Home > Blog > How to keep psychotherapy notes in a HIPAA-compliant manner?

How to keep psychotherapy notes in a HIPAA-compliant manner?

Salwa Zeineddine2022-10-05

Have your progress notes written for you automatically

It's no secret that therapists have to take careful notes during sessions with patients. But did you know that those notes are subject to the same federal privacy laws as other medical records? To protect the confidentiality of their patients, therapists must take care to write their psychotherapy notes in a HIPAA-compliant manner.

That's right: under the Health Insurance Portability and Accountability Act (HIPAA), psychotherapy notes are considered protected health information (PHI). PHI is any information that could be used to identify an individual and that is related to his or her health or health care. That means therapists need to take steps to ensure that their notes are secure and that only authorized individuals have access to them.

So what does that mean in practice? Here are some tips for therapists on how to write HIPAA-compliant psychotherapy notes:

Keep your notes secure.

This one should be a no-brainer, but it's worth repeating: your patients' PHI is sensitive information, and it needs to be treated as such. That means keeping your notes in a secure location, whether that's a locked filing cabinet, a password-protected computer, a secure therapy notes software, or a secure cloud-based EHR system.

Keep your notes separate.

To make sure that their psychotherapy notes are HIPAA-compliant, therapists should keep them separate from the rest of the patient's medical record. They should also be aware of how psychotherapy notes can be released to third parties, such as in the case of a subpoena or a court order.

Be careful with whom you share your notes.

Remember that HIPAA applies not just to psychotherapeutic notes but to all PHI. That means you need to be careful about with whom you share your patients' information, whether it's in the form of notes or other records.

If you need to share PHI with another healthcare provider (for example, if you're referring a patient to another therapist), you'll need to get the patient's written authorization first. And even then, you should only share the minimum amount of information necessary.

Keep your notes accurate and up-to-date.

It's important to remember that psychotherapy notes are not just for your reference; they can also be used in court, if necessary. That means it's crucial to make sure your notes are accurate and complete.

If you need to make corrections to your notes, be sure to date and initial them so that it's clear that they're not the original record. And always err on the side of including too much information rather than too little.

Don't include identifying information.

When writing your notes, be sure to avoid including any information that could identify the patient. This includes names, addresses, dates of birth, and any other personal details.

This includes preferentially referring to the patient as "the patient" instead of their name. If you need to refer to the patient by name, use initials instead of the full name. This will help to protect the patient's identity.

Destroy the old notes.

Once you no longer need a patient's notes, be sure to destroy them in a way that protects their privacy. This could include shredding them, burning them, or storing them in a secure location.

Train your staff on HIPAA compliance.

It's important to make sure that all members of your staff are trained in HIPAA compliance. Be sure to review the HIPAA Privacy Rule and the HIPAA Security Rule with your staff and explain your policies and procedures for safeguarding PHI.

Following these tips will help you ensure that your psychotherapy notes are compliant with HIPAA. And that's good for both you and your patients.

Reviewed by: Brittainy Lindsey

About the author

Salwa Zeineddine

Salwa Zeineddine is an expert in the mental health and medical field. She has extensive experience in the medical field, having worked as a medical researcher at the American University of Beirut. She is highly knowledgeable about therapist needs and insurance requirements. Salwa is passionate about helping people understand and manage their mental health, and she is committed to providing the best possible care for her patients. She is an advocate for mental health awareness and works to ensure that everyone has access to the resources they need.

Learn More About Salwa


All examples of mental health documentation are fictional and for informational purposes only.

Speed up your note-taking process

See More Posts


The Ultimate Guide to the Best HIPAA Compliant EHRs

99404 CPT Code (description, code time, reimbursement, modifier, documentation requirements, frequency)

90838 CPT Code (description, code time, reimbursement, modifier, documentation requirements, frequency)

Show more