New HIPAA regulations could be putting a strain on your practice. Everyday communication techniques that a practice uses have new updates to become HIPAA compliant. HIPAA compliance simply means that all information taken in by the practice is secure and confidential. When delivering information through technology, to be HIPAA compliant a professional must use encryption. This includes coaching through emails, which also must be encrypted. A patient can opt-out of the encryption for emails however this is NOT suggested as it opens up the therapist to liability. HIPAA compliance means that ALL systems and platforms used in the practice are delivered through a secure format.

When adding “Coaching” to a practice for insurance liability purposes, it is added/covered under the license that the person is practicing under. Most of the time coaching is a sub-specialty held under the license for the career that has been chosen. To remain HIPAA compliant in coaching one must practice the same procedures as with their therapy career. All procedures used to coach a patient whether online or in person must remain HIPAA compliant.

HIPAA only applies to people who are billing through insurance; if a psychologist or therapist is billing insurance the entire practice must be HIPAA compliant. However HIPAA compliance is now considered a “best practice” in terms of Protected Health Information. Ethically, counselors must use a third party encrypted software program that is HIPAA complaint. If a client doesn’t want to use encrypted email chains it is highly suggested to not take on the client as the liability of medical malpractice is extremely high.

There are several third-party platforms that allow therapists to remain HIPAA compliant. In order for a third party platform to be HIPAA compliant and considered safe to use in the practice, the platform signs a HIPAA business associate agreement for the therapist to keep on file. The HIPAA business associate agreement is a written contract between the business associate and the covered entity, which gives guidelines as to what protected information is accessible for each party.

A Few 3rd Party platforms that are HIPAA compliant:

  1. Hushmail

The popular video chat application, Skype, is encrypted however it does not allow therapists and counselors to remain HIPAA compliant for several reasons, the main being that the platform doesn’t sign a third party HIPAA business associate agreement. In the area of liability protection Skype is not considered an approved platform for coaching or counseling.

Whether you are practicing coaching or counseling/therapy under your license, it is important to keep all systems and processes HIPAA compliant. Every staff member must become familiar with the new rules and regulations, as they also need to follow the steps necessary to keep the practice protected.

Information in this blog was provided by Deanna  Nagel a Licensed Professional Counselor and Board Certified Coach also offering coach certification training. Visit Deena’s websites at and 

Download PDF
CPH Insurance

Protect yourself with CPH Insurance.

Get a quote & apply online.

About the Author

Avatar photo

Guest Author