I purchased the unlimited subscription. Why is the course prompting me to pay for it again?

You'll access all courses from your student dashboard in the menu after purchasing the unlimited subscription.

Is Therapy Trainings™ continuing education board-approved?

We have state and national approvals from NBCC, ASWB ACE, NAADAC, KY LPC, MFT, and SW Boards.

What are the online continuing education courses at Therapy Trainings™ like?

All on-demand CE courses are text-based and you can progress at your own pace. Once you've read the material, you'll complete a quiz and will receive a certificate of completion immediately.

How do I register for a CE program?

Find your course and follow a few simple steps. Credit cards and Paypal payments are accepted. You'll gain access immediately.

If I purchases the Unlimited bundle, what courses are included?

All on-demand courses. Live CE is excluded.

When are your trainings for counselors, social workers, MFTs, and more available?

All trainings published by Therapy Trainings™ are on-demand and available 24/7. You have access to all courses as soon as you enroll.

What if I have more questions? Is there someone I can talk to?

We're here for you by email and look forward to helping you. Please contact us at support@therapytrainings.com. Therapy Trainings™ takes pride in making students happy.

What's the lowest-price guarantee all about?

Let us know about a lower price that you found for the course you want, and we'll give you a custom discount code. Courses must be similar.

Therapy Trainings® Presents

HIPAA and Family Records: Navigating Health Privacy Laws

3 CE Hours

This course is available in text and audio format and was developed in 2025 for mental health professionals. Learn essential HIPAA regulations for family therapy practice, including confidentiality with multiple family members, minors' privacy rights, parental access to records, and compliant documentation practices.

Target Audience: Mental Health Professionals Content Level: Beginning to Expert Format: Text and Audio, Self-Paced

Enroll Now: $45 Unlimited CE: $75/Year

NBCC Approved ASWB ACE Approved NAADAC Approved Instant Certificate

NBCC Approved Continuing Education Provider

HIPAA Training Course Overview

In family therapy, navigating the complexities of health privacy laws like the Health Insurance Portability and Accountability Act (HIPAA) is essential to maintaining ethical and legal standards. This HIPAA training course provides marriage and family therapists and other mental health professionals with a comprehensive understanding of HIPAA regulations and their implications for managing family therapy records.

Participants will learn strategies for handling confidentiality, balancing competing privacy rights among family members, and managing documentation in compliance with federal law. The course addresses the unique challenges that arise when multiple family members are involved in treatment, including questions about who has access to records, how to handle disclosures, and navigating the privacy rights of minors.

By the end of this course, therapists will be equipped with practical tools and knowledge to maintain trust with clients, uphold privacy, and meet legal requirements in their family therapy practice. Whether you are new to family therapy or seeking to update your knowledge of current HIPAA requirements, this training provides essential guidance for compliant and ethical practice.

CE Hours

$45

Course Price

Lessons

HIPAA Training Learning Objectives

At the end of this HIPAA training course, you will be able to:

Identify the key principles and requirements of HIPAA as they apply to family therapy records
Observe ethical and legal challenges in maintaining confidentiality and privacy among family members
Manage records and disclosures in accordance with HIPAA regulations
Navigate the complexities of minors' privacy rights and parental access to records
Handle subpoenas, court orders, and other legal requests appropriately
Integrate informed consent and documentation practices to ensure compliance

Practical Application: This course includes case examples and practical scenarios to help you apply HIPAA principles to real-world situations in family therapy practice.

Key HIPAA Concepts for Family Therapists

Understanding HIPAA is essential for any mental health professional working with families. This section introduces the foundational concepts covered in this training.

What Is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for protecting sensitive patient health information. For mental health professionals, HIPAA governs how we collect, store, use, and disclose protected health information (PHI). The Privacy Rule, a key component of HIPAA, gives patients rights over their health information and sets limits on who can access that information.

HIPAA in Family Therapy Settings

Family therapy presents unique HIPAA challenges because treatment involves multiple individuals, each with their own privacy rights. When a couple or family enters treatment together, questions arise about who is the "patient," who has access to records, and how to handle situations where family members have conflicting interests. This course provides clear guidance for navigating these complexities.

Protected Health Information (PHI)

Protected health information includes any information that can identify a patient and relates to their past, present, or future physical or mental health condition, treatment, or payment for healthcare. In family therapy, PHI may include session notes, treatment plans, diagnoses, and any communications about treatment. Understanding what constitutes PHI is the first step toward proper protection.

