Notice of Privacy Practices

How Behavior Central ABA protects and uses your health information

Effective: January 1, 2026  |  Next Review: January 1, 2027

🔒 This notice describes how medical and behavioral health information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This notice is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 45 CFR § 164.520.

1. Who We Are

Behavior Central ABA ("we," "our," or "the Practice") is a provider of Applied Behavior Analysis (ABA) therapy and related behavioral health services. We are a HIPAA Covered Entity and are required by law to maintain the privacy of your protected health information, provide you with this notice, and follow the terms of the notice currently in effect.

2. Protected Health Information (PHI)

"Protected Health Information" (PHI) means any individually identifiable information that relates to your past, present, or future physical or mental health condition, the provision of healthcare, or payment for healthcare. This includes, but is not limited to:

  • Name, date of birth, address, and contact information
  • Diagnosis codes and clinical assessments
  • ABA therapy treatment plans, session notes, and progress reports
  • Behavioral health records and functional behavior assessments
  • Insurance and billing information
  • Information submitted through intake forms on our website

3. How We Use Your Information

Treatment

We use your PHI to provide, coordinate, and manage your ABA therapy and behavioral health care. For example, your Board Certified Behavior Analyst (BCBA) may share session data with registered behavior technicians (RBTs) on your care team.

Payment

We may use and disclose your PHI to obtain payment for services provided to you. This includes submitting claims to your insurance carrier, Medicaid, or other payers, and verifying coverage.

Healthcare Operations

We may use your PHI for internal business activities such as quality improvement, staff training, licensing, accreditation, and auditing. These activities are necessary to operate our practice and ensure high-quality care.

Appointment Reminders and Care Communications

We may contact you by phone, text, or email to remind you of scheduled appointments or provide information about your treatment options. You may request an alternative communication method at any time.

4. Permitted Disclosures Without Your Authorization

In certain circumstances, HIPAA permits us to disclose your PHI without your written authorization, including:

  • As required by law — court orders, subpoenas, or mandatory state reporting obligations
  • Public health activities — reporting disease or injury to public health authorities as required by law
  • Abuse or neglect reporting — as required by state law to child protective services or adult protective services
  • Health oversight activities — audits, inspections, or investigations by government agencies
  • Serious threats to health or safety — to prevent or lessen a serious and imminent threat
  • Business Associates — third-party vendors (e.g., billing services, electronic health record platforms) who are bound by a HIPAA Business Associate Agreement (BAA)

All other uses and disclosures of your PHI require your written authorization. You may revoke that authorization in writing at any time. We will never sell your PHI.

5. Your HIPAA Rights

You have the following rights with respect to your PHI. To exercise any of these rights, submit a written request to our Privacy Officer (see Section 10).

Right to Access (45 CFR § 164.524)

You have the right to inspect and obtain a copy of your PHI maintained in our records. We will respond within 30 days. We may charge a reasonable, cost-based fee for copies. Records may be provided in electronic form upon request.

Right to Amend (45 CFR § 164.526)

If you believe information in your record is incorrect or incomplete, you may request an amendment. We may deny the request if the information was not created by us or is accurate and complete.

Right to an Accounting of Disclosures (45 CFR § 164.528)

You have the right to receive a list of disclosures of your PHI made by us in the past six years, other than disclosures for treatment, payment, and healthcare operations.

Right to Request Restrictions (45 CFR § 164.522)

You may request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to the restriction except when you request we not disclose PHI to a health plan for services you paid for entirely out-of-pocket.

Right to Confidential Communications

You may request that we communicate with you by alternative means or at an alternative location (e.g., do not leave voicemails; contact only by email). We will accommodate reasonable requests.

Right to a Paper Copy of This Notice

You have the right to a paper copy of this notice at any time, even if you have agreed to receive it electronically. Contact our office to request one.

Right to Be Notified of a Breach (45 CFR § 164.404)

If there is a breach of your unsecured PHI, we will notify you without unreasonable delay and no later than 60 calendar days after discovery of the breach.

6. How We Protect Your Information

We implement administrative, physical, and technical safeguards required by the HIPAA Security Rule (45 CFR Part 164, Subpart C), including:

  • Encrypted transmission of PHI over HTTPS (TLS 1.2+)
  • Access controls limiting PHI to authorized staff only
  • Workforce training on privacy and security policies
  • Secure electronic health record (EHR) systems with audit logs
  • Regular risk assessments and security reviews
  • Business Associate Agreements with all vendors who handle PHI

7. Minors and Guardians

Because the majority of our clients are minors receiving ABA therapy, we treat the parent or legal guardian as the personal representative of the minor child for HIPAA purposes. All rights described in Section 5 apply to the parent or legal guardian on behalf of the minor. When a minor reaches the age of majority (18 in Georgia), those rights transfer to the individual.

We may disclose a minor's PHI to a parent or guardian as permitted or required by Georgia state law.

8. Changes to This Notice

We reserve the right to change this Notice of Privacy Practices at any time and to make the revised notice effective for PHI we already hold about you as well as any PHI we receive in the future. The current notice will always be posted on our website at behaviorcentralaba.com/privacy-policy with the effective date prominently displayed. A paper copy is available upon request.

9. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights (OCR):

HHS Office for Civil Rights
hhs.gov/hipaa/filing-a-complaint
Toll-free: 1-800-368-1019  |  TTY: 1-800-537-7697

You will not be retaliated against for filing a complaint. We are prohibited by law from retaliating against you in any way for filing a complaint about our privacy practices.

10. Contact Our Privacy Officer

For questions about this notice, to exercise your HIPAA rights, or to report a privacy concern, contact:

Privacy Officer

Behavior Central ABA

Phone: +1-770-648-ABA1

Email: behaviorcentral@outlook.com

Clinical / Jennifer James: jenniferjames@behaviorcentralaba.com

Website: behaviorcentralaba.com

By using our services or submitting information through our forms, you acknowledge that you have received and reviewed this Notice of Privacy Practices. A signed acknowledgment may be requested at your first appointment.

This notice satisfies the requirements of 45 CFR § 164.520 (HIPAA Privacy Rule — Notice of Privacy Practices) and is provided in accessible format in compliance with the Americans with Disabilities Act (ADA) and WCAG 2.1 Level AA.

↑ Back to top