Resources for Practitioners


Safe Practice: Embrace HIPAA Compliance

By Mary Ann Mace

If there is one constant in life, it is change. A changing landscape seems to have been the recurring theme of this year and we have all had to adapt. From embracing new ways of defining an energy practice to managing new procedures. There is, however, one area of practice management that should always remain a part of your business procedures: HIPAA (Health Insurance and Portability and Accountability Act) compliance. Many of you who have an energy practice are already familiar with the responsibilities that come with keeping your business compliant. HIPAA stands out as the government sanctioned metric for healthcare practitioners to follow. Simply, the act requires professionals in the health field to maintain the privacy and security of patients’ Protected Healthcare Information (PHI).

Who Needs to be HIPAA Compliant?

In its guidelines, HIPAA identifies the regulated businesses or “covered entities,” which must adhere to the act’s required policies. Covered entities typically refer to health care professionals and health care corporations. Energy healers, who are licensed healthcare professionals, work within their scope of practice and are also considered covered entities, and as such, must protect their clients’ confidential healthcare information including the personal information on an intake form. As an energy practitioner, you will need to be HIPAA compliant if you respond “yes” to any of the following:

  • You maintain session notes for each client
  • You require intake forms from each client
  • You have client communications containing confidential information
  • ​You have liability or malpractice insurance coverage in case client files are subpoenaed

If you get the feeling that HIPAA is a little vague with its definition of “covered entity” and you are not sure whether the law applies to you, it is always smart to take the HIPAA path regarding the handling of private information. Remember, you are a guardian of your client’s confidential records, not the owner, and respect for the privacy of your clients takes precedence.

Practitioners who are unlicensed energy healers and do not practice in a regulated profession, do not need to adhere to HIPAA standards. A few states, including California and New Mexico, have healthcare freedom laws and as a result, are not explicit about HIPAA compliance. In cases like this, a practitioner can decide what to do, however; conducting yourself like a licensed practitioner and maintaining HIPAA compliance would be a wise decision.

HIPAA Guidelines

Following the guidelines set up by HIPAA is not difficult, but it does require diligence by a practitioner to ensure the required procedures are in place and kept current. If keeping on top of the administrative details demanded by HIPAA does not come naturally to you and your client records are rudimentary at best, then make today your first step towards thorough HIPAA compliance. Let go of the old routines that might keep you from fully embracing HIPAA. As with any new habit, give yourself at least one week until new procedures become routine for you. It will not take long until you have accustomed yourself to the recordkeeping that is required and compliance becomes second nature to you.

If you are wondering how much effort and time HIPAA requires from you, the guidelines and forms are not complicated nor time-consuming — if you are prepared. Adopt a new attitude about HIPAA documentation. Do not think of it as a chore but as a way to develop a deeper relationship with your clients. Plus, HIPAA compliance can be a good marketing resource for you. It is all in your attitude and the steps you take with your existing clients and prospects in becoming HIPAA compliant. Here is how you start.

Collect the Right Information

Data collected for HIPAA can be summarized as information that is collected which can be used to identify the client. So what information do you collect and is regulated by HIPAA?

  • Name
  • ​Residence
  • ​Telephone & FAX Numbers
  • ​Social Security
  • ​Email addresses
  • ​Doctor names & contact
  • ​Prescriptions
  • ​Medical procedures/surgeries
  • ​Medical record history
  • ​Medical record dates
  • ​Medical record dates

Most energy practitioners already have a client intake form which serves as a primary source of information. If you are collecting this kind of information, then it needs to follow HIPAA guidelines. On its website, Energy Medicine Professional Association has a sample intake form which can be a helpful resource for you to ensure you have a comprehensive form.

Develop Client Relationship

When you first present the forms to complete, instead of looking at the documents as a nuisance for clients to complete, see it as a way to develop a relationship. Rather than throw a pile of paperwork at your client, sit down to discuss the forms and explain the importance of them. By making the time and effort to explain and rationalize the required information, you are showing your interest in the client’s wellbeing. If the client is new to your practice, imagine the positive impression that you make with this effort on your part.

This personal approach to the intake form can be used as a conversation starter for deeper understanding about your client. You can read the information anytime, but an opportunity to have more personal insight about your client is an opportunity to seize. As the client completes the form, ask meaningful follow-up questions to help you further understand the needs and motivation for treatment. This is your time to clarify any missing information or ambiguity over personal details.

You do not want to confuse the client intake form with the informed consent. To simplify things, you could consolidate these two forms, but it might be a better idea to keep them separate. In doing this, your client would have a clear understanding of the role of the informed consent form. Rather than focus on the client, informed consent addresses scope of practice and practitioner credentials including:

  • ​Credentials and areas of expertise (scope of practice)
  • ​Descriptions of the treatment
  • ​Benefits and limitation of treatment
  • ​Explanation of what a client could expect
  • ​Fees and cancellation policy
  • ​Insurance
  • ​Confidentiality and privacy statement

In having captured contact data about your client and succinctly communicated your expertise in a scope of practice, you have also aided your marketing efforts. The email addresses that you collect from intake forms can be the point of contact for newsletters or offers that you announce to clients. You can segment clients based on the type of treatment they receive and use the specifics to customize client communications. In describing your scope of practice, use the information as bullet points or a statement to clients on your website, brochure or newsletter.

