Kiio Notice of Privacy Practices


Kiio Inc. ("Kiio") is committed to protecting the privacy and security of our customers' data. To that end, we operate in compliance with all applicable privacy and data protection laws including the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH") and implementation regulations (“HIPAA”).  

This Notice of Privacy Practices describes the practices Kiio will follow with respect to the privacy of the health information of members using the websites and mobile applications that make up Kiio’s digital therapeutic solutions and related services (“Services”).

Health Information We Collect

Kiio takes the confidentiality of your health information seriously.  In providing our Services, some of the information we collect may constitute protected health information (“PHI”) under HIPAA. PHI is individually identifiable information that may relate to (a) your past, present or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care, which is created, received, transmitted or maintained by Kiio. This Notice of Privacy Practices describes how we protect the privacy of your protected health information as a member using our Services. Kiio has certain obligations under HIPAA for maintaining the privacy and security of your PHI collected while providing our Services.

Information We Disclose

When you use Kiio’s Services, Kiio may use and disclose your PHI for the purposes described below. These uses and disclosures do not require your prior authorization. You may revoke your authorization for Kiio to use or share your health information at any time, except for uses or disclosures we have already made. Kiio may use and disclose your health information for the following purposes:

Service Delivery

Kiio can use your health information in the delivery of Kiio’s Services. For example, your health and program information can be used by Kiio’s Services to personalize your experience.


We may use and share your health information to obtain payment for our Services.  For example, we may disclose your PHI to your health plan to determine whether you are enrolled with the payer or eligible for health benefits or to get payment for our Services.

Associated Health Care

We may use and share your health information for activities related to your health care. For example, the Kiio care team or your program sponsor may access your health information to verify your progress and provide recommendations to improve your experience.

Business Associates

For some aspects of Kiio’s Services, we work with other companies, known as “subcontractor business associates”, who help deliver the Services you enjoy.  These entities are required to keep any PHI confidential and store it securely. As an example, we use Microsoft as a subcontractor business associate to help securely store and back up the data we collect.

De-identified and Aggregated Data

We may use and disclose your information in a de-identified and aggregated manner to analyze our users’ experiences and help improve our Services. In this case, all references that could be used to identify you would be removed from the data prior to use.


We are allowed to use or share your information for health research as authorized by law. However, if this situation arises, Kiio would not release information without de-identifying the data in advance.

As Required by Law

We may use or disclose your PHI if required by state or federal law.

Public Health and Safety

We may use and disclose your PHI to prevent or minimize a serious threat to your health and safety or that of another person.  We may also disclose PHI to those assisting in disaster relief efforts, so that others can be notified about your condition, status and location.

Law Enforcement Activities

We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may also disclose PHI to appropriate agencies if we reasonably believe an individual to be a victim of abuse, neglect or domestic violence.

Legal Proceedings

We may disclose PHI to respond to a court or administrative order, or in response to a warrant, investigation demand or other legal process.

We may also use and disclose your PHI for other purposes as permitted by HIPAA.  

State Law

Where state law is applicable and more restrictive of disclosure than federal law, we are required to follow the more restrictive state law.

Your Rights

As a user of Kiio’s Services, you have rights with respect to your health information:

  • Right to Inspect and Obtain a copy of PHI: You have a right to inspect and obtain a copy of your protected health information we maintain.
  • Right to Request Restrictions: You may request that we limit what information we use or share. We will notify you within 60 days whether we can agree to your request.
  • Right to Request Alternative Means of Confidential Communication: You have the right to request that copies of your medical information be provided by alternative means.  
  • Right to Request Corrections: You have a right to request that we correct your protected health information that you think is incorrect or incomplete.
  • Right to Receive an Accounting of Disclosures: You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask. The accounting will outline who we shared it with and why. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (i.e. any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
  • Right to Obtain a Paper Copy of this Notice: You have the right to obtain a paper copy of this notice upon request at the address below.
  • Right to File a Complaint: You may file a complaint with Kiio if you believe your Privacy Rights have been violated.  To file a complaint or ask any questions about this Notice of Privacy Practices, send an email to us at, or write to us at the following address: 2920 Marketplace Dr., #203, Madison, WI 53719.
  • You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate  against any individual for filing a complaint.

Our Responsibilities

  • We are required by law to maintain the privacy and security of your protected health information.
  • We will not use or disclose your PHI for marketing purposes or sell your PHI, unless you have agreed to this use or disclosure.  
  • We must follow the duties and privacy practices described in this notice and provide a copy of it.
  • We will not use or share your information other than as described here unless you tell us in writing that we can. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
  • We will work with your program sponsor to inform you, without unreasonable delay, if a breach occurs that may have compromised the privacy or security of your information.

Changes to the Terms of this Notice

From time to time, Kiio may change this privacy statement, which is applicable to all PHI we maintain about you. For example, as we update and improve our Services, new features may require modifications to the privacy statement.  The new notice will be posted and available on our website. As a result, please check back periodically.


Revised: August 24, 2020