Skip to content
ABA Ops Compass

Part II · Appendix 16.1

AI Usage Policy

Rules governing the use of AI tools in clinical and administrative work.

More actions

AI Prohibited Usage Policy

Scope

This policy applies to all employees, contractors, and providers who utilize AI tools, including but not limited to commercial platforms (e.g., ChatGPT, Google Translate, Grammarly), for work-related activities.

Prohibited Uses of AI

It is strictly prohibited to enter any of the following into AI platforms that do not guarantee de-identification, encryption, or secure data processing compliant with HIPAA:

  • Client full name, initials, birth date, insurance ID (Medicaid, commercial, or other), or any personal identifiers.
  • Descriptions that could indirectly identify the client (e.g., unique diagnoses with locations).
  • Names of caregivers, teachers, or family members.
  • Provider names, NPI numbers, or professional credentials.
  • Any reference to the Company, including logo, branding, or internal data.
  • AI tools used with any client-related information must be HIPAA-compliant, and a Business Associate Agreement (BAA) must be in place with the vendor.

Procedures

Verification of De-identification

Prior to utilizing any AI tool, the user must ensure all input has been properly de-identified. De-identification includes removing all Protected Health Information (PHI) and replacing references with generic terms (e.g., "the client," "therapist," "agency").

Use for Translation

AI-powered translation is permissible only when translating provider-authored documents that are already de-identified. The user remains responsible for ensuring the accuracy and clinical appropriateness of the translated content.

Treatment Enhancement Tools

Clinicians may use AI to assist in developing generalized intervention templates or suggesting behavior reduction strategies, provided no identifiable client data is shared. AI output may contain inaccuracies or fabricated content; all AI-generated recommendations must be independently reviewed and authorized by a BCBA® or BCaBA® under supervision.

Staff Responsibilities

  • All providers must review this policy annually.
  • Any provider using AI tools assumes individual responsibility for adherence to this policy and all applicable privacy and ethical standards.
  • When AI has contributed to a client-facing work product, the client or guardian must be informed and may decline its use.
  • Any suspected disclosure of identifying information, or any AI output found to be inaccurate or misleading, must be reported immediately to the Compliance Officer.

Training & Monitoring

Annual training will be provided to all staff on ethical and compliant use of AI tools. Random audits of documentation workflows will be conducted to monitor policy compliance.

Enforcement and Consequences

Failure to comply with this policy may result in disciplinary action, including but not limited to:

  • Revocation of documentation privileges
  • Mandatory retraining
  • Report to the BACB® for ethics violations
  • Termination of employment or contract