The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Policy





The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires Exact Sciences and Exact Sciences Laboratories, LLC (“ES LAB”) to protect the privacy of your "protected health information" (PHI).  PHI includes information that we have created, received, maintained, or transmitted regarding your health or payment for healthcare services you have received. It includes both your medical records and personal information such as your name, social security number, address, and phone number.  PHI also includes genetic information about you or a family member such as genetic tests, manifestations of a disease or disorder, or requests for (or the receipt of) genetic services or participation in clinical research which includes genetic services.

HIPAA requires ES LAB to maintain the privacy of your PHI.  This Notice is intended to inform you of ES LAB’s legal obligations under HIPAA and related regulation to:

  • Protect the privacy of your PHI;
  • Provide you with this Notice explaining our duties and practices regarding your PHI;
  • Comply with the terms of this Notice.

This Notice also informs you about how ES LAB uses and discloses your PHI and explains the rights that you have with regard to the PHI that ES LAB maintains about you.

In some situations, federal and state laws provide privacy protections to your PHI in addition to HIPAA.  Examples of PHI that sometimes receives additional protection include PHI related to mental health, HIV/AIDS, reproductive health, or chemical dependency.  ES LAB may refuse to disclose such PHI, or ES LAB may contact you to obtain an express written authorization before disclosing it.

ES LAB is required to abide by the terms of this Notice.  However, ES LAB reserves the right to make changes to this Notice and to make such changes effective for all PHI ES LAB may already have about you.  If and when a material change is made to this Notice, ES LAB will post the revised Notice on our public web site at [] and at ES LAB branches.


Uses and Disclosures for Treatment, Payment, and Health Care Operations - No Authorization Required

Treatment:  ES LAB provides laboratory testing for physicians and other healthcare professionals, and we use your PHI to perform testing these healthcare professionals have ordered for you.  We disclose PHI to authorized healthcare professionals who need access to your test results in order to treat you.

Payment:  ES LAB may use or disclose PHI to obtain payment for the services we have provided.  For example, ES LAB may use and disclose your PHI to bill you or your health insurer for your tests.

Health Care Operations:  ES LAB may use and disclose your PHI for activities necessary to support our healthcare operations, such as, but not limited to, performing quality verification or internal audits.  ES LAB may also disclose your PHI to other individuals, called “business associates,” such as consultants and auditors, who help us with our business activities. (Note: If we share your PHI with business associates, they are required to maintain the privacy and security of your information.)

Other Permitted Uses and Disclosures Without Your Authorization.  HIPAA authorizes ES LAB, and its business associates, to use and/or disclose your PHI without your authorization in the following instances and for the following purposes.

When Required By Law.  For example:  for judicial and administrative proceedings pursuant to court or administrative order, legal process and authority; to report information related to victims of abuse, neglect, or domestic violence; and to assist law enforcement officials in their law enforcement duties.

For Health and Safety Purposes.  For example:  to avert a serious threat to the health or safety of you or any other person; to an authorized public health authority or individual to perform public health and safety activities, such as preventing or controlling disease, injury, or disability or to report vital statistics such as birth or death; or to meet the reporting and tracking requirements of governmental agencies, such as the Food and Drug Administration.

For Specialized Government Functions.  For example:  intelligence, national security activities, security clearance activities and protection of public officials; and to health oversight agencies for audits, examinations, investigations, inspections, and licensures.

For Active Members of the Military and Veterans.  For example:  to comply with the laws and regulations governing military services and veterans’ affairs.

For Workers’ Compensation.  For example:  to comply with the laws which provide benefits for work-related illnesses or injuries.

In Emergency Situations.  For example:  to a family member or close personal friend involved in your care in the event or an emergency or to a disaster relief entity in the event of a disaster.

To Others Involved in Your Care.  For example:  under limited circumstances, to a member of your family, a relative, a close friend, or other person you identify who is directly involved in your health care or payment of bills related to your health care; or, if you are seriously injured and unable to make a health care decision for yourself, we may disclose your PHI to a family member if we determine that disclosure is in your best interest. If you do not want this information to be shared, you may request that these disclosures be restricted as outlined later in this notice.

For Appointment Reminders.  For example:  to you to remind you that you have a health care appointment with us unless you specifically ask us to communicate with you through a different method as described later in this Notice.

To Personal Representatives.  For example:  to people you have authorized to act on your behalf, or people who have a legal right to act on your behalf, such as parents for unemancipated minors and individuals who have Power of Attorney for adults.

For Treatment and Health-Related Alternatives Information Purposes.  For example:  to communicate with you about treatment services, options, or alternatives, as well as health-related benefits or services that may be of interest to you, or to describe our providers to you.

For Research Purposes, but only to the extent that certain steps as required by law are taken to protect your privacy.

For Organ, Eye and Tissue Donation, if you are an organ donor, to an organ or procurement organization to facilitate an organ, eye, or tissue donation and transplantation.

Regarding Deceased Individuals to coroners, medical examiners, and funeral directors so those professionals may perform their duties.

