Last Updated: September 2013

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice describes the legal obligations of DexCom, Inc. ("DexCom") and your legal rights regarding your protected health information held by DexCom under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Among other things, this Notice describes how your protected health information may be used or disclosed to carry out treatment, payment, healthcare operations, or for any other purposes that are permitted or required by law. We are required to provide this Notice of Privacy Practices ("Notice") to you pursuant to HIPAA.

HIPAA protects certain medical information known as "protected health information." Generally, protected health information is information that may identify you, that is collected from you or created or received by a healthcare provider (or other "covered entity" under HIPAA), that relates to:

  • your past, present, or future physical or mental health or condition;
  • the provision of healthcare services to you; or
  • the past, present, or future payment for the provision of healthcare services to you.

If you have any questions about this Notice or about our privacy practices, please contact our designated Privacy Officer — John Lister, General Counsel & Vice President of Human Resources at 1-858-200-0200, or send an email to privacy@dexcom.com.

 

EFFECTIVE DATE

This Notice is effective September 2008.

DEXCOM'S RESPONSIBILITIES

DexCom is required by law to:

  • maintain the privacy of your protected health information;
  • provide you with certain rights with respect to your protected health information;
  • provide you with a copy of this Notice of DexCom's legal duties and privacy practices with respect to your protected health information; and
  • follow the terms of the Notice that is currently in effect.

We reserve the right to change the terms of this Notice and to make new provisions regarding your protected health information that we maintain, as allowed or required by law. If we make any material change to this Notice, we will provide you with a copy of our revised Notice of Privacy Practices by first-class mail to your last-known address on file.

WRITTEN AUTHORIZATION POLICY

We will generally obtain your written authorization before using your protected health information or disclosing it to outside persons or organizations.  We are required to obtain your written authorization to use or disclose your protected health information, with few exceptions, for the following reasons:

  • Sale of PHI.  We will request your written approval before we make any disclosure that is deemed a  sale of your protected health information.
  • Marketing.  We will request your written approval to use or disclose your protected health information for marketing purposes.
  • Psychotherapy Notes.  We will request your written approval to use or disclose any of your psychotherapy notes that we may have on file, with limited exceptions, including certain treatment, payment or healthcare operation functions.

 You may revoke any written authorization you have provided to us at any time, except to the extent that we have made any use(s) or disclosure(s) of your protected health information in reliance on the authorization. To revoke an authorization, please send your request in writing with a copy of the authorization being revoked (or, if not available, a detailed description of the authorization including the date) to our Privacy Officer at the address below.

HOW DEXCOM MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION WITHOUT YOUR WRITTEN AUTHORIZATION?

Under the law, we may use or disclose your protected health information under certain circumstances without your permission. The following categories describe the different ways that we may use and disclose your protected health information. For each category of uses or disclosures we will provide examples. Not every use or disclosure in a category will be listed; the examples are given only for purposes of illustration, since we cannot describe every possible use or disclosure of protected health information.

For Treatment. We may use or disclose your protected health information to help deliver, coordinate, manage and facilitate your healthcare and related services. For example, we may consult with or disclose medical information about you to providers such as your physician or other doctors, nurses, technicians, or other personnel who are involved in taking care of you.

For Payment. We may use or disclose your protected health information to obtain payment for the healthcare products we provide to you. For example, prior to providing you with such products, we may contact your insurance carrier, your HMO or your employer's health plan regarding your treatment, including your diagnosis and product needs, to ensure that such products will be covered. We may also disclose information to your insurance carrier or other payer that is necessary to submit claims for payment, or to resolve any questions such carrier or payer may have regarding quality assurance or utilization review.

For Healthcare Operations. We may use and disclose your protected health information in order to support our business activities, such as quality assessment and improvement activities, business planning, management and general administrative activities. For example, we may use your protected health information to determine how to improve our products, resolve complaints, and assess staff performance.

To Business Associates. We may contract with individuals or entities known as Business Associates to perform various functions on our behalf or to provide certain types of services. In order to perform these functions or to provide these services, Business Associates will receive, create, maintain, use and/or disclose your protected health information, but only after they agree in writing with us to implement appropriate safeguards regarding your protected health information. For example, we may disclose your protected health information to a Business Associate to administer claims or to provide support services, but only after the Business Associate enters into a Business Associate Agreement with us.

As Required by Law. We will disclose your protected health information when required to do so by federal, state, or local law. For example, we may disclose your protected health information when required by national security laws or public health disclosure laws.

To Avert a Serious Threat to Health or Safety. We may use and disclose your protected health information when necessary to prevent a serious threat to your health and safety, or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.

Organ and Tissue Donation and Procurement. We may release your protected health information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.

Military and Veterans. If you are a member of the armed forces, we may release your protected health information as required by military command authorities. We may also release protected health information about foreign military personnel to the appropriate foreign military authority.

Workers' Compensation. We may release your protected health information for workers' compensation or similar programs. These programs provide benefits for work-related injuries or illness.

Public Health Risks. As required by law, we may disclose your protected health information to public health or legal authorities under the following circumstances:

  • to prevent or control disease, injury, or disability;
  • to report births and deaths;
  • to report child abuse or neglect;
  • to track FDA-regulated products;
  • to report reactions to medications or problems with products;
  • to notify people of recalls of products they may be using;
  • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.

Victims of Abuse. We may disclose your protected health information to notify the appropriate government authority if we believe that an individual has been the victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree, or when required or authorized by law.

Health Oversight Activities. We may disclose your protected health information to a health oversight agency for activities authorized by law. These oversight activities include audits; civil, administrative, or criminal investigations, proceedings or actions; inspections; licensure or disciplinary actions; and other activities necessary for the appropriate oversight of the healthcare system, government programs, and compliance with civil rights laws.

