HIPAA-Compliant Video Therapy Platforms — Best Options for Therapists in 2026
Video therapy sessions transmit Protected Health Information — the fact that a person is receiving mental health treatment, their name, and the content of the session. Any platform used for video therapy must be HIPAA-compliant with a signed Business Associate Agreement.
Updated May 2026 · All BAA statuses verified
FaceTime, standard Zoom, Google Meet, and Skype are not HIPAA-compliant for therapy
None of these platforms offer a HIPAA BAA for standard accounts. Using them for therapy sessions is a HIPAA violation, regardless of encryption.
Best HIPAA-Compliant Video Therapy Platforms
SimplePractice
Included with EHR ($29–$99/mo)
BAA: ✓ Included
Best for: Therapists who want telehealth integrated with scheduling, notes, and billing
- ✓Telehealth built into EHR — no separate app
- ✓No download required for clients
- ✓Waiting room feature
- ✓BAA covers telehealth automatically
- ✓Session notes in same platform
- ✗Requires full SimplePractice subscription
- ✗Not standalone — EHR only
Doxy.me
Free basic / Pro from $35/mo
BAA: ✓ BAA on paid plans
Best for: Therapists who want a simple standalone video platform without switching EHR
- ✓Free plan available
- ✓No download for clients
- ✓Simple waiting room link
- ✓Works in any browser
- ✗BAA requires paid plan
- ✗Free plan has limited features
- ✗Standalone — no EHR integration
Zoom for Healthcare
From $200/mo (Healthcare plan)
BAA: ✓ BAA on Healthcare plan only
Best for: Large practices already paying for Zoom Healthcare — not recommended for solo therapists
- ✓Familiar interface for clients
- ✓Reliable video quality
- ✓BAA available
- ✗Standard Zoom is NOT HIPAA-compliant
- ✗Healthcare plan is expensive
- ✗Not designed specifically for therapy
- ✗Clients must download the app
TherapyNotes Telehealth
Included with TherapyNotes ($49+/mo)
BAA: ✓ Included
Best for: Therapists already using TherapyNotes who want built-in telehealth
- ✓Built into EHR
- ✓BAA included
- ✓Functional video quality
- ✗Less polished than SimplePractice
- ✗Interface not as modern
HIPAA Requirements for Video Therapy
Signed Business Associate Agreement
The video platform must sign a HIPAA BAA with you before you use it for therapy sessions. Standard Zoom, FaceTime, Google Meet, and Skype do not offer BAAs for standard accounts.
End-to-end encryption
Video sessions must be encrypted in transit. This prevents interception of the session content. All platforms on this list use encrypted connections.
No session recording stored on non-HIPAA servers
If you record sessions, the recording must be stored on a HIPAA-compliant server. Do not record to your personal computer or a standard cloud service like Google Drive without a BAA.
Access controls
Only the therapist and client should be able to join the session. Waiting rooms, session passwords, or unique session links prevent unauthorized access.
Trusted by 225,000+ Therapists
50% Off Your First 4 Months + Free Credentialing
SimplePractice is the #1 HIPAA-compliant practice management platform for therapists. Includes a signed BAA, encrypted messaging, telehealth, and full insurance billing.
Offer valid through July 15, 2026 · No credit card required for trial
Need HIPAA-compliant email only? See Hushmail for Healthcare →
FAQ — HIPAA-Compliant Video Therapy
Is FaceTime HIPAA-compliant for therapy sessions?
No. Apple does not offer a HIPAA Business Associate Agreement for FaceTime. While FaceTime is end-to-end encrypted, encryption alone does not satisfy HIPAA requirements — you also need a signed BAA, audit logs, and access controls. FaceTime provides none of these for healthcare use.
Can I use regular Zoom for therapy sessions?
No — not on standard Zoom plans. Zoom's standard and Pro plans do not include a HIPAA BAA. Zoom for Healthcare (a separate, expensive plan) does include a BAA. For most solo therapists, SimplePractice or Doxy.me are more practical HIPAA-compliant alternatives.
Does my video therapy platform need a separate BAA from my EHR?
If your video platform is built into your EHR (like SimplePractice or TherapyNotes telehealth), it is covered under the EHR's existing BAA — no separate agreement needed. If you use a standalone video platform (like Doxy.me), you need a separate BAA with that provider.
What happens if a client joins a therapy session from a coffee shop or public place?
Your HIPAA obligations cover the security of your side of the connection — your platform, your BAA, your network. You are not responsible for the client's environment. However, best practice is to remind clients to use a private space and headphones to protect their own privacy.
Is Google Meet HIPAA-compliant for therapy?
Google Meet on a standard personal account is not HIPAA-compliant. Google Workspace Business accounts include a BAA that covers Google Meet. However, Workspace plans start at $6/month per user and require the BAA to be explicitly signed — it is not automatic.