Skip to main content
Lone Star ABA

Privacy Policy

Effective Date: 05/28/2026

1. Introduction

Lone Star ABA Services LLC (“Lone Star ABA,” “we,” “our,” or “us”) is a telehealth-based Applied Behavior Analysis (ABA) practice based in Texas. This Privacy Policy explains how we collect, use, disclose, and protect information through our website at www.lonestaraba.com and in the course of providing services. Our collection and use of Protected Health Information (PHI) is separately governed by our Notice of Privacy Practices, which is provided to patients at intake pursuant to the Health Insurance Portability and Accountability Act (HIPAA) and the Texas Medical Records Privacy Act (Texas Health & Safety Code Chapter 181, also known as HB 300).

2. Information We Collect

Through our website today, the only information you provide directly is the email address you submit to join our waitlist (and, if you apply for a role, the email address and resume you send us). The categories below describe the full range of information we collect once clinical intake and services begin.

A. Information You Provide Directly

Once clinical intake and services begin, this will include:

  • Contact details such as name, phone number, email address, and mailing address.
  • Information about your child and family that you submit through intake or contact forms.
  • Insurance information you provide for verification of benefits.
  • Correspondence with our team (email, messages, call notes).

B. Information Collected Automatically

Our current pre-launch website does not use analytics or advertising cookies and does not deploy third-party tracking pixels. As with most websites, our hosting provider may keep standard server logs (such as IP addresses and timestamps) for security and reliability. If we enable website analytics in the future, we will update this policy and describe what is collected before doing so.

C. Protected Health Information (PHI)

Once services begin, we collect and maintain PHI as defined by HIPAA. The handling, use, and disclosure of PHI is governed by our separate Notice of Privacy Practices, which patients receive at or before the start of care. This website-facing Privacy Policy does not replace that Notice.

3. How We Use Information

  • To respond to inquiries and schedule consultations.
  • To verify insurance eligibility and coordinate authorization for services.
  • To provide, coordinate, and document clinical care.
  • To comply with legal, regulatory, and accreditation obligations.
  • To improve our website and services.

4. How We Share Information

We do not sell personal information. Our use and disclosure of Protected Health Information (PHI) for treatment, payment, and healthcare operations is governed by our Notice of Privacy Practices, which controls over this website policy. We may share information with:

  • Treatment partnersinvolved in your child’s care, consistent with HIPAA’s treatment, payment, and healthcare operations (TPO) provisions.
  • Business Associates that provide services on our behalf (for example, electronic health records, telehealth platforms, secure email, billing, analytics). Each is bound by a Business Associate Agreement (BAA) where required.
  • Government or regulatory bodies when required by law, subpoena, or to prevent imminent harm.
  • Insurance payers as necessary to verify benefits, obtain authorization, and submit claims.

5. Cookies And Analytics

Our website does not currently use analytics or advertising cookies, and we do not allow third-party advertising or social-media tracking pixels on our domain. Strictly necessary cookies may be used to operate the site. If we introduce analytics in the future, we will update this policy and, where required, provide a cookie notice.

6. Minors’ Privacy

We provide services to individuals and families under the care of a parent, legal guardian, or authorized caregiver. We do not knowingly collect information directly from minors via our website. Information about a minor is provided by a parent, legal guardian, or authorized caregiver as part of the intake or service process.

Pursuant to the Texas Securing Children Online through Parental Empowerment Act (the “SCOPE Act,” Texas Business & Commerce Code Chapter 509), we do not display targeted advertising to known minors, do not sell personal information of known minors, and do not permit minors to create accounts on this website.

7. Data Security

As we prepare to begin services, we are implementing administrative, physical, and technical safeguards designed to protect your information, consistent with the HIPAA Security Rule. These safeguards include encryption of PHI in transit and at rest, workforce training, role-based access controls, and audit logging. No system is perfectly secure; we cannot guarantee absolute security of any information transmitted to or from us.

