Free Initial GLP-1 Consultation for New PatientsBook Free GLP-1 Visit
Kosius
ServicesPricingAboutProvidersFAQsContactCurrent Patient LoginBook a Telehealth Visit
Menu
ServicesPricingAboutProvidersFAQsContactCurrent Patient LoginBook a Visit
Privacy & HIPAA

Notice of Privacy Practices & Privacy Policy

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Contact Kosius
Effective Date: June 12, 2026
Kosius Group, LLC and Dr. Shivani Anumolu

Part I: Notice of Privacy Practices (HIPAA)

This Notice of Privacy Practices is provided as required by the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations, including the HIPAA Privacy Rule. It describes how Kosius Group, LLC and Dr. Shivani Anumolu ("we," "us," or "Practice") may use and disclose your protected health information ("PHI") and informs you of your rights.

Our Duties

We are required by law to maintain the privacy of your PHI; provide this Notice of our legal duties and privacy practices; notify you following a breach of unsecured PHI; and abide by the terms of the Notice currently in effect.

How We May Use and Disclose Your PHI

Treatment. We may use or disclose your PHI to provide, coordinate, or manage your health care and related services, including sharing information with providers, specialists, or telehealth platforms involved in your care.

Payment. We may use or disclose your PHI to obtain payment for services rendered, including billing, collections, and pre-authorization activities.

Health Care Operations. We may use or disclose your PHI for quality assessment, training, accreditation, licensing, and business-management activities.

Uses and Disclosures Permitted Without Authorization

As permitted or required by law, we may use or disclose PHI without authorization for purposes including federal or state legal requirements, public health activities, health oversight, qualifying judicial or administrative proceedings, law enforcement, research subject to legal requirements, serious threats to health or safety, workers' compensation, and specialized government functions.

Substance Use Disorder Records

If you received substance use disorder treatment from a program subject to 42 C.F.R. Part 2, special protections may apply in addition to HIPAA. We will not use or disclose those records without written consent except as permitted by law. Such records may not be used in proceedings against you without consent or a qualifying court order.

Uses Requiring Written Authorization

Other uses and disclosures not described in this Notice will be made only with your written authorization. You may revoke an authorization in writing, except to the extent we have already acted in reliance on it.

Your Individual Rights

  • Access: Inspect and obtain a copy of PHI in a designated record set by submitting a written request. We will respond within 30 days.
  • Restrictions: Request restrictions on certain uses and disclosures. We must agree to certain restrictions involving services paid out-of-pocket in full.
  • Confidential communications: Request communication in a specific manner or at a specific location.
  • Amendment: Request an amendment to PHI in a designated record set. A request may be denied in certain circumstances.
  • Accounting: Request a list of certain disclosures made during the prior six years.
  • Paper copy: Obtain a paper copy of this Notice upon request.

Changes and Complaints

We reserve the right to revise this Notice and apply the revised Notice to information already maintained and received in the future. The current Notice will be posted through our patient-intake platform and provided upon request.

If you believe your privacy rights have been violated, you may complain to us or to the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint. Visit hhs.gov/ocr/privacy/hipaa/complaints or call 1-800-368-1019.

Privacy Contact / HIPAA Privacy Officer

Dr. Shivani Anumolu, Privacy Officer
Kosius Group, LLC
121 Avalon Way, Sharpsburg, GA 30277
support@kosius.com

Part II: Privacy Policy; Telehealth Platform

This Policy governs the collection, use, and disclosure of personal and health information through the telehealth scheduling and service platform used by the Practice. It supplements, and does not replace, the HIPAA Notice above.

Information We Collect

  • Identifiers such as name, date of birth, email, phone number, and mailing address.
  • Health and medical information, including symptoms, history, diagnoses, treatment information, and prescription records.
  • Payment information processed through a third-party payment processor. We do not store full payment-card numbers.
  • Device and technical information such as IP address, browser type, operating system, and device identifiers.
  • Appointment, scheduling, visit, and platform-communication data.

How We Use Information

We use information to schedule, conduct, and document telehealth visits; process payments and billing; communicate about appointments, prescriptions, and care; meet legal and regulatory obligations; improve service safety and functionality; and respond to inquiries.

Disclosure to Third Parties

We may share information with business associates operating under appropriate agreements, EHR and scheduling platforms, PCI-DSS-compliant payment processors, and legal or regulatory authorities when required. We do not sell personal information.

Data Security and Retention

We use administrative, technical, and physical safeguards consistent with HIPAA Security Rule requirements. No electronic system is guaranteed to be completely secure. We retain PHI and related records as required by federal and state law and for no less than six years where required by 45 C.F.R. § 164.530(j).

State Rights and Privacy Inquiries

Depending on your state of residence, additional privacy rights may apply. Contact the Privacy Officer listed above with questions or requests.

Electronic Communications

By using the Practice's telehealth platform, you consent to appointment confirmations, clinical follow-ups, prescription notifications, and care-related messages through the patient portal and EHR messaging system.

Pharmacy and Compounding Disclosure

The Practice may use partner or compounding pharmacies where clinically appropriate. Compounded medications, including compounded GLP-1 receptor agonists such as semaglutide and tirzepatide, are not FDA-approved drug products or generic equivalents of FDA-approved medications and are not subject to the same pre-market review. Discuss risks, benefits, and alternatives with your provider.

Telehealth, Location, and Age

Telehealth is intended to complement, not replace, your relationship with a primary care provider. Services are available only to patients physically located in Georgia at the time of a visit. By scheduling, you attest to your Georgia location. Telehealth services are available to adults age 18 or older; services for a minor require a parent or legal guardian's consent and completion of applicable forms.

Acknowledgment

Formal acknowledgment of receipt and any required signatures are completed through the Practice's secure patient-intake platform. Refusing to sign an acknowledgment does not prevent the Practice from using or disclosing health information as permitted by HIPAA and applicable law.

Privacy & HIPAATerms & ConditionsTelehealth Consent
Book a Telehealth Visit