Embedded Files
NOTICE OF PRIVACY PRACTICES
Edify Behavioral Applications, LLC
This notice describes how protected health information (PHI) about clients may be used and disclosed and how parents/guardians and employees can access this information. Please review it carefully.
____________________________________________________________________________
OUR COMMITMENT TO YOUR PRIVACY
Edify Behavioral Applications is dedicated to protecting the privacy of our clients’ health information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable laws. PHI includes any individually identifiable health information, such as client names, treatment plans, or session notes.
____________________________________________________________________________
HOW WE MAY USE AND DISCLOSE PHI
We may use or disclose PHI for the following purposes, as permitted by HIPAA:
Treatment: To provide, coordinate, or manage ABA services (e.g., sharing session notes with a client’s BCBA or therapist).
Payment: To bill insurance or process payments for services (e.g., submitting claims to payers).
Healthcare Operations: To support business activities, such as quality assurance, staff training, or audits (e.g., reviewing treatment plans for compliance).
As Required by Law: To comply with legal obligations, such as reporting suspected abuse/neglect to Michigan authorities or responding to court orders.
With Authorization: For other purposes, such as sharing records with a new provider, only with written consent from the parent/guardian.
We will limit disclosures to the minimum necessary and use de-identified information when possible. Business associates (e.g., practice management software vendors) handling PHI are bound by HIPAA-compliant agreements.
____________________________________________________________________________
YOUR RIGHTS REGARDING PHI
Parents/guardians have the right to:
Access and obtain a copy of their child’s PHI within 30 days of a written request.
Request amendments to inaccurate or incomplete PHI.
Receive an accounting of certain disclosures of PHI made by Edify.
Request restrictions on certain uses/disclosures of PHI (though we are not always required to agree).
Receive communications in a preferred format (e.g., email, paper).
File a complaint with Edify’s Privacy Officer or the U.S. Department of Health and Human Services if privacy rights are violated, without fear of retaliation.
____________________________________________________________________________
EMPLOYEE RESPONSIBILITIES
Employees must:
Access PHI only for job-related needs, using secure, HIPAA-compliant systems with unique logins and two-factor authentication.
Store PHI in encrypted practice management software systems or locked physical cabinets, per the Data Privacy and Security Policy.
Report suspected breaches to the CEO within 24 hours.
Complete annual HIPAA and data security training and sign confidentiality agreements.
____________________________________________________________________________
SECURITY MEASURES
PHI is safeguarded with encryption, secure portals, and restricted access.
Physical records are stored in locked cabinets in a code-locked office.
Breaches will be investigated promptly, with notifications to clients and authorities within 24 hours if confirmed.
____________________________________________________________________________
CONTACT INFORMATION
For questions, requests, or complaints, contact:
Privacy Officer, Edify Behavioral Applications
Phone: (989) 815-2157
Email: edify@edifyaba.com
You may also contact the U.S. Department of Health and Human Services at:
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: (800) 368-1019
____________________________________________________________________________
EFFECTIVE DATE
This notice is effective as of June 5, 2025, and may be updated as needed. Updates will be posted at our center and on our website.
____________________________________________________________________________
Report abuse