Therapy HIPAA Hub
CRITICAL — NEW YORK

HIPAA + NY SHIELD Act Compliance for New York Therapists — 2026 Guide

New York therapists navigate HIPAA (federal), the NY SHIELD Act, and New York Mental Hygiene Law — three overlapping frameworks. The NYC OCR office is among the most active in the country. Here is your complete 2026 compliance guide.

$52,000

Avg fine in New York

30 Days

NY breach notification

3 Laws

HIPAA + SHIELD + MHL

NY SHIELD Act — What Therapists Must Know

!

The SHIELD Act requires breach notification within 30 days of discovery — HIPAA allows 60

!

New York Mental Hygiene Law §33.13 provides extra protections for mental health records beyond HIPAA

!

NYC therapists sharing office space must have written agreements covering PHI handling

!

Psychotherapy notes have special status in NY — patients have stronger access rights than under federal HIPAA

!

NY SHIELD Act applies to any business handling NY resident data — including telehealth therapists in other states

☀️ Summer 2026 Offer

Trusted by 225,000+ Therapists — Recommended for New York Therapist in New York

50% Off Your First 4 Months of SimplePractice

SimplePractice is the #1 HIPAA-compliant practice management platform for therapists. Includes a signed BAA, encrypted messaging, telehealth, and full insurance billing.

✓ 7-day free trial✓ 50% off first 4 months✓ Free credentialing available (up to 2 payers)✓ BAA included
Claim 50% Off SimplePractice →

Limited-time summer offer · No credit card required for trial

Need HIPAA-compliant email only? See Hushmail for Healthcare →

FAQ — New York Therapist HIPAA

Does the NY SHIELD Act apply to therapists?

Yes. Any therapist who handles private information of New York residents — including through telehealth — must comply with the NY SHIELD Act's reasonable safeguards requirements, in addition to HIPAA.

What is New York Mental Hygiene Law §33.13?

NY MHL §33.13 provides additional confidentiality protections for mental health records. It restricts disclosure in ways that are often stricter than HIPAA and includes specific rules for court proceedings.

Can a telehealth therapist outside New York be subject to NY law?

Yes. If you provide therapy to clients who are physically located in New York, you may be subject to NY SHIELD Act requirements regardless of where your practice is based.