Notice of Privacy Practices

For Treatment. We may use or disclose your protected health information to help deliver, coordinate, manage and facilitate your healthcare and related services. For example, we may consult with or disclose medical information about you to providers such as your physician or other doctors, nurses, technicians, or other personnel who are involved in taking care of you.

For Payment. We may use or disclose your protected health information to obtain payment for the healthcare products we provide to you. For example, prior to providing you with such products, we may contact your insurance carrier, your HMO or your employer's health plan regarding your treatment, including your diagnosis and product needs, to ensure that such products will be covered. We may also disclose information to your insurance carrier or other payer that is necessary to submit claims for payment, or to resolve any questions such carrier or payer may have regarding quality assurance or utilization review.

For Healthcare Operations. We may use and disclose your protected health information in order to support our business activities, such as quality assessment and improvement activities, business planning, management and general administrative activities. For example, we may use your protected health information to determine how to improve our products, resolve complaints, and assess staff performance.

To Business Associates. We may contract with individuals or entities known as Business Associates to perform various functions on our behalf or to provide certain types of services. In order to perform these functions or to provide these services, Business Associates will receive, create, maintain, use and/or disclose your protected health information, but only after they agree in writing with us to implement appropriate safeguards regarding your protected health information. For example, we may disclose your protected health information to a Business Associate to administer claims or to provide support services, but only after the Business Associate enters into a Business Associate Agreement with us.

As Required by Law. We will disclose your protected health information when required to do so by federal, state, or local law. For example, we may disclose your protected health information when required by national security laws or public health disclosure laws.

To Avert a Serious Threat to Health or Safety. We may use and disclose your protected health information when necessary to prevent a serious threat to your health and safety, or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.

Organ and Tissue Donation and Procurement. We may release your protected health information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.

Military and Veterans. If you are a member of the armed forces, we may release your protected health information as required by military command authorities. We may also release protected health information about foreign military personnel to the appropriate foreign military authority.

Workers' Compensation. We may release your protected health information for workers' compensation or similar programs. These programs provide benefits for work-related injuries or illness.

Public Health Risks. As required by law, we may disclose your protected health information to public health or legal authorities under the following circumstances:

• to prevent or control disease, injury, or disability;
• to report births and deaths;
• to report child abuse or neglect;
• to track FDA-regulated products;
• to report reactions to medications or problems with products;
• to notify people of recalls of products they may be using;
• to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.

Victims of Abuse. We may disclose your protected health information to notify the appropriate government authority if we believe that an individual has been the victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree, or when required or authorized by law.

Health Oversight Activities. We may disclose your protected health information to a health oversight agency for activities authorized by law. These oversight activities include audits; civil, administrative, or criminal investigations, proceedings or actions; inspections; licensure or disciplinary actions; and other activities necessary for the appropriate oversight of the healthcare system, government programs, and compliance with civil rights laws.

Judicial and Administrative Proceedings, Lawsuits and Disputes. We may disclose your protected health information in the course of any judicial or administrative proceeding; if you are involved in a lawsuit or a dispute, we may disclose your protected health information in response to a court or administrative order. We may also disclose your protected health information in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.

Law Enforcement. We may disclose your protected health information if asked to do so by a law enforcement official in response to a court order, subpoena, warrant, summons or similar process:

• to identify or locate a suspect, fugitive, material witness, or missing person;
• about the victim of a crime if, under certain limited circumstances, we are unable to obtain the victim's agreement;
• about a death that we believe may be the result of criminal conduct;
• about criminal conduct; and
• in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.

Coroners, Medical Examiners, and Funeral Directors. We may release protected health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients to funeral directors as necessary to carry out their duties.

National Security and Intelligence Activities. We may release your protected health information to authorized federal officials for intelligence, counter-intelligence, and other national security activities authorized by law.

