Privacy Policy for Hi-5 ABA

Effective Date: December 17, 2024

This Privacy Policy describes how Hi-5 ABA ("we," "us," or "our") collects, uses, and discloses information that we obtain about individuals who interact with our services, website, and applications. We are committed to protecting the privacy of our clients and their families in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

1. Information We Collect

We collect several types of information from and about our clients and their families, including:

• Personal Information: This includes identifiers such as name, contact information (address, phone number, email), date of birth, social security number (if necessary for billing), insurance information, and emergency contact information.
• Protected Health Information (PHI): This includes any information related to the client's physical or mental health condition, provided healthcare services, and payment for those services. Examples include:
  • Assessment data
  • Treatment plans and progress notes
  • Medical history
  • Behavioral data
  • Therapy session notes
• Website and Application Usage Information: We may collect information about your use of our website and applications, such as your IP address, browser type, operating system, access times, and pages viewed.

2. How We Use Your Information

We use the information we collect for various purposes, including:

• Providing and Improving Services: We use client information to provide ABA therapy services, conduct assessments, develop treatment plans, track progress, and communicate with clients and their families.
• Billing and Insurance: We use client information to process payments, submit claims to insurance companies, and manage our business operations.
• Compliance with Legal Obligations: We use and disclose information to comply with applicable laws and regulations, including HIPAA. This includes:
  • HIPAA Privacy Rule: We comply with the requirements of the HIPAA Privacy Rule, which governs the use and disclosure of PHI.
  • HIPAA Security Rule: We maintain administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI (ePHI), as required by the HIPAA Security Rule.
• Communication: We may use client contact information to send appointment reminders, updates about our services, and other important information.
• Website and Application Improvement: We may use website and application usage information to analyze trends, administer the website, and improve user experience.

3. Disclosure of Your Information

We may disclose your information in the following circumstances:

• With Your Consent: We will obtain your written authorization before disclosing your PHI for any reason not permitted by HIPAA.
• To Healthcare Providers: We may disclose your PHI to other healthcare providers involved in your care, such as physicians, therapists, or specialists, with your consent or as permitted by HIPAA for treatment, payment, or healthcare operations.
• To Insurance Companies: We may disclose your PHI to your insurance company for billing and claims processing purposes, as permitted by HIPAA.
• For Legal Proceedings: We may disclose your information in response to a court order, subpoena, or other legal process.
• To Protect Our Rights: We may disclose your information to protect our rights, property, or safety, or the rights, property, or safety of others.
• Business Associates: We may disclose PHI to our business associates who perform functions on our behalf or provide us with services that involve the use or disclosure of PHI. We have written contracts with our business associates that require them to comply with HIPAA and protect the privacy and security of your PHI.

4. Your Rights Regarding Your Information

You have the following rights regarding your PHI under HIPAA:

• Right to Access: You have the right to request access to your PHI that we maintain.
• Right to Request Amendment: You have the right to request that we amend your PHI if you believe it is inaccurate or incomplete.
• Right to an Accounting of Disclosures: You have the right to request an accounting of disclosures of your PHI that we have made.
• Right to Request Restrictions: You have the right to request restrictions on how we use or disclose your PHI.
• Right to Receive Confidential Communications: You have the right to request that we communicate with you about your PHI in a confidential manner.
• Right to Complain: You have the right to file a complaint with us or the U.S. Department of Health and Human Services if you believe your privacy rights have been violated.

5. Security of Your Information

We take reasonable and appropriate measures to protect your information from unauthorized access, use, or disclosure. We maintain physical, administrative, and technical safeguards to protect the confidentiality and security of your information, including:

• Physical Safeguards: We restrict access to our facilities and ensure that PHI is stored in secure locations.
• Administrative Safeguards: We have implemented policies and procedures to manage and protect PHI, including training our workforce on HIPAA compliance.
• Technical Safeguards: We use technology to protect ePHI, such as encryption, access controls, and audit trails.

6. Data Breach

In the event of a data breach that compromises the security or privacy of your information, we will:

• Investigate the breach: We will promptly investigate the incident to determine the nature and scope of the breach.
• Notify affected individuals: We will notify you as required by applicable laws and regulations, including HIPAA, if your information is involved in the breach.
• Take steps to mitigate harm: We will take steps to mitigate any harm caused by the breach.
• Report the breach to authorities: We will report the breach to relevant authorities as required by law.
• Review and improve our security measures: We will review and improve our security measures to prevent future breaches.

7. Data Retention

We will retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We will securely dispose of your information when it is no longer needed.

8. Website and Application Security

Our website and applications may contain links to other websites. We are not responsible for the privacy practices of these other websites. We encourage you to read the privacy policies of those websites.

9. Children's Privacy

Our services are primarily directed towards children. We comply with the Children's Online Privacy Protection Act (COPPA) and obtain parental consent before collecting personal information from children under 13.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post any changes on our website and notify you as required by law.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at: info@hi5aba.com