A new era is coming for HIPAA compliance, and it’s going to affect every ABA provider in the country. In April 2025, Reuters reported a series of legal developments and regulatory updates that signal the biggest overhaul to privacy rules in more than a decade. For ABA business owners—whether you’re a solo practitioner, a multi-site group, or somewhere in between—this is a wake-up call.
Here’s why: The new HIPAA environment isn’t just about paperwork. It’s about protecting your clients, your staff, and the future of your ABA business in a landscape where the risks are higher, the tech is smarter,...
Check Out Our Other Articles
ABA Weekly: Lifelines, Benchmarks & Compliance—Join us Live at 8 AM Eastern
The Real Benchmark: What HealthBench, AI, and ABA’s Future Mean for Kids
When Systems Fail Families, ABA Can Still Be a Lifeline
How to Improve ABA Supervision with Allyson Wharam of ‘ABA in the Field’
ABA Business Weekly: HIPAA, M&A, and Turning the Tide in Special Ed - Live at 8AM Eastern today!
HIPAA Breaches Aren’t Just a “Big Company” Problem: What ABA Businesses Need to Learn from the WellNow Settlement
Turning the Tide: How ABA Leaders Can Rebuild Trust in Special Education
Navigating the 2025 ABA M&A Surge: What Ethical Practice Owners Need to Know
Ego Driven Hiring: A Wake-Up Call for ABA Business Owners
Waiving Co-Pays and the Power of Partnership - Live New Today at 8 AM Eastern
NASQN & 3 Pie Squared Partner to Empower Ethical ABA Practice Growth
When Discounts Cross the Line: What ABA Practice Owners Need to Know About Waiving Deductibles
Clarity, Capacity, and Efficiency with Silna
Chaos, Contracts & Chatbots: What’s Really Steering ABA? - Live news today - 8 AM Eastern in Facebook
The Contract Temptation: Why Classifying BCBAs as 1099s May Be a Risk for ABA Companies
When Systems Fail Quietly: Optum, Medicare Fraud, and the ABA Fallout We Can’t Ignore
Whose Hand Is on the Wheel? What a Reddit AI Experiment Means for the Future of Clinical Judgment in ABA
Finding Joy in the Journey
Two Truths and a Wake-Up Call: Medicaid Cuts, Treatment Intensity, and the Future of ABA - Live discussion today at 8 AM Eastern
The Real Impact of Medicaid Cuts on ABA Therapy: What Providers and Families Need to Know
Quality Is a Choice: What Treatment Intensity Says About Who We Are in ABA
3 Things We Thought Would Be Easier!
Celebrating Mothers (and Everyone Else Who Deserves a Break): 50% Off the ABA Business Leaders Platform This Weekend Only!
Experts, X-Rays, and Indiana Drama: Live discussion today at 9:00 AM Eastern
Who Gets to Speak in ABA—and What Does That Say About Us?
Indiana Is Back in the News: What ABA Providers Need to Know About the State’s Latest Push for Cost Controls
How Applied Behavior Analysis Can Improve Healthcare Systems
Dealing with workplace drama!
🧩 Trends, Truths & Turning Points: What’s Shaping Autism and Behavioral Health in 2025
Arkansas Mom Releases Powerful Children’s Book on Autism and Mealtime Struggles
“What are we really doing here?”: The Push to Standardize Quality in Autism Therapy
Behavioral Health Deal Volume Up 53% in Early 2025: What This Means for ABA Practices
The Growing Gap in Autism and IDD Care: Why the Industry Must Scale Ethically and Strategically
Should a BCBA Always Own the Clinic? Maybe Not.
Staff, Tariffs, and RFK Jr.: What ABA Companies Need to Know Right Now - Live today at 8 AM Eastern!
ABA Staff Turnover Is Still Out of Control — Here’s What the Data Says
How the New Tariffs Could Impact ABA Businesses (And What You Can Do About It)
RFK Jr.’s Autism Registry Proposal: Understanding the Implications for ABA Companies
How Margin Keepers Can Help You Master Payroll & Financial Planning
Quality over Quantity- Is more supervision always better?
Denials, Audits & Billing Headaches: ABA News Roundup – April 14, 2025
Nebraska Issues New ABA Medicaid Service Definitions Amid Federal Audit Scrutiny
Concerns Grow Over Insurance Misuse of Medically Unlikely Edits (MUEs) in ABA Therapy Denials
Federal Audit Finds $56 Million in Improper Medicaid Payments for ABA Therapy in Indiana
UnitedHealthcare’s Strategy to Limit ABA Therapy Raises Alarm in the Autism Community
It’s Time to Get Real: ABA Business Owner Burnout
From Policy Shifts to Legal Hits: ABA News Roundup – April 7, 2025 - Live event today at 11AM Eastern!
