GoodTherapy.org is committed to ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA). To that end, we wish to clarify and reaffirm certain aspects of how GoodTherapy.org is compliant.
Personally Identifiable Health Information Is Protected
All personally identifiable health information about potential clients, clients, and other users must be kept off of any domain associated with GoodTherapy.org. If a Member or Facility listed on GoodTherapy.org obtains identifiable health information in connection with GoodTherapy.org services, it must be kept in accordance with HIPAA mandates, and the Member or Facility is solely responsible for ensuring this information is kept in compliance with HIPAA, including keeping that information encrypted or undertaking other security measures such as backups, disposal, storage, transmission, and integrity.
Since GoodTherapy.org itself bans personally identifiable health information and does not provide any health care services itself, Members and Facilities are not Business Associates under HIPAA and therefore any such agreements are not necessary. Instead, Members must comply with the Terms of Service for Members and Terms of Service and Use Agreement of GoodTherapy.org and comply with the strictures of HIPAA, HITECH, the Omnibus HIPAA requirements, and any other applicable federal, state, or local law, rule, or regulation that applies to the storage, handling, transmission, or other aspects of personally identifiable health information, especially in a medical or treatment context. Likewise, Facilities must comply with the Terms of Service for Facilities and Terms of Service and Use Agreement of GoodTherapy.org and comply with the strictures of HIPAA, HITECH, the Omnibus HIPAA requirements, and any other applicable federal, state, or local law, rule, or regulation that applies to the storage, handling, transmission, or other aspects of personally identifiable health information, especially in a medical or treatment context. GoodTherapy.org does not and will not verify that Members and Facilities are in compliance with these rules and regulations because Members and Facilities are not employed or contracted by GoodTherapy.org and operate outside of GoodTherapy.org’s control.
Finally, Members and Facilities agree that they will not link GoodTherapy.org with any personally identifiable health information, treatment information, or other data from potential or actual clients. Any information related to the provisioning of medical services shall be strictly kept off of GoodTherapy.org.
Members and Facilities Do Not Provide Medical Services on or through GoodTherapy.org
While Members and Facilities advertise on GoodTherapy.org and may discuss treatment or medical issues on GoodTherapy.org, specific treatment is prohibited. Therefore, Members and Facilities may only provide medical treatment out of their own offices, on their digital platforms, or through any other method that does not involve GoodTherapy.org.
Members and Facilties may use GoodTherapy.org to advertise and thus obtain messages, both voice and email, from potential clients. The information Members and Facilities provide must not be able to be correlated to personally identifiable information except by the provider of the services themselves. That provider must, therefore, comply with HIPAA and other regulations and rules.