Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Guidelines for HIPAA compliant therapy patient referrals

Guidelines for HIPAA compliant therapy patient referrals

Ensuring that patient referrals are HIPAA compliant is a legal requirement for therapists and an ethical responsibility. These guidelines can be followed for HIPAA compliant therapy patient referrals. 


Guidelines for HIPAA compliant therapy patient referrals

1. Minimum necessary standard

When making referrals, therapists must adhere to the minimum necessary standard, which stipulates that only relevant and essential protected health information (PHI) should be shared. This means disclosing the minimum amount of information required for the referral purpose. By limiting the disclosure of PHI, therapists protect their patients' privacy and reduce the risk of unauthorized access to sensitive information.

For example, if referring a patient to another therapist, only share the information directly related to the referral. Consider the purpose of the referral, the specific information required, and the potential risks associated with sharing unnecessary details.


2. Authorization and informed consent

Obtain written authorization from patients which clearly outlines the purpose of the disclosure, the information to be shared, the parties involved, and the patient's signature. This process ensures that patients are informed about the referral and have the opportunity to provide explicit consent.

Therapists should develop a standardized authorization form that includes all necessary elements and ensure that patients understand the purpose and implications of the referral. Remember to document patient consent to demonstrate compliance with HIPAA regulations.


3. Secure communication

Use secure communication methods to protect PHI's confidentiality when sharing information with other therapists or healthcare providers. 

Email is a common communication channel between professionals. It must be HIPAA compliant to ensure the secure transmission of sensitive information. Educate staff members about the importance of secure communication and provide training on the proper use of HIPAA compliant email or other secure methods. 

RelatedHow to send HIPAA compliant emails


4. Business associate agreement (BAA)

Therapists often collaborate with third-party service providers, such as referral services or administrative support. When sharing PHI with these entities, you must have a signed business associate agreement (BAA) in place. 

By entering into a BAA, therapists establish a legal framework that holds the service provider accountable for protecting patient information and maintaining HIPAA compliance. The BAA should clearly define the roles and responsibilities of each party, including the permitted uses and disclosures of PHI, requirements for reporting breaches, and provisions for terminating the agreement if necessary. 


5. Privacy policies and procedures

Therapy practices must develop and implement clear policies that outline the steps to ensure HIPAA compliance during patient referrals. These policies should cover topics such as authorization and informed consent, secure communication protocols, handling of patient information by staff members, business associate relationships, and the de-identification or aggregation of data.

RelatedHow to create HIPAA compliance policies for a mental health practice 


Benefits of HIPAA compliance in patient referrals

  • Patient privacy and trust: Patients are more likely to trust therapists who prioritize the security of their personal health information. This trust forms the foundation of a strong therapeutic relationship, fostering open communication and enhancing the effectiveness of treatment.
  • Legal compliance and risk mitigation: HIPAA compliance ensures that therapists fulfill their legal obligations in protecting patient health information. By following the guidelines, therapists reduce the risk of data breaches, unauthorized disclosures, and potential legal consequences. 
  • Professional reputation and attracting clients: Privacy protection is a significant concern for individuals seeking therapy, and by showcasing a commitment to HIPAA compliance, therapists can attract and retain clients who value their privacy.


Therapists must remain HIPAA compliant when making patient referrals. Following these guidelines will help therapists promote patient trust, protect sensitive information, and maintain the highest standards of privacy and confidentiality in therapy patient referrals.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.