip and Signature credit card standard, which you may have heard referred to as the new EMV (Europay, MasterCard, and Visa) standard.
The transition for the industry to fully convert will take some time as it is dependent on merchant programming updates, distribution of new cards, installation of new payment terminals and the readiness of payment processors.
We expect completion of our conversion in the first calendar quarter of 2016. Cards equipped with the new computer chips will also have the magnetic-stripe enabling continued use of your cards in our stores through this transition.
The information for contacting the Contact Office is:
Marsh Drugs, LLC
9800 Crosspoint Blvd.
Indianapolis, Indiana 46256
Attention: Pharmacy Documents Official
Telephone Number: (317) 594-2406
This Notice is effective as of 9/23/2013.