Covered Entities and Business Associates

HIPAA applies to "covered entities," which include healthcare providers who transmit health information electronically. Most therapists who bill insurance are covered entities. The law also applies to "business associates" who handle PHI on behalf of covered entities, such as billing services, EHR vendors, and answering services. Understanding your obligations under HIPAA depends on your status as a covered entity.

Confidentiality Challenges in Family Therapy

Maintaining confidentiality in family therapy requires balancing the privacy rights of multiple individuals while providing effective treatment. This course addresses the most common confidentiality challenges family therapists encounter.

Competing Privacy Interests

When family members participate in treatment together, they may share information they want kept confidential from other family members. Therapists must establish clear policies about how they handle secrets and disclosures within family therapy. This course explores different approaches and their implications for treatment and legal compliance.

Individual Sessions Within Family Therapy

Many family therapists conduct individual sessions with family members as part of the overall treatment. These sessions create questions about what can be shared with other family members and how to document the sessions. Clear informed consent and consistent policies are essential for managing confidentiality in these situations.

Disclosures to Third Parties

Family therapists may receive requests for information from schools, courts, attorneys, other healthcare providers, or extended family members. Understanding when disclosure is permitted, when it requires authorization, and how to handle conflicting requests from family members is critical for HIPAA compliance.

Minors' Privacy Rights and Parental Access

One of the most complex areas of HIPAA in family therapy involves balancing minors' privacy rights with parents' rights to access their children's health information. This course provides detailed guidance for navigating these situations.

When Do Minors Have Privacy Rights?

Under HIPAA, minors have privacy rights when state law allows them to consent to their own treatment. This varies significantly by state and by type of treatment. In some states, minors can consent to mental health treatment at age 12 or 14. When a minor consents to treatment, they control access to their records. This course helps you understand how to apply these rules in your state.

Parental Access to Records

Generally, parents have the right to access their minor children's health records. However, HIPAA provides exceptions when the minor has consented to treatment independently, when state law prohibits parental access, or when the provider believes access could harm the minor. Documenting your reasoning when limiting parental access is essential for legal protection.

Divorced and Separated Parents

Custody situations add another layer of complexity. Both parents typically have access rights unless specifically limited by court order. Therapists must understand how to verify custody arrangements, respond to requests from non-custodial parents, and handle situations where parents disagree about their child's treatment.

State Law Matters: HIPAA often defers to state law regarding minors' rights. This course emphasizes the importance of knowing your state's specific laws and provides guidance for researching and applying them.

Record-Keeping and Documentation for HIPAA Compliance

Proper documentation is essential for HIPAA compliance in family therapy. This section covers best practices for creating, storing, and managing family therapy records.

Creating Compliant Records

Family therapy records must be accurate, relevant, and protected. When documenting family sessions, therapists face decisions about what information to include, how to attribute statements to specific family members, and how to document sensitive disclosures. This course provides practical guidance for creating records that serve clinical purposes while maintaining compliance.

Separate vs. Combined Records

Therapists must decide whether to maintain separate records for each family member or combined family records. Each approach has implications for access rights, confidentiality, and practical management. This course examines the pros and cons of different approaches and helps you develop a system that works for your practice.

Retention and Destruction

HIPAA requires covered entities to maintain records for specified periods and to destroy them securely when retention requirements are met. State laws may impose additional retention requirements. Understanding these requirements and implementing proper procedures protects both therapists and clients.

Who Should Take This HIPAA Training Course

This HIPAA training is designed for all mental health professionals who work with families, couples, or minors. Understanding health privacy laws is essential for ethical and legal practice.

Marriage and Family Therapists (LMFT)

Licensed marriage and family therapists regularly navigate the complexities of multi-person treatment. This course addresses the unique HIPAA challenges MFTs face, including managing confidentiality when treating couples and families, handling requests for records from multiple parties, and documenting family sessions appropriately.

Licensed Professional Counselors (LPC, LMHC, LCPC)

Professional counselors who work with families, couples, or minors need thorough understanding of HIPAA as it applies to multi-person treatment. This training provides the knowledge counselors need to maintain compliance while providing effective family-focused care.

Clinical Social Workers (LCSW, LSW)

Clinical social workers often work with families in various settings, from private practice to agencies and hospitals. HIPAA compliance is essential regardless of setting. This course helps social workers understand how HIPAA applies to their work with families and minors.

