Kiio Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Kiio Inc. ("Kiio") is committed to protecting the privacy and security of our customers' data. To that end, we operate in compliance with all applicable privacy and data protection laws including the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH") and implementation regulations (“HIPAA”).
This Notice of Privacy Practices describes the practices Kiio will follow with respect to the privacy of the health information of members using the websites and mobile applications that make up Kiio’s digital therapeutic solutions and related services (“Services”).
Health Information We Collect
Kiio takes the confidentiality of your health information seriously. In providing our Services, some of the information we collect may constitute protected health information (“PHI”) under HIPAA. PHI is individually identifiable information that may relate to (a) your past, present or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care, which is created, received, transmitted or maintained by Kiio. This Notice of Privacy Practices describes how we protect the privacy of your protected health information as a member using our Services. Kiio has certain obligations under HIPAA for maintaining the privacy and security of your PHI collected while providing our Services.
Information We Disclose
When you use Kiio’s Services, Kiio may use and disclose your PHI for the purposes described below. These uses and disclosures do not require your prior authorization. You may revoke your authorization for Kiio to use or share your health information at any time, except for uses or disclosures we have already made. Kiio may use and disclose your health information for the following purposes:
Kiio can use your health information in the delivery of Kiio’s Services. For example, your health and program information can be used by Kiio’s Services to personalize your experience.
We may use and share your health information to obtain payment for our Services. For example, we may disclose your PHI to your health plan to determine whether you are enrolled with the payer or eligible for health benefits or to get payment for our Services.
Associated Health Care
We may use and share your health information for activities related to your health care. For example, the Kiio care team or your program sponsor may access your health information to verify your progress and provide recommendations to improve your experience.
For some aspects of Kiio’s Services, we work with other companies, known as “subcontractor business associates”, who help deliver the Services you enjoy. These entities are required to keep any PHI confidential and store it securely. As an example, we use Microsoft as a subcontractor business associate to help securely store and back up the data we collect.
De-identified and Aggregated Data
We may use and disclose your information in a de-identified and aggregated manner to analyze our users’ experiences and help improve our Services. In this case, all references that could be used to identify you would be removed from the data prior to use.
We are allowed to use or share your information for health research as authorized by law. However, if this situation arises, Kiio would not release information without de-identifying the data in advance.
As Required by Law
We may use or disclose your PHI if required by state or federal law.
Public Health and Safety
We may use and disclose your PHI to prevent or minimize a serious threat to your health and safety or that of another person. We may also disclose PHI to those assisting in disaster relief efforts, so that others can be notified about your condition, status and location.
Law Enforcement Activities
We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may also disclose PHI to appropriate agencies if we reasonably believe an individual to be a victim of abuse, neglect or domestic violence.
We may disclose PHI to respond to a court or administrative order, or in response to a warrant, investigation demand or other legal process.
We may also use and disclose your PHI for other purposes as permitted by HIPAA.
Where state law is applicable and more restrictive of disclosure than federal law, we are required to follow the more restrictive state law.
As a user of Kiio’s Services, you have rights with respect to your health information:
Changes to the Terms of this Notice
From time to time, Kiio may change this privacy statement, which is applicable to all PHI we maintain about you. For example, as we update and improve our Services, new features may require modifications to the privacy statement. The new notice will be posted and available on our website. As a result, please check back periodically.
Revised: August 24, 2020