Our Position on HIPAA

Get ABA Suite processes clinical data that may include Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We take this responsibility seriously.

Our platform is designed with HIPAA awareness built into its architecture. We implement administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of PHI that is created, received, maintained, or transmitted through our products.

What Is PHI in the Context of Get ABA Suite?

When ABA professionals use Get ABA Assessments or Get RBT Notes to document client care, the data entered may include:

• Client names and dates of birth
• Diagnostic codes (ICD-10-CM)
• Behavioral observation data
• Assessment results and clinical narratives
• Session notes and treatment documentation

This information constitutes PHI when it can be linked to an identifiable individual.

How We Handle PHI

De-Identification Before AI Processing

This is the most critical aspect of our data handling:

• When AI features generate clinical narratives, assessment report sections, or session note drafts, all personally identifiable information is removed before data is sent to AI models.
• The AI receives only de-identified clinical observations, behavioral data, and structured assessment inputs.
• Re-identification occurs only within our secure platform after the AI-generated content is returned — and only to present the complete draft to the authorized clinician for review.

📊

The flow:

1. Clinician enters clinical data (which may include PHI) into the platform
2. Platform separates identifiable information from clinical observations
3. De-identified clinical data is sent to the AI model for narrative generation
4. AI returns draft clinical text based on de-identified data
5. Platform recombines the draft with patient identifiers
6. Clinician reviews, edits, and approves the complete document

PHI Storage

• All PHI is stored on AWS infrastructure with encryption at rest (AES-256) and in transit (TLS 1.2+)
• Access to PHI is restricted to authenticated, authorized users based on their role
• Documents containing PHI are accessible only through signed, time-limited URLs — never through public links
• PHI is retained in accordance with applicable healthcare record retention requirements

Business Associate Agreement (BAA)

Organizations subject to HIPAA that use Get ABA Suite to process PHI may require a Business Associate Agreement. We are prepared to enter into BAAs with covered entities and their business associates as appropriate.

To request a BAA or discuss HIPAA compliance requirements for your organization, contact contact@getabasuite.com.

Security Safeguards

Administrative Safeguards

• Workforce training — Team members with access to systems containing PHI receive training on HIPAA requirements and our internal data handling policies
• Access management — Access to PHI is granted on a need-to-know basis and reviewed regularly
• Incident response procedures — Documented procedures for identifying, reporting, and responding to security incidents involving PHI
• Business associate management — Third-party services that may process PHI operate under appropriate agreements

Technical Safeguards

• Access control — Role-based authentication ensures users access only the data appropriate to their role
• Encryption — AES-256 encryption at rest; TLS 1.2+ encryption in transit
• Audit controls — All access to PHI is logged with timestamps, user identification, and action taken
• Integrity controls — Soft-delete architecture prevents unauthorized destruction of clinical records
• Transmission security — All data transmission occurs over encrypted channels

Physical Safeguards

• AWS data centers — Our infrastructure is hosted in AWS data centers that maintain SOC 2, ISO 27001, and HIPAA compliance certifications
• No on-premise PHI — Get ABA Suite does not store PHI on local servers or physical media outside of AWS infrastructure
• Device security — Administrative access to production systems requires multi-factor authentication from secured devices

Compliance Scope and Limitations

We want to be transparent about what our HIPAA compliance covers and where responsibilities are shared:

What We Do

• Implement technical and administrative safeguards to protect PHI within our platform
• De-identify data before AI processing
• Provide secure storage and access controls for clinical data
• Maintain audit logs and incident response procedures
• Enter into Business Associate Agreements when appropriate

Shared Responsibilities

• Account security — You are responsible for maintaining the security of your login credentials and for ensuring only authorized individuals access your account
• Clinical accuracy — You are responsible for reviewing and approving all content — including AI-generated drafts — before it becomes part of the clinical record
• Appropriate use — You are responsible for using the platform in accordance with your organization’s HIPAA policies and applicable state and federal regulations
• Device security — You are responsible for securing the devices from which you access the platform

What We Do Not Claim

• We do not claim to be a HIPAA-certified organization (no such certification exists under HIPAA)
• We do not provide legal advice regarding your HIPAA obligations
• Compliance with HIPAA is a shared responsibility between Get ABA Suite and the organizations and individuals who use our products

Continuous Improvement

HIPAA compliance is not a one-time achievement. We continuously review and update our safeguards in response to:

• Changes in HIPAA regulations and guidance
• Evolving security threats and best practices
• Growth in platform features and data processing capabilities
• Feedback from covered entities and compliance professionals

Contact

For questions about HIPAA compliance, to request a BAA, or to report a potential PHI-related concern:

AC Partners LLC
Email: contact@getabasuite.com
Phone: +1 (561) 283-3549

---

© 2026 AC Partners LLC. All rights reserved. Get ABA Suite, Get RBT Training, Get ABA Assessments, and Get RBT Notes are products of AC Partners LLC. RBT® is a registered trademark of the Behavior Analyst Certification Board®, used with limited permission. BCBA® and BCaBA® are registered trademarks of the Behavior Analyst Certification Board®.