Connect

HIPAA Compliance

Last updated: January 2025

Our Commitment to Privacy

Connect by Therapy Space takes the privacy and security of health information seriously. While we are a directory service and not a healthcare provider, we have implemented measures to protect any sensitive information that passes through our platform.

We Don't Store Patient Health Information

Our approach to HIPAA compliance is simple: we minimize the health information we handle.

  • We do not store patient health information (PHI) on our servers
  • Contact form messages are transmitted directly to therapists and not retained
  • We do not maintain patient records, treatment notes, or health histories
  • We do not have access to any communications between you and your therapist after initial contact

HIPAA-Compliant Email Transmission

When you use our contact form to reach out to a therapist, your message is transmitted using Paubox, a HIPAA-compliant email service. Paubox provides:

  • Encryption: All emails are encrypted in transit and at rest
  • No Portal Required: Recipients receive encrypted emails directly in their inbox without needing to log into a separate portal
  • BAA Coverage: Paubox maintains Business Associate Agreements (BAAs) as required by HIPAA
  • HITRUST Certified: Paubox is HITRUST CSF certified, meeting rigorous healthcare security standards

Online Booking

Some therapist profiles include a "Book Appointment" button. When you click this button, you are directed to the therapist's scheduling system (such as SimplePractice, IntakeQ, Calendly, Jane, or another platform). These are typically HIPAA-compliant practice management platforms used by the individual therapist.

  • Any information you enter in the booking window goes directly to that scheduling platform and the therapist
  • Connect by Therapy Space does not receive, store, or have access to your booking information
  • Each scheduling platform maintains its own compliance and agreements with therapists

What This Means for You

For Individuals Seeking Therapy:

When you contact a therapist through our site, your message is securely delivered to them via encrypted email. We do not read, store, or have ongoing access to your communications. Once you begin working with a therapist, all further communications and treatment records are managed directly by that therapist under their own HIPAA obligations.

For Therapists:

Lead inquiries arrive in your inbox via Paubox encrypted email. You maintain full control over client communications and records. As an independent practitioner, you are responsible for your own HIPAA compliance in your practice.

Security Measures

In addition to HIPAA-compliant email, we employ the following security measures:

  • HTTPS encryption on all pages
  • Secure authentication for therapist accounts
  • Regular security updates and monitoring
  • Limited data collection (we only collect what's necessary to operate the directory)
  • No third-party analytics or advertising trackers

Independent Therapist Responsibility

Each therapist listed on Connect by Therapy Space is an independent practitioner responsible for their own HIPAA compliance. This includes maintaining appropriate safeguards for patient records, obtaining necessary authorizations, and fulfilling all requirements under HIPAA and applicable state laws.

Questions?

If you have questions about our privacy and security practices, please contact us at connect@therapyspace.org.