Brightwheel says it themselves: they do not certify HIPAA compliance. If your ABA practice uses Brightwheel for parent communication, you have a problem.
Get started for freeSchedule a demo →No. Brightwheel explicitly states that it "does not certify HIPAA compliance for its platform." Brightwheel is designed for childcare centers and preschools, with compliance focused on FERPA and state licensing requirements. It does not offer a BAA. ABA therapy practices that use Brightwheel for parent communication about treatment are operating outside HIPAA.
Brightwheel's own security FAQ states: "Although brightwheel meets many of the requirements of HIPAA, brightwheel does not certify HIPAA compliance for its platform." This is an explicit acknowledgment that the platform should not be used for HIPAA-regulated communication.
Source: Brightwheel Security FAQBrightwheel's security documentation does not mention Business Associate Agreements. Without a BAA, Brightwheel cannot legally act as a business associate for healthcare providers, and any PHI transmitted through the platform is unprotected under HIPAA.
Source: Brightwheel Security FAQBrightwheel states that "the U.S. Department of Health & Human Services (HHS) has stated that HIPAA regulations do not apply to the type of information stored and collected in brightwheel." This is true for daycare enrollment forms and attendance records. It is not true for ABA therapy communication about diagnoses, treatment plans, behavior data, and clinical observations, which are protected health information.
Source: Brightwheel Security FAQBrightwheel is a childcare management platform for preschools and daycares with features like attendance tracking, daily reports, billing, and parent check-in. It complies with FERPA and state childcare licensing requirements. ABA therapy is not childcare. It is a prescribed medical treatment, and the communication standards are fundamentally different.
Source: Brightwheel SecurityBrightwheel's security FAQ states: "Although brightwheel meets many of the requirements of HIPAA, brightwheel does not certify HIPAA compliance for its platform. The U.S. Department of Health & Human Services (HHS) has stated that HIPAA regulations do not apply to the type of information stored and collected in brightwheel or similar software."Source: Brightwheel Security FAQ
Purpose-built HIPAA messaging for healthcare practices including ABA. Signed BAA on every plan, read receipts that document parent notifications, and cross-organization messaging at no extra cost.
HIPAA-compliant communication platform for medical practices with secure messaging, phone, fax, and telehealth.
Enterprise clinical communication platform for hospitals and health systems with role-based messaging and EHR integrations.
No. Brightwheel explicitly states that it does not certify HIPAA compliance. It is designed for childcare centers and preschools, not healthcare providers. Using Brightwheel for communication about ABA therapy, diagnoses, or treatment plans violates HIPAA.
Brightwheel cites HHS guidance that HIPAA does not apply to the type of information childcare centers typically store, such as enrollment forms and attendance. This is correct for daycares. But ABA therapy is healthcare, and communication about treatment, behavior data, and clinical observations is protected health information that HIPAA does cover.
Yes. The physical setting does not determine which regulations apply. ABA therapy is a medical treatment prescribed by physicians and covered by health insurance. Regardless of whether your clinic looks like a school or daycare, communication about treatment is governed by HIPAA, not FERPA or state childcare regulations.
ABA practices need HIPAA-compliant messaging with a signed BAA, audit trails for documenting parent notifications, and admin controls for managing staff access. BloomText provides all of these on every plan including the free plan. Parents reply via SMS with no app required.
Last verified June 25, 2026.
