HIPAA + NY SHIELD Act Compliance for New York Therapists — 2026 Guide
New York therapists navigate HIPAA (federal), the NY SHIELD Act, and New York Mental Hygiene Law — three overlapping frameworks. The NYC OCR office is among the most active in the country. Here is your complete 2026 compliance guide.
$52,000
Avg fine in New York
30 Days
NY breach notification
3 Laws
HIPAA + SHIELD + MHL
NY SHIELD Act — What Therapists Must Know
The SHIELD Act requires breach notification within 30 days of discovery — HIPAA allows 60
New York Mental Hygiene Law §33.13 provides extra protections for mental health records beyond HIPAA
NYC therapists sharing office space must have written agreements covering PHI handling
Psychotherapy notes have special status in NY — patients have stronger access rights than under federal HIPAA
NY SHIELD Act applies to any business handling NY resident data — including telehealth therapists in other states
Trusted by 225,000+ Therapists — Recommended for New York Therapist in New York
Get Your Practice 100% HIPAA Compliant in 2026
SimplePractice is the #1 HIPAA-compliant practice management platform built specifically for therapists. Includes secure messaging, telehealth, billing, and a signed BAA — everything you need to stay compliant and protect your clients.
Start Free Trial with SimplePractice →30-day free trial · No credit card required
Need HIPAA-compliant email only? See Hushmail for Healthcare →
FAQ — New York Therapist HIPAA
Does the NY SHIELD Act apply to therapists?
Yes. Any therapist who handles private information of New York residents — including through telehealth — must comply with the NY SHIELD Act's reasonable safeguards requirements, in addition to HIPAA.
What is New York Mental Hygiene Law §33.13?
NY MHL §33.13 provides additional confidentiality protections for mental health records. It restricts disclosure in ways that are often stricter than HIPAA and includes specific rules for court proceedings.
Can a telehealth therapist outside New York be subject to NY law?
Yes. If you provide therapy to clients who are physically located in New York, you may be subject to NY SHIELD Act requirements regardless of where your practice is based.