Texas Recognizes QABA® for Behavior Analyst Licensure
Maryland Clinic Settles HIPAA Violations After Ransomware Attack
New York’s Proposed Medicaid Cuts Raise Concerns for Autism Services
Massachusetts Expands ABA Therapy Coverage to Children with Down Syndrome
Indiana’s Updated Medicaid Policy for ABA Therapy: What You Need to Know
Expanding to a Clinic? Do this first!
From Big Deals to Big Trouble: ABA Business News - March 31, 2025
The truth behind the client and staff cancellations
Top ABA Headlines
Local Owner Highlight- When to scale your ABA Business
Understanding the journey- Improving caregiver relationships with Melanie Thurston
How Effective Bookkeeping Ensures Payroll Stability and Helps You Retain ABA Staff
The Importance of Bookkeeping Services for ABA Business Owners
Mastering Marketing – Local Outreach Done Right
How to Scale Your ABA Business
You Just Closed Your ABA Company... Now What?
Building the Future of Small ABA Businesses – Join Us in This Mission
Red Flags in ABA Service Providers
Coaching Session- Discussing Onboarding with a New Owner
Would You Rather: Hiring in ABA
Grow your own BCBAs vs. hiring- What you need to know
Aligning Leadership with Values: Behavioral Intelligence in ABA with Dr. Paul Gavoni
ABA Accreditation: Compliance or Commitment to Quality?
AI meets clinical decision making- Using AI to improve patient outcomes- with Amanda Ralston
Comprehensive Updates to ABA Practice Handbooks: Enhanced Policies, Compliance, and ACQ Standards Integration
Leadership in ABA: Building Values, Managing Relationships, and Driving Progress with Martin Myers
Leadership, transparency, and collaboration in ABA organizations, with Jennifer Heidt
Building Better Care; Public Policy and Staff Empowerment
Free RBT Training for Your ABA Team This Holiday Season!
Innovating ABA Practice with AI Solutions
How can we help? Using ACT with Meg Solomon.
Building Resilience in ABA Practices: Lessons in Staffing, Billing, and Growth
Flash Sale: 6 Months Free Access to Our ABA Business Leaders Training Platform for 25 Companies!
I Hate My Job: Exploring Real Solutions
I Hate My Job: Reaction to Posts
I Hate My Job: Real Stories of Ethical Dilemmas in ABA
Introducing the New ABA Business Leaders Training Platform
I Hate My Job: Voicing the Frustrations of ABA Professionals
Introducing Our New Self-Paced Courses: Revenue Cycle Management & Effective Hiring with Indeed
CPABA Conference: A Path Forward for the Field - Get a 10% Discount!
Empower & Thrive: Registration Extended Until October 7 - 50% off!
Exciting New Coaching Opportunity for 3 Pie Squared ABA Business Leaders!
Free Download! Discover Essential Tax Compliance Tips with MarginKeepers
Why Stephen is Excited About the CPABA Conference 2024 - Discount just for you! -
3 Pie Squared Partners with Happy Medium RBT to Offer a Revolutionary 40-Hour RBT Training
Maximizing Recruitment with Indeed: How to Find the Right Candidates Without Breaking the Bank
Empathetic Leadership in ABA: Supporting Our Techs
Five Weeks of Wisdom: Bite-Sized Insights from 3 Pie Squared
Introducing the ABA Business Leaders Training Platform
Free Download! Boost Your Established ABA Practice with MarginKeepers' Essential Accounting Tips
Inside the World of ABA Audits and Legal Guidance with Kim Mack Rosenberg, Esq.
Ethical Practices for ABA Testimonials and Reviews with Dr. Jon Bailey
Navigating Growth and Challenges in ABA Business with Alecia Barrett
For a limited time, buy any of our handbooks and get our Business Leaders Membership for 75% off!
Collaboration in ABA: Strengthening Connections Among ABA Business Owners
"I Hate My Job" Series Kickoff: Discussing Burnout and Unethical Practices in the ABA Field
Top Five Essentials for Your Company Policies
Discount Ends Tomorrow – Last Chance to Get 20% Off Our Comprehensive ABA Billing Training Series!
Mastering Digital Marketing for ABA Practices with Reece from Reputation Elevation
Navigating ABA Business Growth: Consultation with Alecia Barrett
Unlock Your Billing Potential: Our New ABA Billing Course and Free ABA Billing Tips!
