Effective Date: February 16, 2026
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Who Abides by this Notice
Kento Health Inc. (“Kento Health,” “Company,” “we,” “our,” or “us”) provides and supports wellness, coaching, and related healthcare services through Kento Health programs (the “Services”). This document is a unified statement of our privacy practices (this “Notice”) describing how we may use and disclose Protected Health Information (“PHI”) and how you can access your PHI.
PHI is governed by the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”).
Depending on the manner in which Services are provided to you, Kento Health may operate:
as a Covered Entity; or
as a Business Associate on behalf of a healthcare provider or health system pursuant to a Business Associate Agreement (“BAA”).
When Kento Health operates as a Business Associate, the applicable healthcare provider or health system remains responsible for certain HIPAA obligations, and its Notice of Privacy Practices may also apply.
This Notice applies to:
Kento Health workforce members;
Healthcare professionals providing services through Kento Health’s platform;
Business associates and subcontractors acting on our behalf, where required by law.
We may use and disclose PHI as permitted or required by HIPAA in order to provide Services, obtain payment, and conduct healthcare operations.
If you have questions about this Notice, please contact the Privacy Officer using the information at the end of this document.
Our Pledge to Privacy
We are committed to protecting the privacy and security of your PHI. PHI is health information about you that identifies you or could reasonably be used to identify you, and that relates to:
your past, present, or future physical or mental health condition;
healthcare services provided to you; or
past, present, or future payment for healthcare.
By law, we are required to:
maintain the privacy and security of PHI;
provide you with this Notice of our legal duties and privacy practices under HIPAA;
follow the terms of this Notice while it is in effect; and
notify you following a breach of unsecured PHI, in accordance with HIPAA and applicable law.
Some state laws may provide greater privacy protections than HIPAA. Where applicable state law is more stringent, we comply with those more protective requirements.
We are required to follow the terms of this Notice for as long as it remains in effect. We reserve the right to change this Notice and to make the revised Notice effective for PHI we already maintain about you, as permitted by law. The revised Notice will be available upon request and on our website. If we make a material change, we will notify you as required by law (for example, by posting on our website and/or by additional communications where appropriate).
This Notice applies to PHI maintained by Kento Health in connection with Services. Your other healthcare providers may maintain separate records and may issue separate notices of privacy practices.
Permissible Uses and Disclosures of Protected Health Information
We may use and disclose your PHI in certain ways to provide Services and to operate our programs. Not every disclosure is listed below, but all uses and disclosures we make fall within one of the categories described below.
With Your Authorization and Consent
Except as described in this Notice, we will not use or disclose your PHI for purposes other than treatment, payment, or healthcare operations unless you sign a written authorization permitting us to do so, or unless otherwise permitted or required by law.
If you authorize us to use or disclose your PHI, you may revoke that authorization in writing at any time. Your revocation will not affect disclosures already made in reliance on your authorization.
For Treatment
We may use and disclose your PHI for treatment activities. For example, we may use or share your PHI with physicians, nurses, coaches, or other healthcare professionals involved in your care so they can provide, coordinate, or manage appropriate services. We may also use your PHI to send reminders and provide information about treatment alternatives or other health-related services where permitted by law.
For Payment
We may use and disclose your PHI as necessary for payment. For example, we may provide information to an insurer or health plan to support coverage determinations or payment for services, prepare and send bills, and conduct related payment and collection activities.
For Healthcare Operational Needs and Activities
We may use and disclose your PHI for healthcare operations. Examples include quality assessment and improvement, program evaluation, training, accreditation, compliance activities, customer service, business planning, and general administrative activities necessary to operate the Services.
Business Collaborations (Business Associates)
We may disclose PHI to third-party business associates that help us provide Services (such as technology providers, hosting providers, billing vendors, customer support vendors, analytics vendors, and professional advisors). Business associates are required by contract and, where applicable, by law to protect PHI and to use it only as permitted.
Research
In limited circumstances, we may use or disclose PHI for research purposes as permitted by HIPAA. Where required, such use or disclosure will be subject to appropriate safeguards, such as review by an Institutional Review Board (“IRB”) or Privacy Board, obtaining your authorization where required, or use of de-identified information.
Special Situations Where Disclosure Does Not Require Your Authorization at Kento Health
HIPAA permits or requires certain uses and disclosures of PHI without your authorization. These may include:
Public Health Initiatives
We may disclose PHI for public health purposes, such as:
preventing or controlling disease, injury, or disability;
reporting births and deaths;
reporting child, elder, or dependent adult abuse or neglect;
reporting adverse reactions to medications or problems with products;
notifying individuals about product recalls;
notifying individuals who may have been exposed to a disease or may be at risk; and
notifying emergency responders of potential exposure to communicable diseases where permitted by law.
Abuse or Domestic Violence Victims
We may disclose PHI to government authorities if we believe you are a victim of abuse, neglect, or domestic violence, as permitted or required by law.
Health Oversight Activities
We may disclose PHI to health oversight agencies for activities such as audits, investigations, inspections, licensure, or other oversight activities authorized by law.
Legal Proceedings
We may use or disclose PHI in response to a court order, subpoena, discovery request, or other lawful process, as permitted by HIPAA and other applicable law.