Psychologists

Psychologists who provide family therapy, couples counseling, or child therapy benefit from specialized HIPAA training. This course addresses confidentiality challenges specific to working with multiple family members and managing records in family treatment contexts.

Addiction Counselors (LCAC, LAC, CADC)

Addiction counselors frequently involve families in treatment and must navigate both HIPAA and 42 CFR Part 2 (federal regulations specific to substance use treatment). This course focuses on HIPAA while acknowledging the additional requirements for substance use treatment records.

Save More with Unlimited CE Access

Get unlimited access to all 100+ courses including this HIPAA training for just $75/year. Complete all your CE requirements for one low price. Ethics, trauma, supervision, clinical skills, and more.

Get Unlimited CE: $75/Year

Course curriculum

1. About the Course
2. Copyright Notice for Therapy Trainings™
1. Overview of HIPAA regulations
2. Key terms: Protected Health Information (PHI), covered entities, and business associates
3. Importance of HIPAA compliance in family therapy practice
4. Consequences of non-compliance
5. References
1. Defining confidentiality in a family context
2. Managing competing privacy rights among family members
3. Best practices for establishing group agreements on confidentiality
4. Case studies of confidentiality breaches and resolutions
5. References
1. Guidelines for maintaining family therapy records under HIPAA
2. Distinguishing between individual and family records
3. Ethical and legal considerations in documenting family sessions
4. Strategies for Secure Storage and Access Control
5. References
1. Understanding informed consent under HIPAA
2. Managing consent for minors and individuals with guardianship
3. Protocols for sharing information with family members and external parties
4. Case examples of consent challenges in family therapy
5. References
1. Legal considerations regarding minors’ privacy rights
2. Navigating conflicts between parents’ access rights and minors’ confidentiality
3. State-specific laws and their intersection with HIPAA
4. Case studies highlighting common dilemmas
5. References
1. Responding to subpoenas and court orders while maintaining HIPAA compliance
2. Strategies for balancing legal obligations with ethical considerations
3. Practical steps for consulting legal counsel and protecting records
4. Case examples of legal challenges in family therapy practice
5. References
1. Addressing cultural variations in privacy expectations
2. Ethical dilemmas related to privacy in diverse family structures
3. Strategies for fostering trust and transparency in record management
4. Tools for ethical decision-making in complex cases
5. References
1. Developing HIPAA-compliant policies and procedures.
2. Training and educating staff on HIPAA requirements
3. Conducting internal audits to ensure compliance
4. Resources for staying updated on evolving laws and regulations
5. References
1. HIPAA requirements for electronic health records (EHR) in family practice
2. Ensuring security and privacy in virtual therapy sessions
3. Managing risks with email, text messaging, and other digital communications
4. Best practices for implementing HIPAA-compliant technology solutions
5. References
1. Review of Key Concepts
2. Assessment
1. Course Evaluation

About this course

$45.00
50 lessons
0 hours of video content

About the Author

Matt Grammer, LPCC-S is the founder of Therapy Trainings®, Kentucky Counseling Center®, and Counseling Now®. He has over 15 years of experience as a clinician, private practice operator, and consultant. He holds dual Masters degrees in Mental Health Counseling and School Counseling. KY LPCC-S #164069

Consulting Team:
Social Work Consultant is Alicia Trager, LCSW
Marriage and Family Therapy Consultant is Matt White, MFT
Psychology Consultant is Brett Donnelly, Psy.D.

Course Completion & CE Requirements

To earn 3 CE hours for this HIPAA training: Complete all course modules including reading materials, pass the posttest with a score of 80% or higher, and submit the course evaluation. The posttest can be retaken as many times as needed at no additional cost.

Your CE certificate is available for instant download immediately upon completion and can be accessed anytime from your account. The certificate includes all information required by licensing boards including course title, CE hours, completion date, and provider information. For states using CE Broker (Florida, Georgia, Alabama, and others), you can self-report your hours using our CE Broker provider number (#50-40520).

Handling Subpoenas and Legal Requests

Family therapists frequently receive subpoenas, court orders, and other legal requests for records. Understanding how to respond appropriately protects both therapist and clients while maintaining HIPAA compliance.

Subpoenas vs. Court Orders

A subpoena is a request from an attorney, while a court order comes from a judge. The distinction matters for HIPAA compliance. Generally, a subpoena alone does not authorize disclosure of protected health information. Additional requirements must be met, such as patient authorization or assurance that the patient has been notified and given opportunity to object. A court order signed by a judge does authorize disclosure of the specific information requested.

