Privacy Notice

PURPOSE OF PRIVACY NOTICE

The purpose of the privacy notice is to notify everyone about Reach High Consulting’s data protection practices and policies. Reach High Consulting acts as its own data controller meaning we are responsible for keeping your personal data stored securely and that we may use your personal data to perform some of our essential job functions.

WHY DO YOU NEED MY PERSONAL DATA?

The legalities surrounding the data that is collected and processed is primarily tied to our ethical and legal requirement to provide sufficient data to insurance providers regarding completion of ABA services for your child. We are required to securely store the information for at least 7 years before it can be permanently destroyed. Reach High Consulting uses your personal data to complete the following functions:

  • Billing and Reimbursement
  • Communication
  • Staff Training (Child Programming Data)
  • Scheduling and Care Management
  • Direct ABA Services

Our daily programming functions may require limited access to direct identifiers such as your child’s name and birth date or your address if we provide pick-up/drop off services. We do not share your information with any third-party companies outside of the uses outlined in this document.

We also use programming data collected during your child’s ABA sessions to monitor how effective our treatment plans are and to provide us with some insight for future ABA services we provide to other clients.

WHO IS COLLECTING THE DATA?

THERAPISTS AND RBTS

These are the direct care staff at RHC. They work with your children daily running programs written by our BCBA’s. The data they collect is regarding, your child’s progression with programs and information about their behaviors throughout the sessions.

PROGRAMMING MANAGEMENT TEAM (BCBA’S & SELECT ABA GRADUATE STUDENTS)

The program management team utilizes the information collected by our therapists and RBT’s to revise and update treatment plans that include goals for your children and include the programs to help them achieve those goals.

ADMINISTRATIVE STAFF MEMBERS

Our administrative staff members support the programming team with backend management including tasks like billing, scheduling and communicating with families. Financial information that the administrative team utilizes for co-payments and deductibles is not made accessible to members of our programming team.

DATA STORAGE METHODS

All paper data that is collected and stored is kept in locked filing cabinets that only authorized personnel have access to. For long-term storage, data is digitized and securely stored using encrypted cloud-storage. Most of the data collected at RHC is collected and stored digitally to reduce the risk of unauthorized access to personally identifiable information about you, your family, or your child.

THIRD PARTY SHARING

We share personally identifiable information about your child with your insurance provider for the purposes of our legal obligation to sufficiently prove completion of ABA services. We also share insurance information and session information (such as times, and duration) periodically with third-party billing companies for the purposes of reimbursement from your insurance provider. We do not share more information than is necessary for the service provided by any of our third-party contacts.

SAFEGUARDS IN PLACE TO PROTECT YOUR PERSONAL DATA

When sharing your personal data with a third-party company, we utilize cloud storage services and file sharing services offered through Google’s GSuite. Long-term storage of personal client data is also kept on Citrix’s

ShareFile

which is another secure file sharing service. Most insurance companies provide a secure portal for uploading necessary documentation for billing.

SHAREFILE BY CITRIX’S PRIVACY POLICY

https://www.sharefile.com/privacy-shield

GOOGLE CLOUD SECURITY AND COMPLIANCE WHITEPAPER

https://storage.googleapis.com/gfw-touched-accounts-pdfs/google-cloud-security-and-compliancewhitepaper.pdf

YOUR RIGHTS TO YOUR DATA OR YOUR CHILD’S DATA

ACCESSING OR RECTIFYING YOUR PERSONAL DATA

You have the right to access information regarding the progress your child is making according to treatment plan goals and the data that is collected during ABA services. You can request a record of our current information for you or your child to verify and correct personal data that has been collected.

DELETION

We are required, by law, to maintain records for services provided for at least 7 years, therefore we cannot always delete the data we have on file regarding you or your child’s services. This data is securely stored, and access is restricted in accordance with HIPAA laws.

RESTRICT OR WITHDRAW CONSENT

You have a right to request that we halt or restrict data collection about your child, however, we will not be able to provide adequate ABA services without your consent to collect data about your child. This request may result in a termination of services.

PORTABILITY

We make it a point to make our programming data easily accessible during prescheduled parent meetings and trainings. We request that this information is accessed primarily during these prescheduled times to allow us time to prepare the information requested and to ensure you can access an ABA professional for questions you may have about your child’s progress. You can request that we send your child’s information and data to another authorized medical or ABA provider for transitioning purposes.

PRIVACY NOTICE CONTACT INFORMATION

If you have any questions regarding our privacy notice or the use of your information, please contact our compliance
director at [email protected].

CONSENT

By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.

Consent is required for Reach High Consulting and Therapy to process both types of personal data (personally identifiable and non-identifiable), but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.

You may withdraw consent at any time by contacting our compliance director at [email protected]. The withdrawal is not complete until you receive an email confirmation from the director indicating that Reach High Consulting has received and processed your withdrawal request. Please note that withdrawal of consent may result in the termination of services if we are unable to fulfill our ethical and legal obligations to you as a client.