Is Therap Services HIPAA compliant? (2025 update)

Therap Services is a web-based service organization that provides an integrated software solution for documentation, reporting, and communication needs in the context of agencies and companies supporting people receiving long-term services and support. It enables healthcare professionals and organizations to manage patient health information (PHI) securely while ensuring compliance with laws such as HIPAA.

With Therap Services, organizations can efficiently manage patient records, facilitate data reporting, and maintain compliance with regulatory standards.

Is Therap Services HIPAA compliant? Yes, based on our research, Therap Services can be HIPAA compliant. However, organizations should perform their due diligence to ensure compliance in their specific use cases.

Will Therap Services sign a business associate agreement (BAA)?

Yes, Therap Services will sign a business associate agreement, which is included within their 41-page End User Legal Agreement. The BAA language starts on page 3 and continues throughout the service agreement. Read more here.

What does the Therap Services BAA cover?

The Therap Services BAA outlines the responsibilities of Therap Services when handling PHI and includes several provisions:

• Protection of PHI: Therap Services ensures that PHI is handled securely and in compliance with HIPAA regulations.
• Notification of security incidents: The company has protocols to notify covered entities of any security incidents involving PHI.
• Access by HHS requests: Therap Services complies with requests from the U.S. Department of Health and Human Services (HHS) to review compliance.
• Individual Right of Access requests: Patients can request access to their health records through Therap Services.
• Return of PHI: Upon contract termination, Therap Services ensures the return or proper disposal of PHI.
  
  

What does the Therap Services BAA exclude?

While Therap Services provides a HIPAA-compliant environment, organizations should carefully review their specific use cases and security needs. The company does not explicitly mention support for medical images or direct patient communications, which may require additional compliance measures.

Conclusion

Therap Services signs a BAA and is therefore HIPAA compliant. However, organizations should carefully evaluate their use case requirements to ensure full compliance with HIPAA regulations.

Related: HIPAA Compliant Email: The Definitive Guide

FAQs

What is a business associate agreement?

A BAA is a legally binding contract establishing a relationship between a covered entity under HIPAA and its business associates. The purpose of this agreement is to ensure the proper protection of PHI as required by HIPAA regulations.

What is HIPAA?

HIPAA sets national standards for protecting the privacy and security of certain health information, known as PHI.

HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.