Chapter 3.

HIPAA Compliance

The Health Insurance Portability and Accountability Act, or HIPAA, is a law that every healthcare professional must follow to protect the privacy of their patients.

As an ABA therapist, it is your job to keep information about your client private.

This is your client and their care team:

All personal information about your client MUST be kept within their care team. It is your responsibility to NEVER reveal personal or identifying information to any outside person.

Other people may be in your client’s care team, such as teachers, related service providers, and other family members. If you have been given explicit permission from the client’s parent/guardian or BCBA, you may discuss your client’s information with these people.

Examples of client information include:

• Full name, age, address, or phone number

• Diagnosis

• Behavioral or medical needs

• The type of services you provide

How can you keep your client’s information private?

• Avoid talking about your client with anyone else, including your friends or family

• Do not take phone calls about your client where others may overhear you

• Keep anything related to your client off all social media

• Never take pictures or videos of your client

• Only use video chat with your client when given permission by their parent/guardian or BCBA Keep notes and documents with personal information stored where others cannot see them Use your client’s full name in secure emails only

• Use your client’s first name or initials when texting other members of their care team

• Never have any social media contact whatsoever with your client or their family.

• Avoid crossing boundaries with the family of your client, such as staying for dinner or accepting gifts. Never babysit or tutor your ABA therapy clients.

• Make sure your children or family have no contact with your client for any reason.

If you are unsure whether something should be kept private, ALWAYS ask your supervisor before sharing it with others.