Navigating Company Policies: A Blueprint for ABA Practices
Free Chart of Accounts: Optimize Your Bookkeeping with MarginKeepers
Safeguarding Integrity: Proactive Strategies to Mitigate Billing Fraud in ABA Therapy
Steering Clear of Fraud: Mastering Insurance Billing in ABA Practice
From Overwhelm to Strategy: The Journey of an ABA Business Leader
Beyond the Startup: Common Mistakes by Seasoned ABA Business Owners
Essential Elements of an Employee Handbook for ABA Practices
Don’t Do That!: Avoiding Common Missteps in Your ABA Practice
Pre-Hire Power: The Critical Importance of an Employee Handbook for ABA Practices
Integrating Art into ABA Therapy: A Conversation with Natasha Bouchillon
Why a Client Handbook is Crucial Before Starting ABA Services
🥧 Grab a Slice of Success: Pi Day Flash Sale! 🎉
Why Should I Get a Client Handbook Before I Start Seeing Clients?
Financial Insights for ABA Practices: Free Chart of Accounts from MarginKeepers!
Navigating Authentic Copywriting in ABA Services: Insights and Innovations
Big Changes to the Podcast!
Get Free Expert Consulting for Your ABA Business on Our Podcast – Apply Now!
Navigating the Credentialing Conundrum: Insights from ABA Leaders
Navigating ADA Compliance: Essential Insights for ABA Business Owners
Nurturing Success: The Interplay Between Company and Team Dynamics
🌟 Dive Into the World of Sleep with Dr. Emily Ice: A Podcast Episode Not to Miss 🌜
A little late but our update is here!
Maximizing Your ABA Practice’s Potential: The Power of Bookkeeping with MarginKeepers
33% Off ABA Business Leaders for the Next 25 People!
Client Hours Discussion with April, Mallory Stinger, and Jennifer Helton
Improving Quality Through Accreditation: A Discussion with Erick Dubuque, Director of ACQ
Optimize Your ABA Practice with the Case Load Utilization Tool - 50% until Friday!
Black Friday Special - Rate Negotiations 2.0 - Elevating Your Practice with Provider Rate Resources
Navigating Medical Necessity with Dan and Mike from ABA on Tap
Upcoming Podcast with Erick Dubuque, Director of ACQ & Exciting News on How We Can Help Companies Navigate This New Standard! 🌟🎙️
Partnering with MarginKeepers, Co.: A Game Changer for Your ABA Practice
Celebrate Canadian Thanksgiving with a Bang: 50% Off ABA Business Leaders Membership and Earn 33.5 CEUs!
Empowering Change: Insights from New BCBA Business Owners
Founding a Nonprofit Practice with Susan Habchy
ABA Business Amazon List
De-Stress & Avoid ABA Burnout with a Relaxing Post-Work Routine
Three Common Struggles of a New ABA Practice
Benefits of Outsourcing with 3 Pie Squared
Why 3 Pie Squared
The Essential List for a Successful Business
2019 Satisfaction Survey results
The Cost of RBT Turnover
What You Need to Know About HIPAA
Podcast with Dr. Becca Tagg
Run Your Therapy Business Like a Well-Oiled Machine!
How to Grow Your Practice
and the consequences of a mistake are much steeper.
The Big Picture: Why HIPAA Is Changing Now
Healthcare has changed more in the last five years than in the previous 25. The rise of telehealth, cloud storage, and AI-driven practice management tools means that sensitive client data is everywhere—often managed by multiple vendors, sometimes across state or even international borders.
Regulators have taken notice. According to the Reuters article, 2025 will mark a turning point as the Office for Civil Rights (OCR) and state attorneys general begin enforcing new, more aggressive standards for risk assessments, breach response, and vendor management. Large-scale data breaches, ransomware, and class-action lawsuits are now weekly news—not rare events.
For ABA providers, this isn’t a theoretical risk. It’s here. And if you’re not ready, you’re exposed.
What’s Actually Changing? Key 2025 HIPAA Developments
1. More Stringent Risk Assessments
The days of “set it and forget it” privacy policies are over. OCR expects every healthcare business—including ABA companies—to regularly perform and document comprehensive risk assessments. This means reviewing not only your own systems, but every app, software, and partner that touches PHI (Protected Health Information).
2. Vendor Management and BAAs Under Scrutiny
It’s not enough to trust your EMR or billing vendor to “handle security.” Regulators now require you to maintain current, signed Business Associate Agreements (BAAs) with every third-party vendor who might access client data—including Google Workspace, Microsoft 365, and any telehealth, scheduling, or billing platforms. If your BAA is out of date, unsigned, or doesn’t match new standards, you’re at risk.
3. More Aggressive Breach Notification Standards
New guidance tightens the timeline for breach notifications, adds new reporting requirements, and requires proof that your team has been trained on how to respond. In a world where ransomware can lock up a clinic’s entire database overnight, these changes matter.
