HIPAA
Notice of Privacy Practices
Effective: May 26, 2026 · Genko, Inc.
About This Notice
This Notice of Privacy Practices ("Notice") is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. It describes how Genko, Inc. ("Genkō"), acting as a Business Associate to healthcare providers, uses and discloses Protected Health Information (PHI) and outlines your rights with respect to that information. We are required by law to maintain the privacy and security of PHI, provide this Notice, and abide by its terms.
What Is Protected Health Information?
Protected Health Information (PHI) is individually identifiable health information that Genkō creates, receives, maintains, or transmits in its capacity as a Business Associate. This includes information about your past, present, or future physical or mental health condition; the provision of health care to you; or payment for that care — when combined with identifying information such as your name, address, date of birth, or contact details.
How We Use and Disclose PHI
As a Business Associate, Genkō processes PHI exclusively on behalf of Covered Entities (your healthcare providers) under executed Business Associate Agreements. We do not use or disclose PHI for any purpose other than providing our services.
Treatment
We use PHI to facilitate scheduling, appointment reminders, and related care coordination on behalf of your healthcare provider.
Health Care Operations
We process PHI to support the administrative and operational functions of healthcare practices, including patient communications, provider scheduling, and record management.
Required by Law
We may disclose PHI when required by federal, state, or local law, including compliance with court orders, subpoenas, or government agency requests.
Subprocessors
We may share PHI with our own subcontractors and technology partners who assist in delivering our services, provided they have executed equivalent Business Associate Agreements and are bound by the same privacy obligations.
Breach Notification
We will notify affected Covered Entities of any unauthorized access, use, disclosure, modification, or destruction of PHI in accordance with HIPAA Breach Notification Rule requirements (45 CFR §164.410), without unreasonable delay and within 60 days of discovery.
Uses and Disclosures Requiring Authorization
Any use or disclosure of PHI not described in this Notice or in an applicable Business Associate Agreement requires your written authorization. This includes most uses or disclosures of psychotherapy notes, use of PHI for marketing purposes, and any sale of PHI. You may revoke a previously granted authorization at any time in writing.
Your Rights Regarding PHI
As an individual whose PHI we process, you have the following rights under HIPAA. Because Genkō acts as a Business Associate, most rights must be exercised directly with your healthcare provider (the Covered Entity), who will coordinate with us as needed.
Right to Access
You have the right to inspect and obtain a copy of PHI about you held in a designated record set. Contact your healthcare provider to make this request.
Right to Amendment
You may request that your healthcare provider amend PHI you believe is inaccurate or incomplete. The provider may deny the request with a written explanation.
Right to an Accounting of Disclosures
You may request a list of certain disclosures of your PHI made by your healthcare provider and its business associates during the past six years.
Right to Restrict
You may ask your healthcare provider to restrict how your PHI is used or shared. Providers are not always required to agree, except when you pay out-of-pocket for a service in full.
Right to Confidential Communications
You may request that your provider contact you only via certain means or at a specific location to protect your privacy.
Right to a Paper Copy
You have the right to receive a printed copy of this Notice upon request. Contact us at privacy@getgenko.com.
Our Legal Duties
Genkō is required by law to: (1) maintain the privacy and security of PHI; (2) notify affected individuals and Covered Entities following a breach of unsecured PHI; and (3) abide by the terms of this Notice. We reserve the right to amend this Notice at any time. Revised Notices will be posted at getgenko.com/legal/hipaa with an updated effective date and will apply to all PHI we maintain.
HIPAA Security Rule Compliance
Genkō implements comprehensive administrative, physical, and technical safeguards to protect electronic PHI (ePHI) as required by the HIPAA Security Rule (45 CFR Part 164, Subpart C). Controls include encryption at rest and in transit (AES-256 / TLS 1.3), role-based access controls, comprehensive audit logging, regular workforce training, business continuity planning, and annual risk assessments.
How to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint with your healthcare provider, directly with Genkō, or with the U.S. Department of Health and Human Services Office for Civil Rights. You will not be penalized or retaliated against for filing a complaint.
Contact Genkō
Email privacy@getgenko.com or write to: Genko, Inc., Attn: Privacy Officer, 131 Continental Dr, Suite 305, Newark, DE 19713.
Contact HHS Office for Civil Rights
U.S. Department of Health & Human Services, Office for Civil Rights, 200 Independence Avenue S.W., Washington, D.C. 20201. Online filing available at hhs.gov/ocr/privacy/hipaa/complaints.
Privacy Officer
Genko, Inc.
131 Continental Dr, Suite 305
Newark, DE 19713 US
Privacy: privacy@getgenko.com
Data Protection Officer: dpo@getgenko.com