Privacy breaches are an ongoing compliance risk for ABA providers, and knowing when a breach is reportable is critical for protecting your organization, your clients, and you. Many ABA business and clinical leaders are surprised to learn that not every privacy incident has to be reported (but plenty of them do) often under both federal and state law. With the deadline coming up at the end of February to report smaller HIPAA breaches that occurred in 2025 to HHS, now’s a good time to revisit how reportability decisions actually work. To help, we’ve created a free HIPAA Breach Reportability Decision Tool for ABA Providers that walks you through a four-factor risk assessment you should complete when a privacy incident happens, and highlights key reporting deadlines. We’ll also break this down using real-world ABA scenarios and share how ongoing compliance support can help you handle breaches with more confidence and less guesswork.