To Correctional Facilities, if you are an inmate in a correctional facility, for certain purposes, such as providing health care to you or protecting your health and safety or that of others.

Any Other Uses and Disclosures Require Your Express Authorization.  Except in the situations listed in the sections above, we will use and disclose your PHI only with your written authorization, including uses and disclosures for:

Marketing.  Among other things, marketing does not include case management or care coordination for your treatment or to recommend alternative treatments, therapies, or healthcare providers for you as long as we do not receive any payment for making these communications with you.

Receiving direct or indirect payment in exchange for providing the information.  Such a “sale” of PHI does not include disclosing your information to a health insurer in order to receive payment for products or services we provide to you.

You may revoke your authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose PHI except as described above (or as permitted by any other authorizations that have not been revoked). However, please understand that we cannot retrieve any PHI disclosed to a third party in reliance on your prior authorization.  Once your PHI has been disclosed pursuant to your authorization, the protections HIPAA provides may no longer apply to the disclosed PHI, and the information may be re-disclosed by the recipient without your knowledge or authorization.


You have the following rights regarding your PHI that ES LAB creates, collects and maintains.  If you are required to submit a written request related to these rights, as described below, you should submit the request to ES LAB’s Privacy Officer as follows:

Bonny Kneedler
Exact Sciences Laboratories
145 East Badger Road
Madison, WI  53713

Right to Request Restrictions:  You have the right to request restrictions on your PHI that ES LAB uses or discloses to carry out treatment, payment, or healthcare operations. You may also ask that we limit the information we give to someone who is involved in your care, such as a family or friend. Please note that we are not required to agree to your request unless, and except as otherwise required by law, the disclosure you want to restrict pertains solely to a healthcare item or service for which you have paid for out of pocket in full. If we do or must agree, we will honor your limits unless it is an emergency situation.  To request a restriction of your PHI, please submit your request in writing.

Right to Receive Confidential Communications or Communications by Alternative Means or at an Alternative Location:  You have the right to ask that we communicate with you by another means or at a different address.  For example, you may request that we contact you at home rather than at work.  To request communications by another means or at an alternative location, please submit your request in writing.   You should state the alternative means by, or location at which you would like to receive, your PHI.  If appropriate, your request should state that the disclosure of all or part of the information by non-confidential communications could endanger you.  Reasonable requests will be accommodated to the extent possible and you will be notified appropriately.

Right to Inspect and Copy:  You have the right to inspect and receive a copy of your PHI that ES LAB or its business associates maintain in a designated record set.  We may ask you to make this request in writing to the Privacy Officer, and we may charge a reasonable fee for the cost of producing and mailing the copies. In certain situations we may deny your request and will tell you why we are denying it. In some cases you may have the right to ask for a review of our denial.

Right to Amend:  You have the right to request that ES LAB or its business associates amend your PHI that is maintained in a designated record set if you believe the information is incorrect or incomplete.  To request an amendment, submit a detailed, written request to the Privacy Officer.  This request must provide the reason(s) that supports your request.  ES LAB may deny your request if it is not in writing, if it does not provide a reason in support of the request, or if you have asked to amend information that:

  • Was not created by or for ES LAB, unless you provide ES LAB with information that the person or entity that created the information is no longer available to make the amendment;
  • Is not part of the PHI maintained by or for ES LAB;
  • Is not part of the health record information that you would be permitted to inspect and copy; or
  • Is accurate or complete.

ES LAB will notify you in writing as to whether it accepts or denies your request for an amendment to your PHI.  If ES LAB denies your request, it will explain how you can continue to purse the denied amendment.

Right to Receive an Accounting of Disclosures:  You have the right to request an “accounting” of certain disclosures of your PHI.  The accounting lists instances where ES LAB or its business associates disclosed some portion of your PHI to others and to whom that disclosure was made.  The accounting does not include disclosures for treatment, payment, and health care operations; disclosures made to or authorized by you; and certain other disclosures.  You may request an accounting of the disclosures made up to six years before your request. If you want an accounting that covers a time period of less than six years, please state that in your written request for the accounting.

To request an accounting of disclosures, submit a written request to the Privacy Officer.  You may receive one list per year at no charge. If you request another list during the same year, we may charge you a reasonable fee; however, we will notify you of the cost involved before processing the accounting.

Right to Request a Paper Copy of this Notice:  You have a right to receive a copy of this Notice at any time.  To obtain it, submit a written request to the Privacy Officer.

Right to Complain:  You have the right to complain to ES LAB and to the Department of Health and Human Services if you believe your privacy rights have been violated.  To file a complaint with ES LAB, submit a written complaint to the Privacy Officer.  ES LAB will not retaliate or discriminate against you or otherwise withhold services, payment, or privileges from you because you file a complaint with ES LAB or with the Department of Health and Human Services.

Right to Receive A Notice of Certain Breaches:  You have the right to receive notice in the event that we or one of our business associates create, receive, maintain or transmit your PHI in an unsecured manner (such as in paper form or if the PHI is in electronic form but is not secured) and a breach of our safeguards occurs.

Our state of the art contact center can assist you and answer your questions. Call 1-844-870-8870