Engaging with Law Enforcement
We may disclose PHI to law enforcement officials as permitted by law, including in response to warrants, subpoenas, or similar legal processes, for identification and location purposes, or in connection with suspected criminal activity where permitted.
Upon Passing
We may disclose PHI to coroners, medical examiners, or funeral directors as necessary to carry out their duties.
Government-Related Functions
We may disclose PHI for specialized government functions, such as military, national security, protective services for public officials, and lawful intelligence activities as permitted by law.
Incarceration
If you are incarcerated or in lawful custody, we may disclose PHI as necessary for your healthcare, the health and safety of others, or the safety and security of the correctional institution, as permitted by law.
Workers’ Compensation
We may disclose PHI as authorized by and to the extent necessary to comply with workers’ compensation or similar programs.
As Mandated by Law
We may disclose PHI when required to do so by federal, state, or local law.
Your Choices
For certain PHI, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, please contact us using the contact information at the end of this Notice, and we will make reasonable efforts to follow your instructions.
In these cases, you have both the right and choice to tell us whether to:
share information with your family, close friends, or others involved in your care; and/or
share information in a disaster relief situation.
If you are not able to tell us your preference (for example, if you are unconscious), we may share your information if we believe it is in your best interest, using professional judgment. We may also share information when needed to lessen a serious and imminent threat to health or safety, consistent with applicable law.
Situations Requiring Your Explicit Authorization at Kento Health
For any other use or disclosure of PHI not described in this Notice, we will obtain your written authorization unless otherwise permitted or required by law. If you previously authorized a specific use or disclosure of your PHI and wish to revoke it, you may do so in writing. We cannot undo disclosures already made with your authorization.
In the following cases, we will not use or disclose your PHI unless you give us your written permission:
most disclosures of psychotherapy notes;
uses and disclosures for marketing purposes where authorization is required by HIPAA; and
sale of PHI.
Your Rights Concerning Your PHI at Kento Health
You have the following rights regarding your PHI. To exercise these rights, please contact Kento Health using the contact information provided below. We may require identity verification before acting on a request.
Right to Request Limitations: You may request limits on how we use and disclose your PHI for treatment, payment, or healthcare operations, and to persons involved in your care or payment. We are not required to agree to all requests. We must agree to a request to restrict disclosure to a health plan for payment if you have paid in full out-of-pocket for the relevant item or service and the disclosure is not otherwise required by law. Requests must be submitted in writing.
Confidential Communications: You may request that we communicate with you about PHI in a specific way or at a specific location (for example, only at work or by mail). Requests must be submitted in writing. We will accommodate reasonable requests.
Access to Records: You have the right to inspect and obtain a copy of PHI we maintain about you. If your records are maintained electronically, you may request an electronic copy or request that we send an electronic copy to a person or entity you designate, where feasible. In limited circumstances we may deny access as permitted by law; if denied, you may request review where applicable.
Costs: We may charge a reasonable, cost-based fee for copies, mailing, supplies, and/or electronic media, as permitted by law. We will notify you of any applicable fee before fulfilling a request.
Amending Records: You may request that we amend PHI we maintain about you if you believe it is inaccurate or incomplete. Requests must be in writing and must explain the reason. We may deny your request under circumstances permitted by law, and we will provide a written denial. You may submit a written statement of disagreement.
Right to Addendum: If an amendment request is denied, you may submit an addendum or statement of disagreement that may be associated with the relevant record as permitted by law.
Right to a Paper Copy: You may request a paper copy of this Notice at any time, even if you agreed to receive it electronically.
Accounting of Disclosures: You may request an accounting of certain disclosures of your PHI made in the six (6) years prior to your request (excluding disclosures for treatment, payment, healthcare operations, and certain other exceptions). Your request must be in writing and specify the format you want (paper or electronic). The first request in any 12-month period is free; we may charge a reasonable fee for additional requests, with advance notice.
Choose Someone to Act for You: If someone has medical power of attorney or is your legal guardian, that person may exercise your rights and make choices about your PHI. We will require proof of authority.
Make a Complaint: You may complain if you believe your privacy rights have been violated. You may file a complaint with Kento Health using the contact information below and/or with the U.S. Department of Health and Human Services, Office for Civil Rights.
Not to be Subject to Retaliation: We will not retaliate against you for filing a complaint or exercising your rights.
Right to be Informed of Breaches: You have the right to be notified following a breach of unsecured PHI, in accordance with HIPAA and applicable law.
Minimum Necessary Protocol at Kento Health
When using, disclosing, or requesting PHI, we limit PHI to the minimum necessary to accomplish the intended purpose, except where the minimum necessary standard does not apply under HIPAA (for example, disclosures for treatment). Access to PHI within Kento Health is limited to authorized persons based on job responsibilities.
Notice Amendments
Kento Health may update this Notice from time to time. Updated terms will apply to all PHI we maintain. The current Notice will be made available on our website and upon request.
Getting in Touch with Kento Health, Addressing Concerns or Filing Complaints
For more information, to exercise your rights, or to file a complaint with Kento Health, contact:
Kento Health Inc.
Attn: Privacy Officer
Email: support@kentohealth.com
Phone : 514 641 2753
Mailing Address:
800 Rue du Square-Victoria suite 442, Montreal,
QC H4Z 1C3 Canada
You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.
This Notice is also available on our web page at https://www.kentohealth.com/hipaa