Notice of Privacy Practices

Everything On The Spectrum, LLC
2117 Metro Circle, Suite A
Huntsville, AL 35801
Phone: (256) 701-4410 · Fax: (256) 564-7320
Effective Date: May 16, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

About this Notice

This Notice of Privacy Practices applies to all protected health information ("PHI") that Everything On The Spectrum, LLC ("EOTS," "we," "our," or "us") creates, receives, maintains, or transmits about the children and families we serve. "You" in this Notice refers to the patient — or, when the patient is a minor, the parent or legal guardian acting on the patient's behalf.

EOTS is a pediatric therapy practice providing Applied Behavior Analysis (ABA), Speech-Language Pathology (SLP), and Occupational Therapy (OT) services. We are required by law to maintain the privacy of your PHI, to provide you with this Notice of our legal duties and privacy practices, and to follow the terms of the Notice currently in effect.

Our Pledge to You

We understand that your child's health information is personal. We are committed to protecting it. We use and disclose PHI only as permitted by federal and state law, and we apply administrative, physical, and technical safeguards to keep it confidential.

How We May Use and Disclose Your Health Information

The following categories describe the ways we may use and disclose PHI without your written authorization. Not every possible use or disclosure within a category is listed; all uses and disclosures we make will fall within one of these categories or will require your written authorization.

For Treatment

We use and share PHI to provide therapy services to your child. This includes coordination among the BCBA, RBTs/Behavior Technicians, Speech-Language Pathologists, Occupational Therapists, and any clinical staff involved in your child's care.

For Payment

We use and share PHI to bill and receive payment for the services we provide. This includes communicating with your health plan to obtain authorization for services, submitting claims, and following up on unpaid balances.

For Health Care Operations

We use and share PHI to run our practice, improve the care we provide, and contact you about services. This includes quality assessment, clinical training and supervision, credentialing, audits, and business management.

To Family, Friends, and Others Involved in Care

Because our patients are minors, we routinely communicate with parents and legal guardians as part of treatment. With the parent's or guardian's permission, we may also share relevant information with other family members or caregivers involved in the child's care, or with schools as part of educational coordination. Sharing of records with schools beyond verbal coordination requires a signed Authorization to Release Information.

Appointment Reminders and Treatment Information

We may contact you to remind you of appointments or to provide information about treatment alternatives or other health-related benefits and services that may be of interest. Reminders may be sent by phone, email, text message, or through our patient portal.

Required by Law

We will use and disclose PHI when required to do so by federal, state, or local law.

Public Health Activities

We may disclose PHI for public health activities, including preventing or controlling disease, reporting births and deaths, reporting medication reactions or product problems, and notifying public health authorities of exposure to communicable diseases.

Reporting Child Abuse, Neglect, or Domestic Violence

Alabama law requires all healthcare providers who suspect that a child has been abused or neglected to report that suspicion to the Alabama Department of Human Resources or to law enforcement (Ala. Code § 26-14-3). We will make such reports as required by law. We will also notify appropriate authorities if we reasonably believe you or another person may be a victim of abuse, neglect, or domestic violence.

Health Oversight, Judicial Proceedings, Law Enforcement, and Threats to Safety

We may disclose PHI to health oversight agencies for authorized activities; in response to court orders, subpoenas, or other lawful process; for law enforcement purposes as permitted by law; and when necessary to prevent a serious threat to your health or safety or that of another person.

Workers' Compensation; Coroners; Organ Donation; Specialized Government Functions

We may release PHI to comply with workers' compensation laws; to coroners, medical examiners, and funeral directors as needed for their duties; to organ donation organizations if applicable; and for specialized government functions such as military, national security, or protective services.

Business Associates

Some services are provided to EOTS by third-party vendors known as "business associates." Examples include our cloud-services provider (Google Cloud and Google Workspace, with whom we maintain a Business Associate Agreement), our electronic medical record vendor, and our billing system. When we share PHI with a business associate, we require them by contract to protect your PHI in the same way we do.

Uses and Disclosures Requiring Your Written Authorization

Other uses and disclosures of PHI not described above will be made only with your written authorization. You may revoke an authorization in writing at any time, except to the extent we have already taken action in reliance on it. In particular, the following uses always require your written authorization:

Most uses and disclosures of psychotherapy notes (if applicable to your child's care);
Uses and disclosures of PHI for marketing purposes;
Disclosures that constitute a sale of PHI; and
Photographing or video-recording your child for clinical training, educational, or any other purpose. This authorization is captured on a separate Photo/Video Release form, which you may grant or decline without affecting your child's treatment.

Your Rights Regarding Your Health Information

You have the right to: inspect and copy the PHI we use to make decisions about your child's care; request amendments; receive an accounting of disclosures; request restrictions on uses and disclosures; request confidential communications at a specific location or by a specific method; obtain a paper copy of this Notice; and be notified of any breach of unsecured PHI.

To exercise any of these rights, please submit a written request to our Privacy Officer at the address below.

Our Duties

We are required by law to maintain the privacy and security of your PHI, to provide you with this Notice of our legal duties and privacy practices, to notify you if a breach occurs, to abide by the terms of this Notice currently in effect, and not to use or share your PHI other than as described here unless you tell us we can in writing.

Changes to This Notice

We reserve the right to change the terms of this Notice and to make the new terms effective for all PHI we maintain. When we make a material change, we will post the revised Notice in our office, on our website, and on the patient intake portal. The effective date of the new Notice will appear at the top of the document.

How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.

To file with HHS, contact: Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201. Phone: 1-877-696-6775. Web: www.hhs.gov/ocr/privacy/hipaa/complaints/

Contact Information

Privacy Officer: Dana Thompson
Title: Owner / Clinical Director
Everything On The Spectrum, LLC
2117 Metro Circle, Suite A
Huntsville, AL 35801
Phone: (805) 405-6440
Email: dana@everythingonthespectrum.com