top of page
_edited.png)
Privacy and HIPAA Policies
Privacy Policy
Weclcome to Sunrise Autism, LLC ("company", "we", "our" or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you receive Applied Behavior Analysis (ABA) services, including in-person and telehealth services, or when you visit our website.
​
By accessing our website or services, you acknowledge that you have read and agree to this Privacy Policy.
1. Information We Collect
-
We may collect the following types of information:
Personal Information
-
Name
-
Address
-
Phone number
-
Email
Protected Health Information (PHI)
-
Diagnosis
-
Medical history
-
Treatment plans & clinical notes
-
Progress data
-
Insurance information
​​​
2. How We Use Your Information
-
We use your information to:
-
Provide in-person and telehealth ABA services
-
Create treatment plans
-
Coordinate care with authorized parties
-
Bill and process insurance claims
-
Respond to requests/inquiries
-
Improve user experience
-
Maintain internal records
-
Meet regulatory and legal requirements
-
-
We do not sell your information.
​
3. Telehealth Privacy
-
We offer ABA services through secure telehealth platforms.
-
We take measures to safeguard session data, including:
-
Secure/encrypted platforms
-
Authorized user access only
-
Session documentation stored under HIPAA-compliant security policies
-
-
However, internet-based services can carry some privacy risks.
​
4. Nevada-Specific Privacy Rights
Residents of Nevada have specific privacy rights under Nevada Revised Statutes (NRS) 603A, including the right to prevent certain types of personal information sales.
A. Opt-Out of Sale of Personal Information
-
Nevada residents may submit a request directing us not to sell their personal information.
-
We do not sell personal information.
-
However, if our practices change, Nevada consumers may opt-out by contacting us:
Email: JasonFinmark@sunriseautism.com
Phone: 857-272-7120
B. Data Security Requirements
-
We implement reasonable security measures as required under NRS 603A.210 to:
-
Protect records containing personal information
-
Prevent unauthorized access, acquisition, destruction, or use
-
C. Data Breach Notifications
In the event of a security breach involving personal information, we will comply with Nevada law (NRS 603A.220) regarding notification to affected individuals and agencies when required.
​
5. Legal Basis for Processing
-
We may process your information based on:
-
Consent
-
Contract obligations
-
Legal requirements
-
Treatment needs
-
Legitimate interests in providing and improving services
-
6. How We Share Your Information
-
We may share your information with:
-
Authorized healthcare/service providers
-
Insurance companies
-
Billing processors
-
Business associates
-
Schools or community agencies (with consent)
-
Legal authorities when required by law
-
-
We only share PHI as permitted by HIPAA and applicable laws.
7. Data Retention
-
We retain personal information as required to:
-
Provide treatment
-
Fulfill legal obligations
-
Maintain records of services
-
-
Records may be retained beyond service completion according to state regulations.
8. Data Security
-
We maintain administrative, technical, and physical safeguards to secure your information. While we strive to protect all data, no system is completely secure.
9. Minors
-
We collect information about minors only with parent/guardian consent. Parents/guardians may request access or corrections to their child’s records.
10. Cookies & Tracking Technologies
-
We may use cookies or analytics tools to:
-
Improve website performance
-
Understand traffic and visitor preferences
-
-
Browser settings may limit cookie use.
11. Third-Party Websites
-
Our website may contain links to third-party sites. We are not responsible for their privacy practices.
12. Policy Updates
-
We may update this Privacy Policy periodically.
-
The revised version will be posted with a new “Last Updated” date.
-
Continued use of our services constitutes acceptance of changes.
13. Contact Us
If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact:
Sunrise Autism, LLC​​
JasonFinmark@Sunriseautism.com
(857) 272-7120
2300 East Silverado Ranch Blvd. #1001, Las Vegas, Nevada 89183
Website/Technical Data
-
IP address
-
Device type
-
Browser type
-
Cookies or analytics
Telehealth Information
-
Audio/visual communication data
-
Records, reports, and session documentation
-
Platform connection details​
Billing & Insurance
-
Payment details
-
Policy numbers
-
Claims information
HIPAA Policy
Sunrise Autism, LLC is committed to safeguarding the privacy and security of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable Nevada privacy laws (NRS 603A) when providing Applied Behavior Analysis (ABA) services in-person and via telehealth.
​
This Policy describes how we collect, use, disclose, and protect PHI.