Responding to Legal Requests

When you receive a legal request for records, the first step is identifying what type of request it is and what information is being sought. You should consult with an attorney if you have questions about your obligations. This course provides a step-by-step process for evaluating and responding to legal requests while protecting client confidentiality to the extent possible.

Custody and Divorce Proceedings

Family therapists are frequently asked to provide information in custody disputes. These situations require careful navigation of HIPAA rules, professional ethics, and legal requirements. Understanding your role, the limits of confidentiality, and how to respond to conflicting requests from divorcing parents is essential for practice in family therapy.

Informed Consent for HIPAA Compliance

Thorough informed consent is your best protection for HIPAA compliance in family therapy. Clear policies communicated at the outset of treatment prevent misunderstandings and protect all parties.

Notice of Privacy Practices

HIPAA requires covered entities to provide patients with a Notice of Privacy Practices (NPP) describing how their health information may be used and disclosed. The NPP must be provided at the first treatment encounter and patients must acknowledge receipt. In family therapy, each adult family member should receive and acknowledge the NPP.

Confidentiality Policies for Family Treatment

Beyond the NPP, family therapists should have clear policies about how confidentiality works in multi-person treatment. This includes policies about secrets, individual sessions, and what happens if one family member requests records. Documenting that all participants understand and agree to these policies protects the therapist and clarifies expectations.

Authorizations for Disclosure

When disclosing protected health information outside of treatment, payment, and healthcare operations, HIPAA generally requires a signed authorization from the patient. In family therapy, determining who can authorize disclosure depends on who is considered the patient. This course clarifies how to handle authorization requirements in family treatment contexts.

HIPAA Violations and Consequences

Understanding the consequences of HIPAA violations motivates compliance and helps therapists appreciate the importance of proper privacy practices.

Types of Violations

HIPAA violations range from inadvertent disclosures to willful neglect. Common violations include improper disposal of records, unauthorized access to patient information, failure to provide the Notice of Privacy Practices, and disclosures without proper authorization. In family therapy settings, violations may occur when information is shared with family members who are not authorized to receive it.

Penalties for Violations

HIPAA penalties are tiered based on the level of culpability. Violations can result in civil monetary penalties ranging from $100 to $50,000 per violation, with annual maximums up to $1.5 million for identical violations. Criminal penalties, including fines and imprisonment, apply to knowing violations. State attorneys general can also bring enforcement actions.

Breach Notification

When a breach of unsecured protected health information occurs, HIPAA requires notification to affected individuals, the Department of Health and Human Services, and in some cases, the media. Understanding what constitutes a breach and the notification requirements is essential for proper response if a breach occurs.

HIPAA Training CE Approvals

This HIPAA training is approved for continuing education credit by the following national and state organizations. Our approvals ensure that mental health professionals can earn CE credit accepted by their licensing boards.

NBCC: Therapy Trainings® has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 7439. Programs that do not qualify for NBCC credit are clearly identified. Therapy Trainings® is solely responsible for all aspects of the programs. This HIPAA training course qualifies for 3 NBCC clock hours.

ASWB ACE: Therapy Trainings®, #1945, is approved as an ACE provider to offer social work continuing education by the Association of Social Work Boards (ASWB) Approved Continuing Education (ACE) program. Regulatory boards are the final authority on courses accepted for continuing education credit. ACE provider approval period: 12/6/2024-12/6/2027. Social workers completing this HIPAA course receive 3 continuing education credits.

NAADAC: This HIPAA continuing education course has been approved by Therapy Trainings®, as a NAADAC Approved Education Provider, for 3 CE hours. NAADAC Provider #270493. Therapy Trainings® is responsible for all aspects of its programming.

Kentucky: Therapy Trainings® is approved by the Kentucky Board of Licensed Professional Counselors and the Kentucky Board of Social Work (Provider #KBSWSP 202308) as a continuing education provider.

Ohio: Therapy Trainings® is approved by the Ohio Counselor, Social Worker, and Marriage and Family Therapist Board (CSWMFT) as a continuing education provider.

Florida: Therapy Trainings® is a CE Broker approved provider for the Florida Board of Clinical Social Work, Marriage & Family Therapy and Mental Health Counseling. CE Broker Provider #50-40520. You can self-report your completed hours using this provider number.

HIPAA Training for Therapists: Frequently Asked Questions

How many CE hours is this HIPAA training course?