Judicial and Administrative Proceedings, Lawsuits and Disputes. We may disclose your protected health information in the course of any judicial or administrative proceeding; if you are involved in a lawsuit or a dispute, we may disclose your protected health information in response to a court or administrative order. We may also disclose your protected health information in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.

Law Enforcement. We may disclose your protected health information if asked to do so by a law enforcement official in response to a court order, subpoena, warrant, summons or similar process:

  • to identify or locate a suspect, fugitive, material witness, or missing person;
  • about the victim of a crime if, under certain limited circumstances, we are unable to obtain the victim's agreement;
  • about a death that we believe may be the result of criminal conduct;
  • about criminal conduct; and
  • in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.

Coroners, Medical Examiners, and Funeral Directors. We may release protected health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients to funeral directors as necessary to carry out their duties.

National Security and Intelligence Activities. We may release your protected health information to authorized federal officials for intelligence, counter-intelligence, and other national security activities authorized by law.

Inmates. If you are an inmate of a correctional institution or are in the custody of a law enforcement official, we may disclose your protected health information to the correctional institution or law enforcement official if necessary (1) for the institution to provide you with healthcare; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.

Research. We may disclose your protected health information to researchers when:

  • the individual identifiers have been removed; or
  • when an institutional review board or privacy board has (a) reviewed the research proposal; and (b) established protocols to ensure the privacy of the requested information, and approves the research.

Personal Representatives. We will disclose your protected health information to individuals authorized by you, or to an individual designated as your personal representative, attorney-in-fact, etc., so long as you provide us with a written notice/authorization and any supporting documents (i.e., power of attorney). NOTE: We do not have to disclose information to a personal representative if we have a reasonable belief that:

  • you have been, or may be, subjected to domestic violence, abuse or neglect by such person;
  • treating such person as your personal representative could endanger you; or
  • in the exercise or professional judgment, it is not in your best interest to treat the person as your personal representative.

Reminders. We may contact you to provide reminders or information about appointments, product refills, treatment alternatives or other health-related benefits and services that may be of interest to you.

 

REQUIRED DISCLOSURES

The following is a description of disclosures of your protected health information we are required to make.

Government Audits. We are required to disclose your protected health information to the Secretary of the United States Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA privacy rule.

Disclosures to You. When you request, we are required to disclose to you the portion of your protected health information that contains medical records, billing records, and any other records used to make decisions regarding your healthcare benefits. We are also required, when requested, to provide you with an accounting of most disclosures of your protected health information if the disclosure was for reasons other than for payment, treatment, or healthcare operations, and if the protected health information not disclosed pursuant to your individual authorization.

 

YOUR RIGHTS

You have the following rights with respect to your protected health information:

Right to Inspect and Copy. You have the right to inspect and copy certain protected health information that may be used to make decisions about your healthcare benefits. To inspect and copy your protected health information, you must submit your request in writing to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or by sending an email to privacy@dexcom.com. If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request.

We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to your medical information, you may request that the denial be reviewed by submitting a written request to DexCom, Inc., ATTN. Chief Executive Officer, 6340 Sequence Drive, San Diego, CA 92121.

Right to Amend. If you feel that the protected health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for us.

To request an amendment, your request must be made in writing and submitted to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or by sending an email to privacy@dexcom.com. In addition, you must provide a reason that supports your request.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:

  • is not part of the medical information kept by or for us;
  • was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
  • is not part of the information that you would be permitted to inspect and copy; or
  • is already accurate and complete.

If we deny your request, you have the right to file a statement of disagreement with us and any future disclosures of the disputed information will include your statement.

Right to an Accounting of Disclosures. You have the right to request an "accounting" of certain disclosures of your protected health information. The accounting will not include (1) disclosures for purposes of treatment, payment, or healthcare operations; (2) disclosures made to you; (3) disclosures made pursuant to your authorization; (4) disclosures made to friends or family in your presence or because of an emergency; (5) disclosures for national security purposes; and (6) disclosures incidental to otherwise permissible disclosures.

To request this list or accounting of disclosures, you must submit your request in writing to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or by sending an email to privacy@dexcom.com. Your request must state a time period of not longer than six years and may not include dates before March 27, 2006. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be provided free of charge. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

 

Right to Request Restrictions. You have the right to request a restriction or limitation on your protected health information that we use or disclose for treatment, payment; or healthcare operations. You also have the right to request a limit on your protected health information that we disclose to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we not use or disclose information about a surgery that you had.

 

We are not required to agree to your request. However, if we do agree to the request, we will honor the restriction until you revoke it or we notify you.

To request restrictions, you must make your request in writing to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or by sending an email to privacy@dexcom.com. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply — for example, disclosures to your spouse.

 

Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.  To request confidential communications, you must make your request in writing to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or by sending an email to privacy@dexcom.com. We will not ask you the reason for your request. Your request must specify how or where you wish to be contacted. We will accommodate all reasonable requests if you clearly provide information that the disclosure of all or part of your protected information could endanger you.

 

Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.

You may obtain a copy of this notice at our website, www.dexcom.com.

To obtain a paper copy of this notice, please write to DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, or send an email to privacy@dexcom.com.

Complaints. If you believe that your privacy rights have been violated, you may file a complaint with the Office for Civil Rights of the United States Department of Health and Human Services. To file a complaint with DexCom, contact DexCom, Inc., ATTN. Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121. All complaints must be submitted in writing.

 

You will not be penalized, or in any other way retaliated against, for filing a complaint with the Office of Civil Rights, or with us.