4. State-Level Litigation Is Up
HIPAA is no longer just about federal fines. State attorneys general are pursuing enforcement, and class-action lawsuits are now common after high-profile breaches. Many recent cases (see the WellNow settlement) show that not only large companies, but smaller providers, are increasingly at risk of costly litigation—even if the breach was unintentional.
5. AI, Automation, and New Privacy Threats
With more ABA practices using AI-driven platforms for billing, documentation, and scheduling, there are new questions about who controls client data, how algorithms are trained, and what happens when automated tools go wrong. The 2025 HIPAA changes don’t just target old-school file cabinets—they’re looking at the future of digital health.
2024–2025: The New Era of HIPAA Enforcement
With a 264% increase in ransomware attacks in 2024 , the Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has ramped up enforcement. Last year alone, the OCR settled five ransomware investigations and rolled out the new Risk Analysis Initiative —shifting focus toward entities that fail to conduct the required periodic security risk analysis (SRA).
Patient right to access also remains a top priority. From March to November 2024, the OCR settled five “right to access” cases, and another enforcement was announced on March 7, 2025. The OCR is emphasizing the importance of providing timely record access to patients and their personal representatives—delays or denials can result in fast, costly penalties.
What This Means for ABA: Risks, Costs, and the Real Impact
For Business Owners
HIPAA violations aren’t just about federal fines. They threaten your ability to stay in network with insurance plans, your professional reputation, and your business’s financial health. Many insurance contracts now require proof of updated HIPAA compliance, staff training, and incident response plans. Payer audits are becoming more frequent and more detailed.
For Staff and Clients
Breach fatigue is real. If your team doesn’t know how to recognize a phishing attempt, report a lost laptop, or handle a BAA request, they can put the whole practice at risk. Clients are more privacy-conscious than ever, and a single mistake can destroy trust that took years to build.
For Growth and Scaling
ABA business owners looking to expand—or even sell—need to show buyers and partners that privacy and compliance aren’t afterthoughts. Modern investors and acquirers often demand proof of airtight HIPAA policies, current risk assessments, and staff training records as part of due diligence. Poor compliance isn’t just a regulatory risk—it’s a dealbreaker.
The Simple Stuff Matters Most
One of the most common HIPAA violations isn’t sophisticated hacking—it’s a basic mistake: clicking a phishing email, failing to encrypt a laptop, or forgetting to update a BAA when onboarding a new vendor. As the WellNow Urgent Care case showed, even a routine malware attack can snowball into a class-action lawsuit, steep settlements, and massive reputational harm if the basics aren’t covered.
It’s not about having the fanciest technology. It’s about clear, consistent, documented systems—and making sure your team understands their role in compliance every single day.
What Should ABA Practice Owners Do Right Now?
- Audit Your Current Policies and Vendor Agreements Don’t wait for a crisis. Review every system that touches PHI. Make sure you have current, signed BAAs for every platform and partner. If you’re using Google Workspace or Microsoft 365, confirm those vendors meet HIPAA standards and that your agreements are up to date.
- Upgrade Your HIPAA Policy Manual If you haven’t updated your HIPAA manual since before COVID-19, it’s out of date. Look for a policy resource that includes a risk assessment, BAA templates, and state privacy law coverage.
- Train Every Employee—And Document It Staff need to know how to spot phishing, use encrypted communications, and respond to breaches. Training isn’t just a checkbox; it’s your first line of defense. Keep a log of completed training for all team members.
- Run a Realistic Breach Drill Simulate a data breach or lost device and see how your team responds. Are they confused? Can they follow your policy? The first time you run this should not be during a real crisis.
- Partner with a HIPAA Expert ABA companies don’t have to figure this out alone. There are now consultants who specialize in behavioral health, vendor management, and privacy law for ABA. Getting outside help is often the most cost-effective way to avoid major risks and put best-practice systems in place.
Why This Matters for ABA Growth, Ethics, and Sustainability
The field of ABA is changing fast. More states are licensing providers, insurers are getting stricter, and the demand for data-driven care is higher than ever. HIPAA compliance isn’t just about avoiding fines—it’s about building a resilient, ethical, and scalable ABA company.
ABA startups who get this right will find it easier to contract with payers, grow across state lines, and even position themselves for acquisition. Practices who don’t adapt will find the compliance gap is only getting wider.
Where to Start: Resources for ABA Practice Owners
- HIPAA Journal’s report on new compliance trends
- Reuters legal analysis on HIPAA’s 2025 updates
- 3 Pie Squared’s HIPAA Policy Manual (with BAA templates, risk assessment, and staff training)
- Book a HIPAA consult (10% off for 3 Pie Squared clients)
- ABA Startup Checklist
- ABA Business Readiness Assessment
