top of page

Notice of Privacy Practices

Brain and Body Autism Center
Effective Date: Jan 1st, 2026

 

Your Information. Your Rights. Our Responsibilities.

This Notice describes how medical and therapy information about your child may be used and disclosed, and how you can access this information. Please review it carefully.

Important Privacy Commitment:

We do not share health information outside of our organization except when the law requires it, or when you authorize us to do so in writing. This includes information related to speech-language services, occupational therapy, socio-recreational activities, treatment plans, progress notes, and related records.

Your Rights

You (and your child’s legal personal representative) have the right to:

  • Get a copy of your child’s paper or electronic record

  • Ask us to correct your child’s record

  • Request confidential communications

  • Ask us to limit how we use or share information

  • Get a list of disclosures we have made

  • Get a copy of this privacy notice

  • Choose someone to act for your child, when legally authorized

  • File a complaint if you believe privacy rights have been violated

Get a Copy of the Record

You can ask to inspect or receive a paper or electronic copy of the record and other health information we maintain.

We usually provide copies within 30 days and may charge a reasonable, cost-based fee where permitted by law.

Ask Us to Correct the Record

You may ask us to correct information you believe is incorrect or incomplete. We may deny the request in certain circumstances, but we will explain why in writing.

Request Confidential Communications

You may ask us to contact you in a specific way (for example, by phone, email, or mail to a different address). We will accommodate reasonable requests.

Ask Us to Limit What We Use or Share

You may ask us not to use or share certain information for treatment, payment, or health care operations. We will consider all requests, although we may not be able to agree in every case.

If you pay out-of-pocket in full for a service, you may request that we not disclose that information to your health plan for payment or operations purposes, unless disclosure is required by law.

Get a List of Disclosures

You may request an accounting of certain disclosures we made of your child’s health information, as permitted by law.

File a Complaint

If you believe your privacy rights have been violated, you may contact:

info@brainandbodyautismcenter.com

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.

Our Uses and Disclosures


How We May Use Information Within Our Organization

We may use health information within our organization to:

 

Provide Treatment

We use information to provide speech-language pathology services, occupational therapy services, coordinate care among our clinicians and assistants, develop treatment plans, monitor progress, and support continuity of care.

Example: A speech-language pathologist may consult internally with a music and movement instructor regarding your child’s therapy goals.

Run Our Organization

We may use information internally for:

• Quality improvement
• Scheduling and administration
• Clinical supervision
• Training of workforce members
• Compliance and risk management

Bill for Services

We may use information as needed for billing and payment.

Example: We may submit required information to SDP Financial Management Services to obtain payment for covered services

Our Strict Privacy Practice

As a general rule, we do not share health information outside our organization.
We only disclose information outside the organization when: 1. You authorize it in writing (for example, coordinating with a school district, pediatrician, or ABA provider); or 2. Disclosure is required by law.

This means we do not disclose health information to outside persons or entities for routine business purposes beyond what the law requires.

Disclosures Required or Permitted by Law

We may disclose information outside the organization only when required or specifically authorized by law, including:

Mandatory Reporting and Safety

We may disclose information when legally required for:

• Suspected child abuse or neglect reporting
• Preventing or reducing a serious and imminent threat to health or safety • Public health reporting where required by law

 

Health Oversight and Legal Compliance

We may disclose information if required for:

• Audits, investigations, or inspections authorized by law
• Compliance with state or federal regulations
• Responding to a valid court order, subpoena, or other legal mandate when required

Workers’ Compensation or Government Requests

We may disclose information when legally required for specific government functions or workers’ compensation matters.

Special Protections for Minors and Developmental Disabilities

Information

Because we serve children, including autistic children, some records may include developmental, behavioral, educational, and family-provided information.

We apply privacy protections to all such information in accordance with:

• HIPAA
• California Confidentiality of Medical Information Act (CMIA)
• Applicable California laws governing minors’ records and health information

Where California law provides greater privacy protection than federal law, we follow California law.

Parent and Guardian Rights

In most cases, a parent or legal guardian acts as the child’s personal representative and may exercise rights described in this Notice, unless limited by applicable law.

Our Responsibilities

We are required by law to:

  • Maintain the privacy and security of protected health information

  • Provide this Notice and follow the practices described in it

  • Notify affected individuals if a reportable breach occurs

• Not use or disclose information other than as described here unless you authorize us in writing or the law requires it

If you give us permission to share information, you may revoke that permission in writing at any time, except to the extent we have already acted on it.

Our Choices (Authorization-Based Sharing)

Because our practice does not share health information outside the organization except as legally required or authorized by you, disclosures such as the following require your written authorization unless otherwise required by law:

  • Sharing information with schools or IEP teams

  • Sharing with outside physicians or therapists not part of our organization

  • Sharing with family members not legally authorized to receive information

  • Marketing (we do not use health information for marketing)

  • Sale of information (we do not sell personal information)

California-Specific Privacy Statement

In addition to HIPAA protections, California law may provide stronger privacy protections.

California Confidentiality of Medical Information Act (CMIA)

California’s Confidentiality of Medical Information Act (Civil Code §§56 et seq.) may impose stricter requirements than HIPAA in certain circumstances. Where CMIA provides greater protection, we follow CMIA.

Under CMIA and other applicable California law:

  • We do not disclose medical information without authorization unless a specific legal exception permits or requires disclosure.

  • Uses and disclosures are limited to the minimum permitted or required by law.

  • Unauthorized access, use, or disclosure of medical information may carry remedies and penalties under California law.

  • Where required, we provide notices and breach notifications consistent with California law in addition to HIPAA requirements.

 

 

Additional Protections for Minor Patients
Because we serve minors, including autistic children and children with developmental disabilities, we apply additional care to confidentiality involving minor records.

Subject to applicable law:

  • Parents or legal guardians generally act as the child’s personal representative and may exercise privacy rights on the child’s behalf.

  • If California law grants a minor independent confidentiality rights for a particular service or circumstance, we honor those protections as required by law.

  • We limit disclosures involving schools, educational advocates, caregivers, and non-parent family members unless authorized or legally required.

  • Records that may contain developmental assessments, behavioral observations, caregiver reports, therapy notes, and educationally relevant information are treated as protected medical information.

 


Authorization for School and Third-Party Coordination
Because pediatric therapy often involves coordination with outside parties, we generally require written authorization before sharing information with:
• School districts, IEP teams, or educational providers
• Outside therapists or providers not part of our organization
• Regional centers or case management entities, unless disclosure is legally authorized or required


California Minor Privacy and Greater Restrictions
Where California law imposes greater restrictions than HIPAA regarding minors, parental access, or disclosure of sensitive records, those stricter protections control.
This may include limits or conditions relating to:

  • Access rights in situations governed by California minor consent laws

  • Special protections for particularly sensitive information where applicable

  • Additional restrictions on redisclosure when records are shared pursuant to authorization or legal mandate

  • We do not sell or share personal information for commercial purposes. In addition to HIPAA protections:

  • We do not sell or share personal information for commercial purposes.

  • We maintain confidentiality consistent with California law, including the CMIA.

  • Where California law imposes stricter privacy protections than HIPAA, those stricter protections apply.

Changes to This Notice

We may change the terms of this Notice. Changes will apply to all information we maintain and the updated notice will be available upon request and on our website.

bottom of page