HIPAA Compliance for Therapists in Texas — 2026 Guide
Texas therapists operate under HIPAA and Texas Health & Safety Code Chapter 611 — a stricter state mental health privacy law. With OCR Region 6 (which covers Texas) being the most active enforcement office in the country, Texas therapy practices face higher audit risk than almost any other state. Here is what you need to know for 2026.
$41,000
Avg HIPAA fine in Texas
Feb 16
2026 NPP update deadline
#1
OCR enforcement region
February 16, 2026 — Mandatory NPP Update
Every Texas therapy practice must update their Notice of Privacy Practices to reflect the new patient rights under the 2024 HIPAA Privacy Rule. Practices using the same NPP from before 2024 are already non-compliant and subject to OCR action.
Texas Health & Safety Code Chapter 611 — What Therapists Must Know
Texas Chapter 611 governs mental health records specifically. In several areas it is stricter than HIPAA:
Psychotherapy records cannot be released without patient written consent even for treatment coordination — stricter than HIPAA's treatment exception
Texas law requires written notice before disclosing records to insurance companies in most situations
Chapter 611 violations can result in Texas State Board of Examiners sanctions on top of federal HIPAA fines
Texas law protects mental health records of minors differently from HIPAA — parents do not have automatic access in all cases
Top 5 HIPAA Violations for Texas Therapists
No Business Associate Agreement (BAA) with EHR or telehealth platform
Every software vendor who touches patient data — SimplePractice, Zoom for Healthcare, scheduling tools — requires a signed BAA. Most Texas solo therapists skip this step.
Using Gmail or personal email for client communication
Standard Gmail has no BAA available. If a therapist emails a client about their session, that is a HIPAA violation. A HIPAA-compliant email service like Hushmail is required.
Missing or outdated Notice of Privacy Practices (NPP)
All Texas therapy practices must update their NPP by February 16, 2026. Practices that haven't updated since 2013 (the last major change) are already in violation.
Psychotherapy notes not stored separately
HIPAA gives psychotherapy notes special protection — they must be stored separately from the general medical record and require separate authorization for disclosure. Many EHRs don't do this automatically.
No HIPAA Security Risk Assessment (SRA) on file
The SRA is the #1 document OCR requests in an audit. Texas therapists who have never completed a formal SRA face immediate penalties — not just for noncompliance, but for the missing documentation itself.
Trusted by 225,000+ Therapists — Recommended for Texas Therapist in Texas
Get Your Practice 100% HIPAA Compliant in 2026
SimplePractice is the #1 HIPAA-compliant practice management platform built specifically for therapists. Includes secure messaging, telehealth, billing, and a signed BAA — everything you need to stay compliant and protect your clients.
Start Free Trial with SimplePractice →30-day free trial · No credit card required
Need HIPAA-compliant email only? See Hushmail for Healthcare →
FAQ — HIPAA for Texas Therapists
Do therapists in Texas have to follow HIPAA?
Yes. All licensed therapists, counselors, and mental health practitioners in Texas who transmit health information electronically are covered entities under HIPAA and must comply fully.
What is the average HIPAA fine for a Texas therapist?
The average HIPAA fine for therapy practices in Texas is approximately $41,000. Texas is one of the most actively enforced states, with OCR Region 6 (which covers Texas) issuing more corrective action plans than any other region.
Does Texas have any mental health privacy laws beyond HIPAA?
Yes. Texas Health & Safety Code Chapter 611 governs mental health records specifically, and in some cases provides stricter protections than HIPAA. Texas therapists must comply with both.