HIPAA Compliance

Notice of Privacy Practices

Effective: April 6, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Commitment to Your Privacy

KAYU Health is committed to protecting your protected health information (PHI). This notice explains how we may use and disclose your PHI and describes your rights under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

How We May Use and Disclose Your PHI

  • Treatment: To provide, coordinate, and manage your healthcare. This includes sharing information with your prescribing physician, compounding pharmacy, and laboratory services.
  • Payment: To process payments for services rendered, verify insurance eligibility (if applicable), and manage billing.
  • Healthcare operations: To improve the quality of our services, train staff, conduct quality assessments, and maintain business operations.
  • With your authorization: Any use or disclosure not described in this notice requires your written authorization, which you may revoke at any time.

AI-Assisted Processing of PHI

With your consent, KAYU uses AI systems to process your PHI for treatment purposes:

  • Transcription of telehealth consultations using HIPAA-compliant transcription services (Daily.co with signed BAA)
  • Extraction of clinical data to assist your physician in protocol development
  • Generation of protocol recommendations reviewed by your treating physician
  • Creation of visit recaps sent to you after physician approval

All AI processing occurs within HIPAA-compliant infrastructure. Every AI-generated output is reviewed by a licensed clinician before clinical use. You may opt out of AI-assisted processing at any time.

Your Rights

  • Right to access: You may request copies of your PHI.
  • Right to amend: You may request corrections to your PHI.
  • Right to an accounting of disclosures: You may request a list of certain disclosures we have made.
  • Right to request restrictions: You may ask us to limit how we use or disclose your PHI.
  • Right to confidential communications: You may request that we contact you in a specific way or at a specific location.
  • Right to a paper copy: You may request a paper copy of this notice at any time.
  • Right to file a complaint: You may file a complaint with us or with the U.S. Department of Health and Human Services if you believe your privacy rights have been violated.

Our Security Measures

  • All PHI encrypted at rest and in transit (AES-256, TLS 1.3)
  • Business Associate Agreements signed with all vendors handling PHI (Supabase, Daily.co, DoseSpot, Resend)
  • Row-level security on all database tables containing PHI
  • Immutable audit log for every PHI access event
  • Multi-factor authentication required for all clinical staff accounts
  • Annual HIPAA risk assessments and security audits

Privacy Officer

For questions about this notice or to exercise your rights:

KAYU Health Privacy Officer
1106 N La Cienega Blvd, Suite 206
West Hollywood, CA 90069
hipaa@kayuhealth.com

You may also file a complaint with:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
(877) 696-6775