Linkedin-in Instagram

Notice of Privacy Practices

Effective Date: January 31, 2026

Purpose: This notice describes how Amplify ABA may use and disclose your protected health information (PHI) and explains your rights regarding that information. We are required by the Health Insurance Portability and Accountability Act (HIPAA) to provide this notice to you in clear language and to abide by its terms. Please review it carefully.

How We May Use and Disclose Your Information

We use your health information for treatment, payment, and health care operations, and for other purposes permitted or required by law. Below are examples of how we use/disclose information without your specific authorization:

  • Treatment: We use and share your PHI to provide and coordinate your health care. For example, doctors, therapists, or nurses may share information about your condition with each other to plan your care or refer you to a specialist.
  • Payment: We may use/disclose PHI to bill and receive payment for services you receive. For instance, we might share necessary details with your health insurance plan to get approval for treatment or to resolve claims.
  • Health Care Operations: PHI is used for running our organization and improving your care. This includes activities like quality improvement, staff training, licensing, audits, or administrative purposes. For example, we might use information from your record to evaluate the performance of our staff in caring for you.
  • Required by Law & Public Safety: We may disclose PHI without your authorization when required or allowed by law. For example, we might release information to report suspected child abuse or neglect, to address serious threats to health or safety, or to respond to a court order or legal subpoena. We only disclose the minimum necessary information in such cases.
  • Family and Persons Involved in Your Care: Unless you object, we may share relevant information with your family members or others involved in your care or payment. (For minors, a parent or guardian generally has access to PHI unless restricted by law.)
  • Business Associates: We may share PHI with our contractors or partners who perform services for us (such as billing or data management), but only after they agree in writing to safeguard your information. Business Associates may include technology vendors that support telehealth, secure cloud storage, transcription services, and AI documentation tools (when you have consented), and they must protect PHI under HIPAA and our contracts.
  • Telehealth: We may provide services through telehealth (video, phone, or other remote methods). When we do, we use HIPAA-compliant technology partners (Business Associates) to support secure communication and documentation
  • Optional recording and transcripts (telehealth sessions only): If you sign our Telehealth Recording + AI Documentation Consent allowing recording/transcripts, we may create an audio and/or video recording and/or transcript of a scheduled telehealth session only for the specific purpose(s) you approve (such as internal supervision/quality improvement, caregiver review, and/or clinician self-review). If you do not consent, we will not record. Recordings and transcripts are stored securely, access is limited to authorized workforce members and approved vendors as needed, and they are kept separate from the official medical record. Unless a legal/incident hold applies, we delete recordings/transcripts after 30 calendar days from the recording date.
  • Optional AI-assisted documentation: If you sign our Telehealth Recording + AI Documentation Consent allowing AI documentation support, we may use a HIPAA- compliant third-party tool to help generate a draft session note. Our clinicians review, edit, and approve all documentation; AI drafts are not final clinical documentation without human review.
  • Your choice and revocation: These options are voluntary. You can revoke your consent at any time for future sessions by telling us or providing it in writing. Revoking consent stops future recording/transcription/AI support, and we document the change. Other uses and disclosures not described above will be made only with your written permission. For example, most uses of psychotherapy notes, or use of your information for marketing purposes, require your authorization. If you do provide authorization, you may revoke it at any time, and we will then cease those specific uses/disclosures. We will not sell your information.

Your Rights Regarding Your Health Information

  • Right to Access Your Records: You have the right to see and get a copy of your medical or billing records that we maintain, with limited exceptions. This includes the right to request an electronic copy of your records. Session recordings and transcripts (if you consent to them) are kept separate from the official medical record Because of that, they may not be included in a standard medical-record request.
  • Right to Request an Amendment: If you believe that information in your record is incorrect or incomplete, you have the right to request that we correct or add to the record. If we deny your request (for example, if we determine the record is accurate), we will give you a written explanation.
  • Right to an Accounting of Disclosures: You can ask for a list (accounting) of certain disclosures we made of your PHI. This list will not include disclosures made for treatment, payment, and health care operations, among other exceptions, but it will include those made for other purposes (if any) in the last six years.
  • Right to Request Restrictions: You may ask us to limit how we use or share your information for treatment, payment, or operations, or to not share information with certain individuals (like a family member). We will consider all requests. While we are not required to agree to most restrictions, if you pay for a service in full out-of-pocket, you can require us not to share information about that service with your health insurer for payment purposes. If we do agree to a restriction, we will comply except in emergencies or if otherwise required by law.
  • Right to Confidential Communications: You have the right to request that we contact you in a certain way or at a certain location to protect your privacy. For example, you can ask us to send mail to a P.O. box instead of your home address, or to call you at a specific phone number. We will accommodate reasonable requests.
  • Right to a Paper Copy of This Notice: You can ask for a paper copy of this Notice at any time, even if you have received it electronically. We will provide you with a paper copy promptly.
  • Right to Be Notified of a Breach: You have the right to be notified if a breach occurs that may have compromised the privacy or security of your health information. If such an unlikely event occurs, we will inform you without unreasonable delay and no later than required by law, with details about what happened and what you can do to protect yourself.
  • Right to Complain Without Retaliation: If you believe your privacy rights have been violated, you have the right to file a complaint. You can complain directly to us (see Contact section below), and/or to the U.S. Department of Health and Human Services – Office for Civil Rights. We will not retaliate against you for making a complaint.
  • Exercising Your Rights: Most rights requests can be made by contacting us (see Contact section). We may require that requests (for access, amendments, restrictions, etc.) be in writing. We will inform you of the steps and help you with the process as needed.

Our Responsibilities

  • Maintain the privacy and security of your protected health information.
  • Provide you with this Notice of our legal duties and privacy practices, and to follow the terms of the Notice currently in effect.
  • Notify you promptly if a breach occurs that compromises the privacy or security of your information.
  • Not use or share your information other than as described here, unless you give us written permission. If we do obtain your authorization for a specific use not described in this Notice, we will honor your right to revoke it. We reserve the right to change our privacy practices and this Notice if laws or internal practices change. If we make significant changes, we will update the Notice and make it available to you (such as by posting it on our website and providing it at your next visit). The revised Notice would apply to all PHI we maintain, including information created or received before the change.

Contact Information and Questions

If you have any questions about this Notice or want to exercise your rights or file a privacy complaint, please contact our Privacy Officer:

Navi Randhawa, CEO

Amplify ABA

Phone: (951) 648-9873

Email: navi@amplifyaba.com

You may also contact the U.S. Department of Health and Human Services, Office for Civil Rights. We can provide you the address and contact information for the appropriate Office for Civil Rights regional office or you can find it on the HHS/OCR website. We encourage you to contact us first so we can address your concerns. We will not retaliate against you for filing a complaint.

This Notice of Privacy Practices is provided to you as a requirement under HIPAA. Please keep it for your records. Effective date of this Notice is January 31, 2026.