top of page
Hearts_bw2.jpg
Vibrant_Icon_gold_edited_edited.png

VIBRANT ABA

Privacy Policy and HIPAA Notice of Privacy Practices

Effective Date: June 1, 2025

 

Vibrant ABA LLC ("Vibrant ABA," "we," "us," or "our") is committed to protecting the privacy of the individuals
and families we serve. This Privacy Policy and HIPAA Notice of Privacy Practices describes how we collect,
use, share, and protect personal information and protected health information ("PHI") through our
websiteat vibrantaba.com (our "Website"), as well as through our clinical and administrative operations.
This policy applies to families, clients, and visitors in New York and North Carolina, and reflects our obligations under federal and applicable state law.

 

1. Our HIPAA Obligations

Vibrant ABA is a covered entity or business associate subject to the Health Insurance Portability and Accountability

Act ("HIPAA") and its implementing regulations, including the HIPAA Privacy Rule (45 C.F.R. Part 164).

We are required by law to:

  • Maintain the privacy of your Protected Health Information (PHI);

  • Provide you with this Notice of Privacy Practices;

  • Abide by the terms of this Notice;

  • Notify you if we cannot accommodate a requested restriction;

  • Notify affected individuals if there is a breach of your unsecured PHI.

 

PHI includes any information we create, receive, or maintain that relates to your past, present, or future physical
or mental health or condition, the provision of health care to you, or payment for that care, that identifies you or could reasonably be used to identify you.

2. How We Collect Personal Information​​

Information You Provide

We collect information you provide when you:

  • Fill out intake, enrollment, or contact forms on our Website or in person;

  • Communicate with us by phone, email, or in writing;

  • Participate in surveys or research we may conduct;

  • Sign consent, authorization, or release forms.

 

The information we collect may include your name, address, phone number, email address, date of birth,
insurance information, Medicaid ID, diagnosis information, school and regional center records, and the names
and contact information of parents or guardians.

 

Information Collected Through Our Website

When you visit vibrantaba.com, we may automatically collect:

  • Internet activity data including pages visited, time on site, and traffic source;

  • Device and browser information including IP address, operating system, and browser type;

  • Cookies and similar technologies used to personalize your experience and analyze usage.

 

You may adjust your browser settings to refuse cookies, though some Website features may not function
as intended if you do so. We do not currently respond to browser-initiated Do Not Track (DNT) signals.

 

Information Collected Offline

During the client intake, onboarding, and ongoing clinical service process, we collect additional personal and
health information directly from you and, where appropriate and authorized, from third parties including physicians, schools, regional centers, and insurance or Medicaid administrators. This information may include:

  • Full legal name, date of birth, and residential address;

  • Medical diagnoses, treatment histories, and clinical assessment results;

  • Insurance and Medicaid eligibility and claims information;

  • Education and Individualized Education Program (IEP) records;

  • Government-issued identifiers where required for billing or authorization.

3. How We Use Your Information

We use the personal information and PHI we collect for the following purposes:

  • Treatment: To provide, coordinate, and manage applied behavior analysis (ABA) therapy and related clinical services for your child.

  • Payment: To verify insurance or Medicaid eligibility, submit claims, process payments, and resolve billing matters.

  • Health Care Operations: To conduct quality assurance, staff training, clinical oversight, and compliance activities necessary to operate our services effectively.

  • Communication: To contact you regarding appointments, service changes, program updates, or other matters related to your child's care.

  • Legal Compliance: To comply with applicable federal and state law, court orders, and regulatory requirements.

  • Marketing (with restrictions): We will not use or disclose your PHI for marketing purposes without your written authorization, except as permitted by HIPAA.

4. How We Share Your Information

Permitted Disclosures Without Authorization

Under HIPAA, we may share your PHI without your written authorization in the following circumstances:

  • With other treating providers involved in your child's care;

  • With insurance companies, Medicaid, or other payers for billing and claims purposes;

  • With our business associates who perform services on our behalf, subject to written Business Associate Agreements;

  • As required by law, including in response to lawful subpoenas, court orders, or regulatory investigations;

  • To avert a serious and imminent threat to health or safety;

  • For certain public health activities as required or permitted by law.

 

Disclosures Requiring Your Authorization

We will obtain your written authorization before:

  • Sharing PHI for purposes not described in this Notice;

  • Using or disclosing PHI for marketing or fundraising purposes;

  • Selling your PHI;

  • Disclosing psychotherapy notes (if applicable).

You may revoke any authorization you have given us at any time in writing, except to the extent we have already relied on it.

 

What We Will Never Do

Mobile opt-in data (including phone numbers collected for SMS communication) will never be shared with third parties for their own marketing or commercial purposes. We do not sell personal information or PHI.

