Therapy HIPAA Hub
CRITICAL URGENCY — Texas

HIPAA Compliance for Solo Therapists in Austin, Texas — 2026 Guide

Solo therapists are fully liable for their own HIPAA compliance with no institutional backup. This guide covers what solo therapists in Austin must do before the February 16, 2026 HIPAA deadline — including state-specific legal requirements, the most common violations that trigger OCR audits in Texas, step-by-step fixes for each violation, and a full compliance checklist tailored to your practice type.

Austin's solo therapy market has grown over 40% since 2020, creating a large population of new solo practitioners who set up practices quickly — often without formal compliance infrastructure. The city's tech-fluent client base is more aware of HIPAA rights than the national average, and OCR complaints from Austin clients have risen proportionally with practice growth.

$41,000

Average HIPAA fine in Texas

Texas has one of the highest HIPAA enforcement rates in the US.

Source: HHS Office for Civil Rights enforcement data, 2025

Texas Law Requirements for Solo Therapists

Austin solo therapists operate under the same Texas Health & Safety Code Chapter 611 framework as all Texas practitioners, with one critical additional context: Austin's technology-industry client base is statistically more likely to know their HIPAA rights and file complaints when data is mishandled. Texas law requires mental health records to be retained for 7 years after the last treatment date. Both the Texas State Board of Examiners of Professional Counselors and OCR Region 6 can take disciplinary action simultaneously — a violation OCR discovers can be shared with the state board, potentially triggering dual-enforcement. For Austin therapists who store client notes in Google Drive without a BAA, each file containing a client name or diagnosis represents a separate HIPAA violation with fines starting at $100 per violation per day.

The Texas State Board of Examiners of Professional Counselors coordinates with OCR Region 6 and accepts HIPAA-related complaints from Austin clients separately from federal enforcement.

Top HIPAA Violations for Solo Therapists in Austin — and How to Fix Them

These are the violations OCR most frequently cites for solo therapists in Texas. Each one is fixable — most in under an hour. The cost of not fixing them is significantly higher than the cost of the solution.

1

No signed BAA with cloud storage provider

HOW TO FIX IT

Migrate all client files to a HIPAA-BAA-covered storage system. Google Workspace Business and Box for Healthcare both offer BAAs and familiar interfaces. Or consolidate everything into SimplePractice's built-in record storage, which is covered under their BAA.

2

Texting clients without encryption

HOW TO FIX IT

Use SimplePractice's built-in HIPAA-compliant client portal for all messaging, or subscribe to Spruce Health ($24/month) for HIPAA-compliant SMS from your own number.

3

Missing Notice of Privacy Practices

HOW TO FIX IT

Download the HHS model Notice of Privacy Practices from HHS.gov, customize it with your practice name and contact information, print it for the office, and add a PDF link to your website.

The #1 Tech Compliance Gap for Solo Therapists in Austin

Storing client notes in Google Drive without BAA

SimplePractice solves this with a signed BAA, encrypted messaging, and HIPAA-compliant telehealth — all in one platform used by 225,000+ therapists.

☀️ Summer 2026 Offer

Trusted by 225,000+ Therapists — Recommended for Solo Therapist in Austin

50% Off Your First 4 Months of SimplePractice

SimplePractice is the #1 HIPAA-compliant practice management platform for therapists. Includes a signed BAA, encrypted messaging, telehealth, and full insurance billing.

✓ 7-day free trial✓ 50% off first 4 months✓ Free credentialing available (up to 2 payers)✓ BAA included
Claim 50% Off SimplePractice →

Limited-time summer offer · No credit card required for trial

Need HIPAA-compliant email only? See Hushmail for Healthcare →

Solo Therapist HIPAA Compliance Checklist — Austin

Work through this checklist to confirm your practice meets the baseline HIPAA requirements for solo therapists in Texas. Every item marked incomplete is a potential OCR audit finding.

Audit every cloud storage location used for client files: Google Drive, Dropbox, iCloud — each requires a signed BAA or must be discontinued for client data

Switch all client text communication to a HIPAA-compliant platform: Spruce Health, SimplePractice's client portal, or TigerConnect

Create and post a Notice of Privacy Practices (NPP) — a signed copy must be in every client file and on your website by February 16, 2026

Sign BAAs with every platform: EHR, email, telehealth, cloud storage, and scheduling software

Complete a written Security Risk Assessment and retain documentation for 6 years

Set up automatic session logging in your EHR to record who accessed records and when

Create a written incident response plan covering what to do if a device is lost or stolen

Verify your professional liability insurance covers HIPAA-related claims — many policies exclude them

This checklist covers the most common compliance gaps for solo therapists in Austin. It is not a substitute for a full HIPAA Security Risk Assessment or legal advice specific to your practice.

Frequently Asked Questions — Solo Therapists in Austin

Does a solo therapist in Austin need to comply with HIPAA?

Solo therapists are fully liable for their own HIPAA compliance with no institutional backup.

What is the average HIPAA fine for therapy practices in Texas?

The average HIPAA fine for therapy practices in Texas is $41,000. Texas has one of the highest HIPAA enforcement rates in the US.

What are the most common HIPAA violations for solo therapists?

No signed BAA with cloud storage provider. Texting clients without encryption. Missing Notice of Privacy Practices.

What is the February 2026 HIPAA deadline?

By February 16, 2026, all covered entities including therapy practices must update their Notice of Privacy Practices (NPP) to reflect the new HIPAA Privacy Rule requirements around patient rights and data access. Failure to update is an automatic violation.

What is SimplePractice and does it solve HIPAA compliance?

SimplePractice is a HIPAA-compliant practice management platform used by 225,000+ therapists. It includes a signed Business Associate Agreement (BAA), encrypted client messaging, HIPAA-compliant telehealth, and documentation tools. It does not replace a full Security Risk Assessment but covers most day-to-day compliance gaps.

Can I store client records in Dropbox or Google Drive?

Not without a signed HIPAA Business Associate Agreement. Standard Dropbox and personal Google Drive accounts will not sign BAAs. Dropbox Business Advanced and Google Workspace Business do offer BAAs — but you must request and sign them before using these services for client data. Without a BAA, every file containing a client name or diagnosis in cloud storage is a separate HIPAA violation.

How do I text clients in a HIPAA-compliant way?

Standard SMS is not encrypted and is not HIPAA-compliant for PHI. HIPAA-compliant options include: SimplePractice's client portal messaging, Spruce Health (dedicated HIPAA-compliant SMS platform), and TigerConnect. You can also obtain written client consent to use regular SMS for appointment reminders only — but this consent must be documented and does not cover clinical content.