Therapy HIPAA Hub
HIGH URGENCY — Arizona

HIPAA Compliance for Marriage & Family Therapists in Phoenix, Arizona — 2026 Guide

MFTs face unique HIPAA challenges — each individual in couples therapy has separate PHI rights. This guide covers what marriage & family therapists in Phoenix must do before the February 16, 2026 HIPAA deadline — including state-specific legal requirements, the most common violations that trigger OCR audits in Arizona, step-by-step fixes for each violation, and a full compliance checklist tailored to your practice type.

MFTs in Phoenix face a uniquely complex confidentiality structure. In couples therapy, each partner is an individual HIPAA-covered patient with separate PHI rights — meaning one partner cannot authorize disclosure of the other partner's information. Arizona's MFT board has cited improper couples record management as the #1 HIPAA-adjacent violation in its audit reports.

$36,000

Average HIPAA fine in Arizona

Arizona Board of Behavioral Health actively monitors MFT compliance.

Source: HHS Office for Civil Rights enforcement data, 2025

Arizona Law Requirements for Marriage & Family Therapists

Phoenix Marriage and Family Therapists operate under HIPAA, the Arizona MFT licensing statute (A.R.S. §32-3283), and Arizona's Mental Health Provider Confidentiality law. Arizona's MFT licensing board (Arizona Board of Behavioral Health Examiners) actively monitors compliance and has increased audit activity since 2023. A.R.S. §32-3283 requires MFTs to maintain a clear confidentiality policy that addresses couples and family therapy specifically — including how notes about individual members of a couple or family are stored, accessed, and disclosed. Most standard EHR systems create a single 'couple' record, but HIPAA requires that each individual have separate PHI rights, potentially requiring dual records management.

The Arizona Board of Behavioral Health Examiners conducts audits of Phoenix MFT practices and has specifically cited couples record management as the most common compliance gap in its publicly available audit summaries.

Top HIPAA Violations for Marriage & Family Therapists in Phoenix — and How to Fix Them

These are the violations OCR most frequently cites for marriage & family therapists in Arizona. Each one is fixable — most in under an hour. The cost of not fixing them is significantly higher than the cost of the solution.

1

Couples session notes stored without differentiation

HOW TO FIX IT

In SimplePractice, create individual client profiles for each partner in a couples case. Use the 'couple' case type to link them administratively but maintain separate documentation for each individual. This ensures each person's PHI rights are separate.

2

No consent for disclosure between partners

HOW TO FIX IT

Create a conjoint treatment agreement (CTA) — a document all family and couples therapy participants sign at intake that defines what information is shared in session versus kept individual, and how records requests will be handled. An attorney familiar with Arizona MFT law can help draft this.

3

Missing BAA with scheduling platform

HOW TO FIX IT

Contact your scheduling platform and request their HIPAA BAA. If they won't provide one, switch to SimplePractice's built-in scheduling, which is covered under their master BAA.

The #1 Tech Compliance Gap for Marriage & Family Therapists in Phoenix

EHR systems not designed for couples/family therapy confidentiality

SimplePractice solves this with a signed BAA, encrypted messaging, and HIPAA-compliant telehealth — all in one platform used by 225,000+ therapists.

☀️ Summer 2026 Offer

Trusted by 225,000+ Therapists — Recommended for Marriage & Family Therapist in Phoenix

50% Off Your First 4 Months of SimplePractice

SimplePractice is the #1 HIPAA-compliant practice management platform for therapists. Includes a signed BAA, encrypted messaging, telehealth, and full insurance billing.

✓ 7-day free trial✓ 50% off first 4 months✓ Free credentialing available (up to 2 payers)✓ BAA included
Claim 50% Off SimplePractice →

Limited-time summer offer · No credit card required for trial

Need HIPAA-compliant email only? See Hushmail for Healthcare →

Marriage & Family Therapist HIPAA Compliance Checklist — Phoenix

Work through this checklist to confirm your practice meets the baseline HIPAA requirements for marriage & family therapists in Arizona. Every item marked incomplete is a potential OCR audit finding.

Create a separate record structure for each individual within couples or family therapy — never store one partner's PHI in a file accessible to the other

Develop a written policy for couples confidentiality: specify what happens if partners separate, request records, or request disclosure

Obtain separate individual authorization from each partner before disclosing any session content to a third party

Configure your EHR to prevent joint record access — in SimplePractice, create separate client profiles for each individual even within a couples case

Sign BAAs with your scheduling platform — scheduling tools link appointment data to specific clients and contain PHI

Create a conjoint treatment agreement that all family members sign, specifying the confidentiality rules for multi-person therapy

Establish a written policy for subpoenas of couples therapy notes — Arizona courts handle these differently from individual therapy records

Post and update your Notice of Privacy Practices specifically addressing couples and family therapy confidentiality

This checklist covers the most common compliance gaps for marriage & family therapists in Phoenix. It is not a substitute for a full HIPAA Security Risk Assessment or legal advice specific to your practice.

Frequently Asked Questions — Marriage & Family Therapists in Phoenix

Does a marriage & family therapist in Phoenix need to comply with HIPAA?

MFTs face unique HIPAA challenges — each individual in couples therapy has separate PHI rights.

What is the average HIPAA fine for therapy practices in Arizona?

The average HIPAA fine for therapy practices in Arizona is $36,000. Arizona Board of Behavioral Health actively monitors MFT compliance.

What are the most common HIPAA violations for marriage & family therapists?

Couples session notes stored without differentiation. No consent for disclosure between partners. Missing BAA with scheduling platform.

What is the February 2026 HIPAA deadline?

By February 16, 2026, all covered entities including therapy practices must update their Notice of Privacy Practices (NPP) to reflect the new HIPAA Privacy Rule requirements around patient rights and data access. Failure to update is an automatic violation.

What is SimplePractice and does it solve HIPAA compliance?

SimplePractice is a HIPAA-compliant practice management platform used by 225,000+ therapists. It includes a signed Business Associate Agreement (BAA), encrypted client messaging, HIPAA-compliant telehealth, and documentation tools. It does not replace a full Security Risk Assessment but covers most day-to-day compliance gaps.

Does each spouse in couples therapy have separate HIPAA rights?

Yes. Each individual in couples therapy is a separate patient under HIPAA with independent rights to access their own records, request restrictions, and authorize disclosures. This means one partner cannot authorize disclosure of the other's information, and if they request records after separation, each is entitled to only their own individual records. MFTs should create individual record files within a couples case and store all session notes in a way that can be separated if needed.

What should a conjoint treatment agreement include for Phoenix MFT clients?

A conjoint treatment agreement for Arizona MFT practices should include: a description of the confidentiality structure, how records will be handled if the couple separates or terminates therapy, the policy on individual sessions within the couples framework, how subpoenas and court-ordered disclosures will be handled, and how each partner can request their own records independently. Have each participant sign the CTA at intake and store signed copies in each individual's file.