This HIPAA training provides 3 CE hours (also called CEUs or continuing education units). The course is self-paced and available in text and audio format, typically taking approximately 3 hours to complete. You can work through the material at your own pace over multiple sessions.

Is HIPAA training required for therapists?

HIPAA requires covered entities to train workforce members on privacy policies and procedures. While not all state licensing boards mandate specific HIPAA CE, understanding HIPAA is essential for ethical and legal practice. Many therapists complete HIPAA training as part of their general CE requirements. Check with your state board for specific requirements.

Does HIPAA apply to all therapists?

HIPAA applies to "covered entities," which includes healthcare providers who transmit health information electronically. Most therapists who bill insurance, submit electronic claims, or use electronic health records are covered entities subject to HIPAA. Even cash-pay therapists often follow HIPAA standards as best practice. This course helps you understand whether and how HIPAA applies to your practice.

What makes HIPAA different in family therapy?

Family therapy involves treating multiple individuals together, each with their own privacy rights under HIPAA. This creates unique challenges: determining who has access to records, handling secrets between family members, managing disclosures when family members have conflicting interests, and navigating minors' privacy rights alongside parental access. This course specifically addresses these family therapy challenges.

How do I handle record requests from divorced parents?

Generally, both parents have the right to access their minor child's health records unless a court order specifically limits that right. When parents are divorced or separated, verify custody arrangements and check for any court orders limiting access. If both parents have rights, you may need to provide records to both upon request. This course provides detailed guidance for handling these situations.

Can I refuse to give parents their child's therapy records?

HIPAA allows providers to deny parental access in limited circumstances: when the minor has legally consented to treatment independently, when state law prohibits parental access, or when the provider believes access would harm the minor. You must document your reasoning. This course explains when and how you can appropriately limit parental access while remaining HIPAA compliant.

When will I receive my HIPAA CE certificate?

Your CE certificate is available as an instant download immediately after you complete the course and pass the posttest with a score of 80% or higher. You can also access and download your certificates anytime from your account. For states using CE Broker (including Florida, Georgia, and Alabama), you can self-report your hours using our CE Broker provider number (#50-40520).

Is this course approved in my state?

Therapy Trainings® is approved by NBCC, ASWB ACE, and NAADAC, the major national CE approval bodies for mental health professionals. Most state boards accept CE from these nationally approved providers. We also have specific state approvals in Kentucky, Ohio, and Florida. Check our Board Approvals page or contact your state licensing board to confirm acceptance.

What if I fail the HIPAA posttest?

You can retake the posttest as many times as needed at no additional cost. The posttest is open-book, and most participants pass on their first attempt. If you do not pass initially, review the course material and try again. There is no penalty for retaking the exam.

Why HIPAA Training Matters for Family Therapists

Health privacy laws exist to protect patients' sensitive health information while enabling the provision of quality healthcare. For family therapists, understanding HIPAA is not just about avoiding penalties. It is about building and maintaining trust with the families you serve.

When families enter therapy, they share their most private struggles, conflicts, and concerns. They trust that their therapist will protect this information. A solid understanding of HIPAA helps you honor that trust by knowing exactly what you can and cannot disclose, and under what circumstances.

HIPAA compliance also protects therapists. When you understand and follow privacy rules, you reduce your risk of complaints, lawsuits, and regulatory actions. Clear policies and proper documentation demonstrate that you take privacy seriously and have systems in place to protect patient information.

Staying Current with HIPAA Requirements

HIPAA regulations and their interpretation continue to evolve. Recent changes have addressed telehealth, electronic health records, and patient access to records. Completing regular HIPAA training ensures you stay current with these changes and can adapt your practices accordingly.

Integrating HIPAA into Family Therapy Practice

The goal of this course is not just knowledge but practical application. You will learn how to develop policies, create compliant documentation, respond to record requests, and handle the unique situations that arise in family therapy. By the end of this training, you will have concrete tools you can implement immediately in your practice.

CE Requirements by State

Find your state's specific continuing education requirements for mental health professionals. Click your state for detailed information about CE hours, ethics requirements, and renewal deadlines.

Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware District of Columbia Florida Georgia Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana Nebraska Nevada New Hampshire New Jersey New Mexico New York North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania Rhode Island South Carolina South Dakota Tennessee Texas Utah Vermont Virginia Washington West Virginia Wisconsin Wyoming

Start Your HIPAA Training Today

Complete this 3-hour HIPAA training and earn CE credit toward your license renewal. Learn essential health privacy laws for family therapy practice.