HIPAA-compliant telehealth for private practice

HIPAA compliant telehealth in therapy practice involves understanding and applying HIPAA rules and selecting the right HIPAA compliant telehealth platform.

Choosing the best HIPAA-compliant telehealth platform is one of the first considerations for clinicians seeking to expand services beyond in-office therapy. And with research showing telehealth use higher than pre-COVID levels, it’s apparent that telehealth is becoming more mainstream. A more recent study indicates that 53% of providers said adding telehealth drove up patient visits.

This shift is attributed to a trifecta of favorable conditions, such as consumer adoption, regulatory changes, and providers’ willingness to adopt telehealth. While providers may be willing to adopt new HIPAA-compliant telehealth platforms, choosing the best platform for your private practice requires an understanding of HIPAA, security, privacy, and technology, and a knowledge of best telehealth session practices. Sound intimidating? Don’t worry. We have you covered.

HIPAA compliant telehealth: Privacy vs security

First up. HIPAA. In 1996, Congress passed a law, known as the Health Insurance Portability and Accountability Act (HIPAA), to protect an individual’s medical information from being disclosed without knowledge or consent. In other words, health business entities have an obligation to keep client or patient information private. But what does privacy mean?

Privacy refers to an individual’s right to control his or her personal information and how personal information is used. Think about privacy as using data responsibly. Clients should be informed of what data will be collected, why it’s being collected, and with whom. Individuals must consent to this process.

The American Medical Association (AMA) categorizes types of patient privacy into physical privacy, informational privacy, decisional privacy, and associational privacy. Protected Health Information (PHI) breaks down these categories into concrete individual identifying information, such as names, locations, or email addresses, and also includes past, present, or future data related to conditions, care, or payment.

Additionally, PHI includes oral or recorded information, in any medium that is created or received by a healthcare provider, health plan, or healthcare clearinghouse, and business associates. In addition to providers, covered entities, and business associates, such as health plans and clearinghouses are also required to adhere to HIPAA regulations.

Security

If privacy refers to how personal information is controlled and used, security refers to how personal information is protected, especially against malicious threats and unauthorized access. HIPAA’S Security Rule establishes administrative, physical, and technical safeguards to be adopted to protect electronic identifiable health information. For example, encryption of data at rest and in transit is found in HIPAA- compliant telehealth platforms.

Failing to protect client personal health information can be troublesome for providers, resulting in potential civil, criminal, and financial penalties ranging from $50 up to a max of $1.5 million annually and 10 years in prison for extreme cases, which makes choosing the best HIPAA-compliant telehealth platform critical.

When considering different HIPAA-compliant telehealth tools, providers need to be aware of a few key factors, including a company or vendor’s technology and location, the terms of their contracts, the security of additional features, and administrative factors.

A list of questions providers need to weigh when choosing a HIPAA-compliant telehealth platforms are:

Technology

What are the technical requirements? (e.g., minimum Internet Speed)
Do clinicians and clients need to download software on the computer vs. the cloud (web-based)?
Is the platform HIPAA compliant?
What security measures are taken? (e.g., firewall, encryption, back-ups, etc.)
What level of encryption does it have? (e.g., bank-level security)

Location

Where is the company based?
Where are the servers and databases located?
Are they in the U.S. or another country?
If you have clients outside the United States, can you connect with clients outside the U.S.A. on the platform?

Costs and contracts

What is the cost, and what protections does it include for HIPAA-compliant telehealth?
Is a contract required?
If so, what are the terms?

Features

Are other features, such as chat, the client portal, EMR, billing, and document management, secure?

Administration/Business

Does the company provide a Business Associate Agreement (BAA)?
Is there an additional BAA fee?

This last question is important regarding HIPAA-compliant telehealth. The purpose of a BAA is to ensure that any party providing services/activities on behalf of the covered entity (in this case, the provider) will adhere to high standards of PHI protection. If the business you’re using does not require signing a BAA, your practice could be at risk.

Once a HIPAA-compliant telehealth platform option is selected, providers can take numerous steps at the individual level to ensure that client information is kept confidential. Understanding privacy and security violations as related to HIPAA-compliant telehealth is one such example.

Sign up for TheraPlatform’s free telehealth training academy

HIPAA telehealth violations include:

Discussing a patient’s care with family and/or friends
Leaving hard copies of patient records where unauthorized individuals may access them
Looking at your colleague's patient records out of curiosity
Allowing family members or friends in the same room during telehealth session with a client without client consent
Conducting telehealth sessions with a group of other patients without a client’s consent
Posting client care or PHI
Working with vendors or individuals who perform functions related to PHI for covered entities who did not provide a signed BAA
Sharing passwords
Hacking into software that holds/transmits PHI (i.e., phishing incident, network server hack, video platform, EMR hack)
Giving an unauthorized person access to PHI
Stolen or loss of an unencrypted device (i.e., laptop, desktop, tablet, or another portable electronic device)
To avoid these situations, privacy and security best practices can be implemented.

Start 30-day Free Trial and explore TheraPlatform. HIPAA Compliant Video and Practice Management Software for Therapists.

Free Trial

Privacy

Ensure that the clinician is the only person in the office/room during a video call unless you provide services that require another clinician to be present.
If the clinician shares an office with another clinician (who is not treating the client), use headphones, a white noise machine and/or privacy screens.
If you work from a home office, do not allow friends, family members, or roommates to be present in the room with you during video calls. If they are present at home, they should stay in a different room and follow the best privacy precautions listed above.
Ask the client if he/she is the only one in the room during a video call. If not, ask who and if the client is OK with this person being present. Document it.
Never discuss the client’s case, etc., with anyone without the client’s permission (this includes your client’s family, caregivers, etc.)

