About Therapy HIPAA Hub
What This Site Is
Therapy HIPAA Hub is a HIPAA compliance resource built specifically for private practice therapists, counselors, and mental health practitioners. HIPAA regulations span hundreds of pages of federal law written for hospital compliance teams — not for solo therapists working out of a single office. This site translates those requirements into plain-language guidance for the people who actually need it.
Every guide, checklist, and compliance page on this site is written with one question in mind: what does a practicing therapist actually need to know and do to stay compliant? We focus on the violations that OCR actually investigates, the tools that therapists actually use, and the state-specific laws that affect real practices.
The site covers federal HIPAA requirements alongside state mental health privacy laws — including Texas Chapter 611, California CMIA, Florida Chapter 491, New York SHIELD Act, Illinois MHDDCA, Washington's My Health MY Data Act, and Colorado HB22-1124 — because federal compliance alone is not sufficient in many states.
Editorial Standards
All content on Therapy HIPAA Hub is reviewed against current HHS Office for Civil Rights guidance, published enforcement actions, and state-level regulatory requirements. We update content when regulations change — including HIPAA Privacy Rule amendments, state law updates, and OCR enforcement priorities.
Primary sources
HHS.gov, OCR enforcement database, state licensing board publications, published resolution agreements
Content review
All compliance information is cross-referenced against current OCR guidance before publication
Last major review
May 2026 — reflects current HIPAA Privacy Rule requirements including the February 2026 NPP deadline
Update policy
We review all compliance-related content when OCR publishes new guidance or a state law goes into effect
What We Cover
Affiliate Disclosure
Some links on this site are affiliate links. This means that if you click a link and make a purchase, Therapy HIPAA Hub may receive a commission at no additional cost to you. This applies to links to SimplePractice and Hushmail for Healthcare, both of which we recommend as HIPAA-compliant solutions for therapists.
Affiliate relationships do not influence our editorial recommendations. We recommend SimplePractice because it is genuinely the most widely used HIPAA-compliant EHR among private practice therapists — not because of the affiliate relationship. Where a competitor is the better choice for a specific scenario (such as TherapyNotes for Wiley Treatment Planners, or Sessions Health for therapists on a tight budget), we say so explicitly.
We do not accept sponsored content, paid placements, or payments to alter compliance recommendations. The HIPAA information on this site is accurate regardless of whether any product links are present.
Important Disclaimer
The content on Therapy HIPAA Hub is provided for educational and informational purposes only. It does not constitute legal advice, and no attorney-client relationship is created by use of this site. HIPAA compliance requirements vary based on your specific practice, state, and circumstances.
For specific compliance questions, contract review, breach response, or OCR investigation assistance, consult a healthcare attorney licensed in your state. For state-specific mental health privacy law guidance, consult an attorney familiar with your state's licensing board requirements.
The guides on this site reflect our best understanding of current HIPAA requirements as of May 2026. Regulations change — always verify critical compliance decisions against current HHS guidance at hhs.gov/hipaa.
Useful External Resources
Primary source for all HIPAA regulations and OCR enforcement actions
Free tool from HHS for completing your Security Risk Assessment
Free training videos and materials from the Office for Civil Rights