Privacy Policy

Billing4ABA provides revenue-cycle management — billing, denials, credentialing, and reporting — for Applied Behavior Analysis (ABA) clinics in the United States. When we act on behalf of a clinic that handles PHI, we are a HIPAA Business Associate of that clinic.

Website visitors. When you visit billing4aba.com we collect standard request data: IP address, user agent, referring page, and pages viewed. If you fill out a contact form or book a call, we collect the name, email, phone, clinic name, and any message you provide.

Clients. To deliver billing services, we receive information you provide directly (payer credentials, billing access, staff rosters) and PHI through the systems we work in (EHR / practice-management software, clearinghouses, payer portals).

We use website information to respond to inquiries, schedule calls, and improve the site. We use client information and PHI only to deliver the billing services you have engaged us for, as permitted by your BAA and the HIPAA Privacy Rule's minimum-necessary standard.

We do not sell personal information or PHI. We do not use PHI for marketing.

Before any PHI moves between us, we sign a Business Associate Agreement. Beyond that:

• HIPAA Privacy and Security training for every team member, annually
• Multi-factor authentication on every account that can reach PHI
• Least-privilege access — scoped to the payers and tools each person needs
• Encryption in transit (TLS) and at rest, including backups
• Audit logs on PHI access — who, what, when, from where
• Documented incident response and breach notification process

See /security for the full plain-language summary.

We use a small set of vendors to operate the business and deliver services: a claims clearinghouse, EHR / practice-management integrations, cloud storage, scheduling (Calendly), email, and website analytics. Any vendor that ever touches PHI is under a signed BAA. We can provide the current list to clients on request during onboarding.

We retain business records and billing data for as long as needed to deliver services and meet legal and payer requirements. PHI is retained and disposed of according to the terms of your BAA and applicable law.

If you are a patient or family member whose PHI we handle on behalf of an ABA clinic, your rights under HIPAA (access, amendment, accounting of disclosures, restrictions) run through your treating clinic — please contact them directly. We will support any valid request they pass to us.

If you are a website visitor and want us to delete information you submitted through a form, email us and we'll handle it.

We may update this policy as our business changes. Material updates will be posted here with a new "Last updated" date. The current version always lives at this URL.

Questions, BAA requests, or privacy concerns: billing4aba@gmail.com.