ARUP Patient Privacy Policy

ARUP Laboratories is committed to comply with the Health Insurance Portability and Accountability Act (HIPAA) Standards and General Data Protection Regulations (GDPR). ARUP has implemented policies, processes, and procedures designed to ensure compliance with these standards. Compliance to these standards is continuously monitored and audited for effectiveness, and workforce training is completed annually.

  • ARUP’s U.S. Notice of Privacy Practices
  • ARUP’s EU Data Protection Notice
  • ARUP’s HIPAA Training for Sponsored Individuals
  • ARUP complies with the security standards by ensuring that systems, policies, and procedures meet or exceed all required and addressable implementation specifications. Internet and interface connectivity is encrypted and/or password protected, and electronic access is limited to only those entities that have been authorized. Additionally, ARUP has implemented ARUP Connect™ and Secure File Transfer, secure methods for communicating protected health information and sensitive business communications with our clients. Clients wishing to establish an ARUP Connect account or retrieve protected health information via Secure File Transfer, may do so via ARUP Connect.

    Effective Date: November 30, 2018

    For ARUP HIPAA or GDPR compliance, contact:
    Karen Gauna

    Karen M Gauna, CT(ASCP), CHC, CHPC
    Privacy Officer
    ARUP Laboratories
    500 Chipeta Way MS241
    Salt Lake City, Utah 84108-1221

    (800) 242-2787, ext. 2063

     Contact the HIPAA Hotline


    If ARUP cannot resolve your concern or complaint, you may also file a complaint with the federal government. We will not penalize you or retaliate against you in any way for filing a complaint.