Documentation

When using an interpreter, make sure that the interpreter understands the importance of patient confidentiality and signs an agreement with you to keep your patient’s records confidential. Make sure that the client agrees and consents to an interpreter being present on the video call.

Group therapy: Members of a therapy group should not take photos or record tele-sessions. Clinicians should have a policy in place and educate members about privacy and security. During a group therapy session, unauthorized individuals should not be in the room. (Have them scan the room with a webcam if possible).

Security and technology

Do not use any browser extensions (you, your staff, and your clients). Most of the time, browser extensions can access everything you do online, and can download your passwords and your personal information. Moreover, you could be unintentionally downloading an extension that could turn out to be malware or virus.
Keep your machine clean. Any machine (e.g., desktop, laptop, mobile) should have the most up-to-date operating system, up-to-date antivirus, and firmware software available.
Use your own private Wi-Fi network that is secured, and password protected.
Do not use public Wi-Fi if exchanging any kind of sensitive information or PHI.
Passwords should never be shared.
Use software that offers encryption to secure PHI (including your EMR and HIPAA- compliant telehealth platform, and any other software that handles PHI.)
Daily data back-up (e.g., partner with EMR that provides back-ups, such as TheraPlatform.)

Consider installing a firewall in your office.

While there is no shortage of platforms providing video conferencing software, not all are appropriate for telehealth. Ensure your private practice software is HIPAA-compliant telehealth and save yourself time and headaches in the future. TheraPlatform is HIPAA-compliant video conferencing software that also offers an integrated EMR and practice management tool used by thousands of clinicians for therapy. TheraPlatform, an all-in-one EHR, practice management and teletherapy tool was built for therapists to help them save time on admin tasks.

In addition to TheraPlatform, the U.S. Department of Health and Human Services offers great resources and HIPAA training. One may also consider reaching out to a lawyer specializing in HIPAA to help your practice ensure HIPAA-compliant telehealth, and practice.

Choosing the best HIPAA-compliant teletherapy platform

Telehealth use has skyrocketed since the pandemic, with teletherapy emerging as a trusted, convenient, and secure alternative to in-person care for both children and adults. Therapists and clients report high satisfaction, and teletherapy now accounts for 13–17% of U.S. healthcare visits.

To protect privacy, providers must use HIPAA-compliant video platforms. The top platforms not only secure sessions with encryption but also support scheduling, billing, documentation, and client portals to streamline practice management.

The best teletherapy platforms go beyond video conferencing. By combining compliance, reliability, stable video, resources, games and practice management tools, they help therapists deliver care that’s safe, effective, and adaptable to modern client needs.

Marketing is also another aspect of owning a practice that can be conducted through a secure HIPAA-compliant platform as you can communicate with existing clients via chat, email and more.

Why therapists choose TheraPlatform as their teletherapy platform

Whether for solo practice or larger clinics, therapists choose TheraPlatform for its blend of usability, flexibility, and robust telehealth tools.

Watch this video to discover how TheraPlatform elevates Telehealth sessions

Start My Free Trial Now

Here are top reasons why therapists choose TheraPlatform for teletherapy:

Efficiency and convenience: Everything down to payments, scheduling, documentation, and insurance claims is managed in one integrated platform, saving time and reducing friction.
Security and compliance: TheraPlatform is fully HIPAA and PIPEDA compliant, with encrypted video sessions, secure data storage, and 24/7 monitoring for peace of mind.
Engagement tools: Built-in interactive features like whiteboards, games, media sharing, screen annotation, and therapy-specific “apps” enhance client engagement especially useful in pediatric and speech therapy.
Client-centered functionality: The secure client portal empowers clients to book sessions, complete forms, submit documents, and make payments, reducing admin work for the therapist.
Customization and flexibility: Therapists can create and customize templates for notes, treatment plans, and intake forms allowing them to tailor workflows to their practice style.
All-in-one practice management: Combines telehealth, EHR, billing, insurance, scheduling, and documentation, eliminating the need for multiple tools or software.
Therapy-specific design: Unlike generic telehealth platforms, TheraPlatform is purpose-built for mental health, speech therapy, OT, PT, and more with features tailored to each specialty.
Professional credibility: Recording features, branded portals, and compliance tools help therapists present a more professional, trustworthy experience to clients.
Positive user experience: Therapists appreciate having everything in one place and often report a smoother workflow, fewer tech issues, and faster onboarding.

What therapists are saying about TheraPlatform telehealth

Therapists praise TheraPlatform for its ease of use, seamless scheduling, and built-in billing tools like superbills. They value the platform’s features including intuitive charting, customizable notes, and interactive telehealth tools as well as the responsive support team, which listens to feedback and implements updates.

Many highlight that the platform offers the best of all worlds, combining excellent video conferencing with resource sharing and an engaging, client-centered teletherapy experience.

"There's seriously no better platform out there! Easy to use … syncs to your personal schedule, provides superbills …"- Coastlinespeechtherapy (Source)

“It is not just the platform, it is the team behind TheraPlatform, always willing to help and receptive to feedback to bring updates requests to live,” Orly, Smarty Therapy PC (Source)

"The video conferencing is excellent and the ability to share resources and the interactive screen make Telehealth a rich experience."- Kathy J. (Source)

"TheraPlatform has been the best of all worlds! … intuitive charting, in-system billing, customizable notes …"-Kendrah B. (Source)

Resources

TheraPlatform is an all-in-one EHR, practice management, and teletherapy software with AI-powered notes built for therapists to help them save time on admin tasks. It offers a 30-day risk-free trial with no credit card required and supports mental and behavioral health, SLPs, OTs, and PTs in group and solo practices.