HIPAA Privacy and Security Notice
Effective Date: March 29, 2026
HIPAA PRIVACY AND SECURITY NOTICE
AirwayZ, a platform operated by TreatOrigin Productions, LLC
1. About This Notice
This notice describes how TreatOrigin Productions, LLC ("TreatOrigin"), operating the AirwayZ Education System, collects, uses, safeguards, and discloses patient information in connection with services provided to participating healthcare providers. AirwayZ provides educational technology tools designed to help healthcare providers deliver airway health education to their patients prior to clinical consultations.
This notice applies to information submitted through the AirwayZ digital platform, including secure intake forms, questionnaires, and provider-managed patient communications.
2. Our Role Under HIPAA
TreatOrigin Productions, LLC operates as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the HITECH Act and the HIPAA Omnibus Rule. In this capacity, AirwayZ handles Protected Health Information (PHI) on behalf of participating healthcare providers, who are Covered Entities under HIPAA.
A Business Associate Agreement (BAA) is executed between TreatOrigin Productions, LLC and each participating healthcare provider prior to any PHI being transmitted through the AirwayZ system. Healthcare providers may not use the AirwayZ platform on behalf of patients without an executed BAA in place.
3. Information We Collect
Through the AirwayZ Education System, we may collect the following categories of information, which may constitute PHI when associated with a patient's healthcare:
Patient identifiers:
Name and email address
Appointment and care coordination information:
Appointment details and association with a participating healthcare provider
Health-related questionnaire responses:
Optional responses to health history and symptom questionnaires. Responses may include information about sleep quality, breathing patterns, jaw function, and related symptoms. This information is considered PHI and is handled accordingly.
4. How We Use and Protect This Information
Patient information submitted through the AirwayZ system is used solely to facilitate the delivery of airway health education and to support participating healthcare providers in their clinical consultations. AirwayZ does not use PHI for marketing, advertising, or sale to third parties.
AirwayZ infrastructure is designed and maintained to meet HIPAA technical safeguard requirements, including:
Encryption of PHI in transit and at rest
Access controls and secure authentication for authorized users
Audit logging of access to patient records
Regular security assessments and monitoring
AirwayZ utilizes HighLevel Inc. (GoHighLevel) as a secure third-party infrastructure provider to support HIPAA-compliant workflows. HighLevel Inc. operates as a Sub-Business Associate under a fully executed Business Associate Agreement with TreatOrigin Productions, LLC, and is contractually required to maintain safeguards consistent with HIPAA requirements.
Access to patient information is restricted to the authorized healthcare provider, their designated staff operating under appropriate access credentials, and AirwayZ technical personnel when access is strictly necessary and limited to the minimum information required to perform those functions, in accordance with applicable system maintenance, technical support, or security incident response needs.
Patient information is retained within the system for operational purposes unless deletion is requested by the participating healthcare provider or required by applicable law. Healthcare providers are responsible for maintaining their own records in accordance with applicable state and federal retention requirements.
5. Responsibilities of Participating Healthcare Providers
Healthcare providers using the AirwayZ Education System remain the Covered Entity responsible for the clinical use, interpretation, and retention of patient information within their own medical record systems. Providers are responsible for obtaining any necessary patient authorizations required under applicable law prior to initiating patient communications through the AirwayZ platform, and for ensuring their use of AirwayZ complies with their own HIPAA obligations.
6. Breach Notification
In the event of a breach of unsecured PHI, TreatOrigin Productions, LLC will notify affected healthcare providers (Covered Entities) in accordance with HIPAA's Breach Notification Rule (45 CFR Part 164, Subpart D), without unreasonable delay and no later than sixty (60) calendar days following discovery of the breach. Healthcare providers bear responsibility for notifying affected patients and, where applicable, the Department of Health and Human Services, in accordance with their obligations as Covered Entities.
7. Patient Rights and Questions
Patients seeking to exercise rights regarding their health information, including access, amendment, or accounting of disclosures, should contact their healthcare provider directly. AirwayZ is a Business Associate and does not independently manage patient rights requests; such requests are administered by the Covered Entity (your healthcare provider).
Questions about AirwayZ privacy practices may be directed to:
Privacy Contact
TreatOrigin Productions, LLC
AirwayZ | TreatOrigin Productions, LLC | Version 1.1 | Effective March 29, 2026
This notice is subject to periodic review. The current version will be posted at airwayz.com.