Aspire Consulting, Inc.
Aspire Consulting, Inc. ("us", "we", or "our") operates the AspireConsultingInc.com website (hereinafter referred to as the "Online Service"). This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our ABA therapy services, as well as our Online Service and the choices you have associated with that data.
We use your data to provide and improve our ABA therapy services as well as the Online Service. By using the Online Service, you agree to the collection and use of information in accordance with this policy.
Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from AspireConsultingInc.com
Definitions
PHI is Protected Health Information in any form, including physical records, electronic records, or spoken information. PHI includes physical and mental health records, health histories, lab test results, and medical bills. Essentially, all health information is considered PHI when it includes individual identifiers that can be used to identify, contact or locate a person.
Online Service is the AspireConsultingInc.com website operated by Aspire Consulting, Inc.
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies are small files stored on your device (computer or mobile device).
HIPAA Compliance
MEDICAL RECORD TRANSMISSION
At Aspire Consulting, Inc. we strive to ensure that all necessary precautions are taken to protect the identifying information of our clients and their families. Medical documentation must be secure at all times to prevent chance of breach of confidentiality and to maintain compliance with HIPAA.
Medical Documentation Includes:
Intake Client Information Forms
Intake Parent Concern Forms
Third party assessments or evaluations provided by the family for consideration
IEP reports
Assessments conducted by Aspire Consulting, Inc. clinical staff
Treatment care plans for Aspire Consulting, Inc. clients
Insurance authorization forms containing client-specific information
Insurance cards or any documents containing client-specific billing information
BCBA team meeting notes and session notes
Daily Session Notes completed by direct care staff
Client service provision time sheets
Any other documentation that contains identifying client-specific information
It is imperative that the transmission of documents occurs via encrypted, protected channels. To ensure additional protection of the above records:
BCBA team meeting notes and session notes contain client initials only
Correspondence via email contains client initials only
Access to medical records will be available to Aspire Consulting, Inc. clinical or administrative staff only. Administrative sharing ability is limited to Morgan Mix, M.S., BCBA/Owner.
Medical records transferred between Aspire Consulting, Inc. employees will be transmitted through the company HIPAA-compliant methods.
Any potential HIPAA violations should be reported to Morgan Mix, M.S. BCBA/Owner immediately, and the potential violation will be investigated and breach policy procedure will be implemented by the appointed HIPAA privacy officer.
CONFIDENTIALITY
Our clients and other parties with whom we do business entrust the company with important information relating to their treatment and family dynamics. It is our policy that all information considered confidential will not be disclosed to external parties or to employees without a “need to know.” If an employee questions whether certain information is considered confidential, they should first check with their immediate supervisor. This policy is intended to alert employees to the need for discretion at all times and is not intended to inhibit normal business communications. Employees will use client initials of their first and last name on all documents, when communicating via email and/or text.
Information Collection And Use
We collect several different types of information for various purposes to provide and improve our Online Service to you.
Types of Data Collected on AspireBehavioralTherapy.com
Personal Data While using our Online Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
Cookies and Usage Data
Usage Data We may also collect information on how the Online Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking & Cookies Data We use cookies and similar tracking technologies to track the activity on our Online Service and we hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Online Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Online Service.
Examples of Cookies we use:
Session Cookies. We use Session Cookies to operate our Online Service.
Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
Security Cookies. We use Security Cookies for security purposes.
Use Of Data
Aspire Consulting, Inc. uses the collected data for various purposes:
To provide and maintain our Online Service
To notify you about changes to our Online Service
To allow you to participate in interactive features of our Online Service when you choose to do so
To provide customer support
To gather analysis or valuable information so that we can improve our OnlineService
To monitor the usage of our Online Service
To detect, prevent and address technical issues
Transfer and Storage Of Data and PHI
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
Aspire Consulting, Inc. will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. Employees complete HIPAA compliance training annually and are only given access to PHI on an as-needed basis. Devices used to store or transfer PHI will use encrypted methods of transfer, have password protection on the device, and be able to be locked and/or wiped remotely in the event of loss of the device. Aspire Consulting, Inc. utilizes HIPAA-compliant Dropbox and Google cloud storage, and those service providers back up the data securely and have a Business Associate Agreement (BAA) with Aspire Consulting, Inc.
Electronic records of designation of organizations as Covered Entities (CEs) or BAAs are maintained for a minimum of 6 years from the date of their creation or 6 years from the date last in effect, whichever is later. Medical records will be maintained for a minimum of 10 years, in compliance with Illinois law.
Disclosure Of Data
LEGAL REQUIREMENTS
Aspire Consulting, Inc. may disclose your Personal Data in the good faith belief that such action is necessary to:
To comply with a legal obligation
To protect and defend the rights or property of Aspire Consulting, Inc.
To prevent or investigate possible wrongdoing in connection with the Online Service
To protect the personal safety of users of the Online Service or the public
To protect against legal liability
Security Of Data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Service Providers
We may employ third party companies and individuals to facilitate our Online Service ("Service Providers"), provide the Online Service on our behalf, perform Online Service-related services or assist us in analyzing how our Online Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
GOOGLE ANALYTICS
We use a third-party Service Provider to monitor and analyze the use of our Online Service. We DO NOT sell collected data to any third party. We value your privacy and use our analytics to improve the content and user experience in our Online Service.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Online Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the Online Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.
Links To Other Sites
Our Online Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Children's Privacy
Our Online Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
MEDIA DISCLAIMER
We use stock photos throughout our website and do not use photos of any of our patients in any marketing campaigns without the written consent of the parents.
Changes To This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Online Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us.
Effective date: April 2022