NOTE: It is always a good idea to have an opt-in check box on your forms giving you the permission to send emails to your clients.

Keep Documents Safe

Now that you have HIPAA compliant forms and informed consent personally signed from your clients, what do you do with them? Tuck them away in a folder and a desk drawer? Not quite. Part of HIPAA includes standards about the storage and handling of client records to protect privacy. While you must comply with HIPAA, you do have some flexibility in file management. You can devise your own privacy procedures which fit the size and needs of your practice. Creating a recordkeeping protocol to safeguard documents could entail filing documents in a locked cabinet or locked office space. You might be the only one who handles the records or if you are a small practice, you could delegate the responsibility to an assistant or office manager. The issue is maintaining confidentiality and privacy.

HIPAA and Remote Sessions

More practitioners are conducting remote sessions due to the mandated restrictions in our COVID-19 environment. This has placed some energy healers in a situation where they must quickly adapt to a virtual platform and entails many changes to business protocols. As a result, the confidential nature of healing work requires practitioners to shift to a HIPAA-compliant video conferencing tool that does not restrict a practitioner’s ability to treat clients.

While there are numerous web conference services, identifying appropriate software can be a challenge. To simplify that process, here are some of the qualities a compliant web conferencing tool should have:

  • ​Make sure they offer a Business Associate Agreements (BAA)
  • ​Check whether they offer end-to-end encryption and which encryption standard they use
  • ​Ask whether the calls are routed through a server or peer-to-peer
  • ​Inquire as to their access control as well as audit control standards
  • ​Read reviews and testimonials from other healthcare industry professionals that have used their software
  • ​Find out what safeguards they have in place


Do not limit yourself to thinking that having compliant technology fulfills your HIPAA obligation. Remaining in compliance is an ongoing commitment, so you need to remain vigilant with your client privacy management.

Here are several well-known HIPAA secure video conferencing platforms that could be a good fit for your needs:

Zoom is a video conferencing platform with separate products tailored to different industries. Its telehealth solution is HIPAA compliant and promises to deliver consistently high-quality video, regardless of bandwidth, with software that integrates smoothly into the technology and workflow of health professionals. Cost: $200 per month casts itself as an easy-to-use, secure telemedicine tool that is available on any device without requiring a download. Its free version is fully functional, HIPAA compliant and includes a Business Associate Agreement (BAA) at no charge. Provider features include a live chat, patient queue—with which you can personalize with texts and videos for patients to enjoy—and patient check in. Cost: Free Two premium versions available $35 - $50 per month

thera-LINK describes itself as a HIPAA-secure video platform created by therapists for therapists. In addition to useful features such as payment processing, custom waiting rooms and patient self-scheduling, thera-LINK’s Plus and Ultimate plans offer a public listing for consumers who are looking for a telepsychology provider. Cost: $30 - $65 per month

With Telehealth by SimplePractice, you get a fully integrated video solution. Your calendar, notes, billing and client communication are combined in one system that also allows you to schedule and conduct unlimited sessions with the click of a button. Cost: $39.00 per month

Final Thoughts

By adhering to HIPAA standards in the retention and storage of client records, you satisfy compliance regulations, but you have also accomplished something even greater — trust from your client. Knowing the confidentiality of their personal information is respected by their Energy Medicine practitioner leads to creating a strong bond. By knowing their practitioner must adhere to specific standards give clients a sense of control over their personal information. While it might not seem obvious, the efforts you put into being a HIPAA compliant practice exceeds its mission of mandated recordkeeping. It carries over into creating a relationship of respect and appreciation between you and your client. Wouldn’t you agree this is worth your time and effort?

Disclaimer: This article is provided for educational purposes only and is not legal advice or opinion. This general information is meant to raise questions, educate, create discussion and dialogue around the ethical and legal issues of teaching, learning, studying or practicing alternative and complementary energy healing modalities. You are advised to seek an attorney for any of your professional legal issues, concerns or needs.

New Year - New Horizons

Discover a fresh start and new possibilities in the New Year! This transformative article offers essential insights and a comprehensive checklist for business owners to plan, organize, and achieve success. Embrace hope, reflect, and thrive!

Risk Management Tips to Enhance Practice Credibility

Your Energy Medicine practice is a reflection of yourself, and you probably have many wonderful ways to describe what you do. Yet, how do you take that positive perspective and apply it to the way you market your practice, while remaining within legal boundaries?

Here Are A Few Recent Resources



Safe Practice

Practice Growth