1. Purpose
-
The purpose of this Policy is to:
-
Ensure HIPAA compliance
-
Maintain confidentiality of PHI
-
Guide proper handling of PHI
-
Support client rights
-
Define breach response procedures
-
2. Scope
-
This Policy applies to anyone employed by Sunrise Autism, including:
-
BCBAs
-
RBTs/behavior technicians
-
Administrative staff
-
Contractors & business associates
-
Interns/volunteers
-
Any entity handling PHI for Sunrise Autism, LLC
-
3. What is PHI?
-
Protected Health Information (PHI) includes any information identifying an individual and relates to:
-
Health condition
-
Treatment
-
Payment for healthcare
-
-
Examples include:
-
Name, date of birth, address
-
Medical / developmental history
-
Diagnosis
-
Treatment data & notes
-
Insurance information
-
-
PHI may be:
-
Written
-
Electronic (ePHI)
-
Verbal
-
4. Allowed Use & Disclosure of PHI
-
We may use or disclose PHI for:
-
Treatment
-
ABA service delivery
-
Care coordination with authorized providers
-
-
Payment
-
Billing
-
Insurance authorization and claims
-
-
Healthcare Operations
-
Quality improvement
-
Staff training
-
Compliance / auditing
-
-
-
Outside of these purposes, PHI is only used or disclosed with written authorization unless legally required.
-
We will only disclose the minimum necessary PHI for its purpose.
5. Nevada-Specific Privacy Compliance
We comply with relevant Nevada privacy laws, including:
-
NRS 603A — Security of Personal Information
-
Nevada State Breach Notification Requirements
Data Breach Notification (NRS 603A.220)
-
If PHI or personal information is acquired by an unauthorized person:
-
We will notify affected individuals as soon as reasonably possible, unless law enforcement determines notification would impede an investigation.
-
Notifications will describe:
-
The breach
-
What information was involved
-
Recommended steps for protection
-
Mitigation efforts
-
-
If required, we will notify relevant state authorities.
-
​
6. Client Rights
-
Clients (or parents/guardians) have the right to:
-
Access PHI
-
Request corrections
-
Request limits on disclosures and disclosure history
-
Request confidential communication methods
-
Receive a copy of this policy
-
File complaints without retaliation
-
-
Requests must be submitted in writing to our Privacy Officer.
7. Privacy Officer
-
The Company maintains a designated Privacy Officer responsible for:
-
Managing HIPAA compliance
-
Staff training
-
Reviewing incidents
-
Responding to access/complaint requests
-
-
Privacy Officer Contact:
-
Name: __________________________
-
Phone: __________________________
-
Email: __________________________
-
8. Workforce Responsibilities
-
All personnel must:
-
Protect PHI
-
Use ePHI only via approved systems
-
Access PHI only when necessary for their role
-
Report privacy concerns or breaches immediately
-
-
Non-compliance may result in disciplinary action.
9. Safeguards
-
We protect PHI using:
-
Administrative Safeguards
-
HIPAA training
-
Business Associate Agreements
-
Access control policies
-
-
Physical Safeguards
-
Locked file storage
-
Controlled facility access
-
Secure disposal (shredding)
-
-
10. Telehealth PHI Protections
-
Telehealth ABA services are delivered through HIPAA-compliant platforms.
-
We ensure:
-
No recording unless explicitly authorized
-
Sessions occur in private settings
-
Encrypted communications
-
-
Families are encouraged to participate from a private environment to ensure confidentiality.
11. Business Associates
-
Business associates must sign a Business Associate Agreement (BAA) requiring:
-
Proper security practices
-
Restricted use of PHI
-
Breach reporting obligations
-
​
12. Record Retention
-
We retain PHI as required by:
-
HIPAA
-
State regulations
-
Insurance requirements
-
-
Once retention periods expire, PHI is securely destroyed.
13. Training
-
All staff and associates receive HIPAA training:
-
Upon hire
-
Annually
-
When regulations change
-
14. Complaints & Non-Retaliation
-
Clients may file privacy complaints to:
-
Our Privacy Officer
-
U.S. Department of Health & Human Services (HHS)
-
-
We prohibit retaliation for filing complaints.
15. Updates to This Policy
-
We may update this Policy periodically and revisions will be posted online with a new “Last Updated” date.
-
Continued use of services signifies acceptance.
Technical Safeguards
-
Secure telehealth platforms
-
Password protection
-
Encryption
-
Access logs
-
Secure electronic storage
​
bottom of page