Privacy Policy

Effective Date: May 8, 2026 · Last Updated: May 8, 2026

Kasoya Health PLLC ("Kasoya Health," "we," "us," or "our") is a Texas professional limited liability company providing direct-pay private medicine. This Privacy Policy explains how we collect, use, disclose, and safeguard the information you provide through our website (kasoyahealth.com) and through your interactions with our practice. Kasoya Health treats itself as a HIPAA-covered entity and follows HIPAA-equivalent privacy practices in all patient-facing interactions.

1. Who we are

Kasoya Health PLLC
5900 Balcones Drive #28282
Austin, TX 78731
United States

Designated Privacy Officer: Dr. Omar Matuk-Villazon, MD, MBA, FAAP
Email: info@kasoyahealth.com
Privacy contact phone: 1 (713) 554-2073

2. Information we collect

When you contact us through this website or receive care from us, we collect: (a) information you provide directly, such as your name, email, phone number, and any details you submit in inquiry forms; (b) Protected Health Information (PHI) shared in the course of clinical care, including medical history, medications, diagnoses, and treatment information; and (c) limited technical information such as IP address and browser type recorded by our server logs and used solely for security and abuse prevention.

We do not use website analytics, advertising trackers, social media pixels, or third-party cookies. We do not sell, rent, or trade your personal or health information.

3. How we use your information

We use the information you provide solely to (a) respond to your inquiries; (b) schedule, deliver, and document medical care; (c) coordinate care with other treating clinicians and pharmacies that you authorize; (d) bill you directly for services (we do not bill insurance); (e) comply with applicable law, including medical record retention requirements; and (f) operate, secure, and maintain our website and clinical systems.

4. Protected Health Information (PHI) and HIPAA

Kasoya Health treats itself as a HIPAA-covered entity. We use, disclose, and safeguard PHI in accordance with the federal HIPAA Privacy and Security Rules and the Texas Medical Records Privacy Act (Texas HB 300), which applies more broadly than federal HIPAA to any entity that obtains, stores, or transmits PHI in Texas. We use Elation Health as our electronic medical record (EMR) system under a Business Associate Agreement (BAA). PHI is encrypted in transit and at rest within Elation. The contact form on this website is not a secure medical channel; do not include sensitive medical details in it.

For medical emergencies, call 911. For urgent clinical concerns, contact us directly through your patient portal or call the office.

5. When we share information

We share PHI only as needed to (a) coordinate your care with other treating clinicians, laboratories, imaging providers, and pharmacies that you authorize; (b) operate our practice with vendors that have signed BAAs (such as Elation Health); (c) comply with subpoenas, court orders, or legal requirements; and (d) report public-health events as required by law (such as reportable communicable diseases). We do not sell PHI. We do not share PHI for advertising or marketing purposes.

6. Cross-border care and Mexican patients

Dr. Matuk-Villazon is licensed and practices in both the United States and Mexico. When you receive care that involves transfer of records between the two countries, we apply the stricter of the two applicable privacy regimes. For patients seen in Mexico or whose information is collected in Mexico, your rights under the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) apply, including the rights of access, rectification, cancellation, and opposition (ARCO rights). Requests can be addressed to the contact above.

7. How long we keep your information

We retain medical records in accordance with Texas Medical Board rules: at least seven years from the date of last treatment for adult patients, and through age 21 plus seven years (or longer if state law requires) for minors. Inquiry-form data not associated with a clinical encounter is retained only as long as needed to respond to your inquiry, then routinely deleted.

8. Your rights

You have the right to (a) request access to your PHI; (b) request corrections; (c) request an accounting of disclosures; (d) request restrictions on certain uses or disclosures; (e) request that we communicate with you in a particular way; and (f) file a complaint without retaliation. To exercise any of these rights, contact us using the information in section 1.

9. Children's privacy

Kasoya Health provides pediatric care. PHI of patients under 18 is handled in accordance with HIPAA, Texas HB 300, and applicable state laws on parental access and minor consent. Parents and legal guardians generally have access to a minor child's medical records, with statutory exceptions (for example, certain mental-health, reproductive, or substance-use treatment records of older minors).

10. Security

We use HTTPS / TLS for all website traffic and rely on Elation Health's encrypted EMR for clinical record storage. Access to PHI is restricted to authorized clinical and administrative staff who need it to perform their duties. We do not load tracking scripts, analytics, or third-party advertising tags on our site.

11. Cookies and tracking

This website does not use cookies, web beacons, or third-party trackers. The site uses local-storage solely to remember your language preference (English or Spanish) and not for tracking purposes.

12. Third-party links

Our site links to third-party services we use (Elation patient portal, Elation pay-bill, WhatsApp). When you follow those links, you are subject to the privacy practices of those providers, not ours.

13. Changes to this policy

We may update this Privacy Policy. The effective date at the top of this page reflects the most recent revision. Material changes will be communicated to current patients through the patient portal or email.

14. Filing a complaint

If you believe your privacy rights have been violated, contact us first using the information in section 1. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights (hhs.gov/ocr), with the Texas Attorney General's Consumer Protection Division (texasattorneygeneral.gov), or, for Mexican data subjects, with INAI (inai.org.mx). We will not retaliate for filing a complaint.