Is your therapy practice actually HIPAA compliant?

Most therapists assume they’re compliant because their EHR “is HIPAA compliant.” But your EHR’s compliance isn’t yours, you still owe your own risk analysis, policies, NPP, and BAAs. Answer 10 questions and we’ll show you exactly where your gaps are. No client information required.

01Have you completed a documented Security Risk Analysis in the last 12 months?

02Do you have a signed BAA with every vendor that can access client data?

03Is your Notice of Privacy Practices updated for the current rules?

04Do you have written privacy and security policies and procedures?

05Have you designated a Privacy Officer and a Security Officer (even if it’s you)?

06Do you keep psychotherapy notes separate, with their own authorization process?

07Do you have a written breach-notification procedure and log?

08Are your devices encrypted, with unique logins and auto-logoff?

09Do you have a workforce training record and a sanctions policy?

10Can you produce a client’s records within the required timeframe if asked?

Answer all 10 questions to see your results (0/10).