Your team handles progress notes, treatment plans, and telehealth sessions every day. They need HIPAA training that speaks their language -- not generic healthcare compliance.
Start 14-day free trialYour counselors switched to telehealth fast -- but are they using compliant platforms? One unsecured video session or screen-share can expose an entire client record.
Progress notes on personal laptops, treatment plans in shared Google Docs, intake forms emailed as attachments. If it's not encrypted and access-controlled, it's a violation waiting to happen.
Clients text their therapist, message through social media, or reply-all to group therapy emails. Your staff needs to know which channels are safe -- and how to redirect clients who use the wrong ones.
You're a therapist, not a security engineer. But HIPAA doesn't care about your practice size -- solo practitioners face the same breach notification requirements as hospital systems.
Short audio-narrated lessons with knowledge checks. Your therapists, counselors, and office staff complete it in one sitting -- not spread across weeks of ignored reminders.
Your compliance dashboard shows which clinicians are trained, who's overdue, and who just joined. Pull audit-ready reports when your liability insurer asks.
New hire? Expiring certificate? EZBunny sends reminders so you never have to send another "please finish your training" email to a busy clinician.
Every certificate has a unique ID and a public verification link. When an auditor or credentialing body asks, they can confirm it's real in seconds.
No per-seat charges. No hidden fees. Cancel anytime.
Telehealth therapy sessions must use HIPAA-compliant platforms with end-to-end encryption, signed Business Associate Agreements (BAAs), and access controls. Therapists must verify client identity at each session, use private settings, and ensure session recordings (if any) are stored in encrypted, access-controlled systems. Standard consumer video tools like FaceTime or Zoom (free tier) do not meet HIPAA requirements without a BAA.
Standard email and SMS are not HIPAA-compliant for sharing PHI such as session summaries, diagnoses, or treatment plans. You can use encrypted email services or HIPAA-compliant client portals for clinical communication. Appointment reminders with no PHI (e.g., "You have an appointment Tuesday at 3pm") are generally permissible, but confirming therapy attendance or sharing clinical details is not.
Yes. Under HIPAA, psychotherapy notes -- a therapist's personal notes recorded during or after a session -- receive stronger protections than standard medical records. They must be stored separately from the clinical record, and most disclosures require specific patient authorization. Even other healthcare providers generally cannot access them without consent. This applies to both paper and electronic notes.
42 CFR Part 2 provides additional federal protections for substance use disorder (SUD) treatment records beyond HIPAA. These records require written patient consent for almost all disclosures, including to other healthcare providers. Recent rule changes are aligning Part 2 more closely with HIPAA, but practices treating SUD must still follow the stricter consent requirements. Staff must be trained on both HIPAA and Part 2 obligations.
Every workforce member who handles PHI must receive HIPAA training -- including solo practitioners, office managers, billing staff, and clinical assistants. Training must cover the Privacy Rule, Security Rule, breach notification procedures, and your practice's specific policies. HIPAA does not prescribe a specific number of hours, but training must be provided at hire and whenever policies change. Annual refresher training is a widely recognized best practice.
Takes minutes to set up. Your 14-day free trial starts right away.
Start 14-day free trialEZBunny provides HIPAA awareness training for educational purposes. We do not collect, store, or process Protected Health Information (PHI). Completion certificates show that training was completed but do not guarantee regulatory compliance on their own. We recommend consulting a qualified compliance professional for your specific obligations.