Email sent from personal accounts (such as Gmail, Yahoo, or iCloud) is not encrypted end-to-end. Please do not send protected health information by unsecured email. We will provide secure communication channels at intake.

8. Your Rights

Depending on your relationship with Lone Star ABA and applicable law (HIPAA, Texas HB 300, and other state laws), you may have rights to:

  • Request access to your or your child’s health records.
  • Request an amendment to your records.
  • Request an accounting of certain disclosures.
  • Request restrictions on certain uses or disclosures.
  • Request confidential communications.
  • Receive a paper copy of the Notice of Privacy Practices.
  • File a complaint with us or with the U.S. Department of Health & Human Services, Office for Civil Rights.

To exercise these rights, contact our Privacy Officer at privacy@lonestaraba.com, 737-241-0143.

9. Texas-Specific Notice (HB 300)

The Texas Medical Records Privacy Act (Chapter 181 of the Texas Health & Safety Code) provides protections that may exceed HIPAA in certain respects, including training requirements, restrictions on sale of PHI, and enhanced penalties. Lone Star ABA maintains a compliance program designed to meet these requirements.

10. Texas Data Privacy & Security Act

Under the Texas Data Privacy and Security Act (Texas Business & Commerce Code Chapter 541, effective July 1, 2024), Texas residents have the right to:

  • Confirm whether we are processing your personal data and access that data.
  • Correct inaccuracies in your personal data.
  • Delete personal data you provided or that we obtained about you.
  • Obtain a portable copy of personal data you provided to us.
  • Opt out of the processing of your personal data for targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects.

To exercise these rights, contact our Privacy Officer using the information in Section 8. We will respond within 45 days. You may appeal a denial by replying to our written response within a reasonable time. If your appeal is denied, you may file a complaint with the Texas Attorney General at texasattorneygeneral.gov/consumer-protection.

Many categories of data we hold are exempt from the TDPSA — for example, protected health information governed by HIPAA, and data held by a HIPAA-covered entity. This section applies to non-exempt personal data, such as the email address you submit to join our waitlist. Protected Health Information is handled under our Notice of Privacy Practices.

11. Text Messaging

We send only transactional text messages — appointment reminders, service coordination, and administrative notices. We do not send marketing texts. If you provide your phone number during intake or in the course of services, you consent to receive these messages; your consent is obtained at intake and is not a condition of receiving services. (Our website does not collect phone numbers.) Message frequency varies. Message and data rates may apply. Reply STOP at any time to opt out, or HELP for assistance. Opting out of text messages will not affect your ability to receive services.

12. Data Retention

We retain clinical records for a minimum of seven (7) years after the last date of service, or longer if required by law, payer contract, or professional licensure rules. Because we serve minors, applicable Texas law may require us to retain a minor’s records for a longer period (in some cases extending past the age of majority), and we retain records for at least as long as the law requires. Website inquiry data (such as contact form submissions that do not become client records) is retained for up to twenty-four (24) months and then deleted or de-identified. Backup copies may persist for a limited additional period before being overwritten.

13. Breach Notification

In the unlikely event of a breach affecting your personal information or protected health information, we will notify affected individuals and, where required, regulators as required by the HIPAA Breach Notification Rule (45 CFR §§ 164.400–414) and the Texas Identity Theft Enforcement and Protection Act (Texas Business & Commerce Code § 521.053). We will provide any required notice within the timeframes required by applicable law.

14. Do Not Track

Our website does not respond to Do Not Track (DNT) browser signals at this time.

15. Changes To This Policy

We may update this Privacy Policy periodically. Material changes will be posted here with an updated effective date. Continued use of our website after changes constitutes acceptance of the revised policy.

16. Contact

Lone Star ABA Services LLC
Phone: 737-241-0143
Email: info@lonestaraba.com

Please do not include detailed health information in messages to these general addresses; we will provide secure communication channels at intake.