Is Online Therapy Secure and Confidential?

Author Amanda Caswell
Updated on May 19, 2024

It’s not always easy to decide to engage in mental health treatment. Yet for many, it is a choice that has transformed or even saved their lives. While the traditional, in-office, model for therapy is still the default option people think of when deciding to seek help, online therapy is proving to be an increasingly popular and effective option for those seeking to overcome personal obstacles through the support of a licensed therapist.

Security of Online Therapy Platforms

Topics that have been traditionally discussed in person are now addressed via video conferencing over computers and mobile apps. As long as you have Internet access, you can connect with a professional therapist from the comfort and safety of your home.

But while convenience, effectiveness, and affordability are obvious reasons why someone may opt for online therapy, many are deterred. Questions about the security and confidentiality of personal information can stand in the way of engaging with therapists online. If you find yourself hesitant to try out virtual therapy because you are worried about your privacy, keep reading to understand the risks.

All Platforms Must Comply With Federal Guidelines

Just as you fill out paperwork when you get to your doctor’s office for the first time, you can expect the same when you begin online therapy. Before treatment, you will need to complete paperwork that includes highly personal and private information such as medical history and current medications.

Rest assured that all healthcare providers, including licensed online therapists, are legally bound to abide by stringent guidelines determined by federal laws. You may be familiar with these government laws created under the Health Insurance Portability and Accountability Act, commonly known as HIPAA laws.

In addition, there are also state-level policies and laws applied to guarantee your information stays safe and your privacy remains protected. If you have any questions about an online platform’s privacy guidelines, go the extra mile to review their standards. Always be sure to check that an online therapy platform is HIPAA-compliant before signing up. You may also want to ask about their record-keeping practices to put your mind at ease.

Therapy Platforms Versus Videoconferencing Tools

Many people choose to sign up for therapy platforms such as Talkspace and BetterHelp. For these companies, security is of the utmost importance, so they work to ensure they are adhering to the latest encryption standards that are HIPAA compliant.

But what if you work with a private therapist and want to hold some, or all of your sessions online? Some providers use platforms designed specifically for therapy and are therefore also serious about security and HIPAA compliance. Others will just have you log onto Zoom or Skype. While videoconferencing tools like these are generally known to be secured and encrypted, they are not necessarily HIPAA compliant.

Zoom is HIPAA compliant, though your provider would have to enter into a Business Associate Agreement (BAA) with them before being allowed to use it for sessions. While many healthcare providers have signed these agreements with Zoom, it should not be assumed that yours has as well. It’s best to speak with them about HIPAA compliance and how they handle your privacy in general before attending your first virtual session.

If your provider uses Skype, you should be aware that the free version is technically not HIPAA compliant. Skype for Business does have the required safeguards to be HIPAA compliant, however, only if the Enterprise E3 or E5 package is purchased. If your therapist does not volunteer that their version of Skype is compliant, be sure to ask.

Duty to Protect

Although a therapist is obligated to protect each patient’s confidentiality, it’s important to note that there are exceptions to this rule. This is known as the Duty to Protect law. A therapist, whether conducting sessions in-person or online, may have a responsibility to warn or disclose information to third parties if they feel their client poses dangers to themselves or to others (duty to warn).

A concern regarding child abuse would be an example of this. Due to the remote nature of online therapy, it may be tough for the therapist to meet this ethical obligation. Not knowing a client’s exact geographic location or even their real name are just a few reasons this can be difficult.

Engaging in Standard Online Safety Practices

As a general principle, it’s wise to be cautious of security threats when it comes to all your online activity. Engaging in online therapy is certainly no exception.

Most leading online therapy platforms encrypt all communication to ensure your data is protected against cyber-attacks. But as with anything done online, therapists and patients should be aware of possible security threats to private information and data. These may include phishing schemes, computer viruses, hackers, unsecured software, inadequate security systems, unsecured Wi-Fi, device theft, and scams. Scary as these may sound, keep in mind that even a therapist conducting in-person therapy will likely log session information online, and that information may also be hacked with these same methods.

Tip for Securing Your Information

Be sure to choose a unique password for your online therapy platform. Keep your password safe and never share it. When logging on for each therapy session, be sure to use a secure wireless network and always take your session in a private, non-public location. Although online therapy makes it easy to talk to a therapist from anywhere in the world, venues such as a busy coffee shop, noisy office, or crowded shopping area are not ideal. A private location away from other people is always preferable.

Just as you would with an in-person therapist, at any time during your treatment you may discuss privacy guidelines with your online therapist. Regardless of how long you have been a client, you can always make sure they are upholding policies and procedures. If at any time you decide to end treatment, discuss with your provider how they will safely and securely destroy private information and data when appropriate.

Malicious online activity could target both patients and therapists at any time, but cyber security experts and software engineers are working hard every day to control and prevent it. They are equipped to productively combat malicious objectives and work closely with online therapy platforms and videoconferencing companies to make cybersecurity awareness, security, and prevention best practices a part of their culture. When deciding on a platform, check out their FAQ section to see for yourself how your safety and privacy stay protected.

In Summary

If you’re seeking out an online solution for improving your mental health, don’t let your fears about privacy stop you. Many platforms feature the newest and highest-grade encryption services to ensure you feel safe to communicate openly and enjoy the convenience of engaging in online sessions. Feeling secure is just a matter of asking your provider a few direct questions so you know you can trust them with your confidential information.


Author Amanda Caswell

Amanda is a wellness writer & enthusiast with over 12 years experience writing in the industry. She has a bachelors degree in Creative Writing from NYU. She is certified by the American College of Sports Medicine and the American School of Nutrition & Personal Training. Amanda is also a celebrity publicist.