Teletherapy privacy rules you must follow

teletherapy privacy rules

There are 3 privacy rules/standards you should familiarize yourself with when doing Teletherapy. I have listed them below to help you get started in teletherapy. At the end of the article, I have provided links to websites where you can find summaries of these rules and obtain up-to-date information.

  1. The Health Insurance Portability and Accountability Act (HIPAA) enacted in 1996 is a set of privacy and security standards and rules. The goal of the Privacy Rule is to ensure that individuals’ Protected Health Information (PHI) is kept private and used only when needed by authorized providers. PHI must be stored and transmitted securely. The Security Rule is a set of standards to ensure proper storing and transmitting of PHI in electronic forms (e-PHI). In a nutshell, you have to follow the same HIPAA rules when doing teletherapy and when providing therapy in traditional settings. To learn more about HIPAA click here.
  2. The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into effect on February 18, 2009. HITECH promotes the use of electronic health records (EHR) and allows healthcare recipients to access their PHI electronically. HITECH enhanced HIPAA penalties for noncompliance and placed equal liability on providers and business associates. Lastly, HITECH requires that individuals be notified if there is a data breach related to their PHI. If a data breach affects more than 500 individuals, the Department of Health and Human Services must be notified. When doing teletherapy, you must use secure ways of storing information about your clients.
  3. The Children’s Online Privacy Protection Act (COPPA) of 1998 is a set of rules designed to give parents control over the collection of their children’s’ personal information by websites or online services used. COPPA requires that websites and online service providers who collect personal information from children 13 years old and younger give parental notice and obtain parental consent prior to obtaining PHI.

One more thing, if you are working in a school setting you also have to follow The Family Educational Rights and Privacy Act (FERPA). This privacy act was enacted in 1974 with the goal of giving parents rights to obtain their child’s educational records until their child turns 18 years old. At that point, those rights are transferred to the student. Furthermore, FERPA protects student’s privacy by requiring that written consent is provided before any personal, identifiable information is disclosed.

Teletherapy Privacy Links:


Summary of HIPAA Privacy Rule

Summary of HIPAA Security Rule

If you like this article, please share:


Leave a Comment


Access freebies​

Follow me on Instagram. Would love to follow you back! Click Here


Be the first to know!

Subscribe to have the latest articles delivered to your inbox.