Inmates. If you are an inmate of a correctional institution or are in the custody of a law enforcement official, we may disclose your protected health information to the correctional institution or law enforcement official if necessary (1) for the institution to provide you with healthcare; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.

Research. We may disclose your protected health information to researchers when:

• the individual identifiers have been removed; or
• when an institutional review board or privacy board has (a) reviewed the research proposal; and (b) established protocols to ensure the privacy of the requested information, and approves the research.

Personal Representatives. We will disclose your protected health information to individuals authorized by you, or to an individual designated as your personal representative, attorney-in-fact, etc., so long as you provide us with a written notice/authorization and any supporting documents (i.e., power of attorney). NOTE: We do not have to disclose information to a personal representative if we have a reasonable belief that:

• you have been, or may be, subjected to domestic violence, abuse or neglect by such person;
• treating such person as your personal representative could endanger you; or
• in the exercise or professional judgment, it is not in your best interest to treat the person as your personal representative.

Reminders. We may contact you to provide reminders or information about appointments, product refills, treatment alternatives or other health-related benefits and services that may be of interest to you.

Government Audits. We are required to disclose your protected health information to the Secretary of the United States Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA privacy rule.

Disclosures to You. When you request, we are required to disclose to you the portion of your protected health information that contains medical records, billing records, and any other records used to make decisions regarding your healthcare benefits. We are also required, when requested, to provide you with an accounting of most disclosures of your protected health information if the disclosure was for reasons other than for payment, treatment, or healthcare operations, and if the protected health information not disclosed pursuant to your individual authorization.

Right to Inspect and Copy. You have the right to inspect and copy certain protected health information that may be used to make decisions about your healthcare benefits. To inspect and copy your protected health information, you must submit your request in writing to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or by sending an email to privacy@dexcom.com. If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request.

We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to your medical information, you may request that the denial be reviewed by submitting a written request to DexCom, Inc., ATTN. Chief Executive Officer, 6340 Sequence Drive, San Diego, CA 92121.

Right to Amend. If you feel that the protected health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for us.

To request an amendment, your request must be made in writing and submitted to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or by sending an email to privacy@dexcom.com. In addition, you must provide a reason that supports your request.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:

• is not part of the medical information kept by or for us;
• was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
• is not part of the information that you would be permitted to inspect and copy; or
• is already accurate and complete.

If we deny your request, you have the right to file a statement of disagreement with us and any future disclosures of the disputed information will include your statement.

Right to an Accounting of Disclosures. You have the right to request an "accounting" of certain disclosures of your protected health information. The accounting will not include (1) disclosures for purposes of treatment, payment, or healthcare operations; (2) disclosures made to you; (3) disclosures made pursuant to your authorization; (4) disclosures made to friends or family in your presence or because of an emergency; (5) disclosures for national security purposes; and (6) disclosures incidental to otherwise permissible disclosures.

To request this list or accounting of disclosures, you must submit your request in writing to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or by sending an email to privacy@dexcom.com. Your request must state a time period of not longer than six years and may not include dates before March 27, 2006. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be provided free of charge. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

Right to Request Restrictions. You have the right to request a restriction or limitation on your protected health information that we use or disclose for treatment, payment; or healthcare operations. You also have the right to request a limit on your protected health information that we disclose to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we not use or disclose information about a surgery that you had.

We are not required to agree to your request. However, if we do agree to the request, we will honor the restriction until you revoke it or we notify you.

To request restrictions, you must make your request in writing to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or by sending an email to privacy@dexcom.com. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply — for example, disclosures to your spouse.

Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.

To request confidential communications, you must make your request in writing to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or by sending an email to privacy@dexcom.com. We will not ask you the reason for your request. Your request must specify how or where you wish to be contacted. We will accommodate all reasonable requests if you clearly provide information that the disclosure of all or part of your protected information could endanger you.

Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.

You may obtain a copy of this notice at our website, www.dexcom.com.

To obtain a paper copy of this notice, please write to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or send an email to privacy@dexcom.com.