 

5. Your Privacy Rights

Rights Under HIPAA

As a patient or the parent or guardian of a patient, you have the following rights regarding PHI:

  • Right to Access: You may request a copy of your child's medical records and PHI we maintain.
    We will respond within 30 days (or as required by applicable state law).

  • Right to Amend: You may request that we correct or amend inaccurate PHI in our records.

  • Right to an Accounting of Disclosures: You may request a list of certain disclosures we have made of your PHI.

  • Right to Request Restrictions: You may request that we restrict how we use or disclose your PHI. We are not required
    to agree to all requests, but will notify you if we cannot accommodate a restriction.

  • Right to Confidential Communications: You may request that we communicate with you by a specific method or at a specific location.

  • Right to a Paper Copy of This Notice: You may request a printed copy of this Notice at any time.

 

New York State Rights

In addition to your federal HIPAA rights, New York State law provides additional protections for certain sensitive categories of health information. Under New York law:

  • Mental health records and substance use disorder records may require separate written authorization before
    disclosure in many circumstances, beyond what federal law requires.

  • HIV-related information is subject to heightened confidentiality protections under New York Public Health Law Section 2780 et seq. We will not disclose HIV-related information without a specific written release unless otherwise required
    by law.

  • You have the right to request access to your records and to have corrections made under New York Public Health Law.

  • New York residents may have additional rights under the SHIELD Act regarding data breach notification
    and safeguarding of private information.

 

North Carolina Rights

For clients and families receiving services in North Carolina:

  • North Carolina law provides protections for mental health, developmental disability, and substance use records
    under N.C. Gen. Stat. Section 122C-52 et seq. These records are confidential and may not be disclosed without written consent except in circumstances permitted by law.

  • North Carolina's Identity Theft Protection Act (N.C. Gen. Stat. Section 75-60 et seq.) governs our obligations
    in the event of a data security breach involving your personal information.

  • NC Medicaid participants have rights regarding the use and disclosure of information related to
    Medicaid eligibility and services, including rights to request access and amendments.

 

6. Electronic Communications

By providing your phone number or email address, you consent to receive service-related communications from
Vibrant ABA. These may include appointment reminders, care coordination messages, and program information.
We may send up to three communications per week. Standard message and data rates may apply.

 

You may opt out of SMS communications at any time by replying STOP. You may opt out of email communications
by following the unsubscribe instructions included in any email we send. Consent to receive communications
is not a condition of receiving services.

 

7. Third-Party Technologies and Links

Our Website may use third-party analytics tools, including Google Analytics, to understand how visitors use our site.
These tools may use cookies or similar technologies to collect usage data. To opt out of Google Analytics tracking,
you may install the Google Analytics Opt-out Browser Add-on.

 

Our Website may contain links to third-party websites. We are not responsible for the privacy practices
of those sites and encourage you to review their policies before providing any personal information.

 

8. Data Security

We implement administrative, physical, and technical safeguards designed to protect your personal information
and PHI from unauthorized access, use, alteration, or disclosure. These measures include secure electronic health record systems, staff training on privacy and security, and access controls limiting who can view sensitive information.

 

No method of transmission over the internet or electronic storage is completely secure. If we discover a breach of your unsecured PHI, we will notify you as required by HIPAA and applicable state law within the timeframes required.

 

9. Children's Privacy

Our Website is not directed to children under the age of 13. We do not knowingly collect personal information directly from children under 13 through our Website. Clinical services are provided to minors, and all PHI for minor clients is managed through the parent or legal guardian, in compliance with HIPAA, New York law, and North Carolina law regarding minor consent and parental access rights.

 

10. How to Exercise Your Rights or File a Complaint

To exercise any of the rights described in this Notice, or to ask questions about our privacy practices, please contact us:

 

Vibrant ABA

44 Varet Street, Brooklyn, NY 11206

Phone: 718-925-2397

Email: info@vibrantaba.com

Website: vibrantaba.com

 

If you believe your privacy rights have been violated, you may file a complaint with us directly or with the U.S. Department of Health and Human Services, Office for Civil Rights:

 

We will not retaliate against you in any way for filing a complaint.

 

11. Changes to This Policy

We reserve the right to update this Privacy Policy and HIPAA Notice of Privacy Practices at any time. If we make material changes, we will post the updated Notice on our Website and, where required, notify affected individuals directly.
The effective date at the top of this document reflects the date of the most recent revision.

 

Vibrant ABA LLC  |  44 Varet St, Brooklyn NY 11206  |  718-925-2397 

info@vibrantaba.com  |  vibrantaba.com

As Vibrant as your child. As strong as your community.

bottom of page