Article Updated: July 11, 2026

How to Get HIPAA Certified as a Counselor

A counselor gets HIPAA certified by enrolling in an accredited HIPAA training course built for behavioral health practice, completing all mandatory modules covering the Privacy Rule, the Security Rule, and the Breach Notification Rule, passing the required assessments, and receiving a certificate of completion that serves as documented evidence of training for workforce records, onboarding files, and regulatory review. HIPAA certification for counselors is not a government-issued license and does not require approval from a federal agency; it is issued by accredited training providers whose courses satisfy the workforce training standards set out at 45 CFR 164.530(b) under the Privacy Rule and at 45 CFR 164.308(a)(5) under the Security Rule. Counselors who complete a course tailored to the compliance environment of behavioral health practice receive instruction that a general HIPAA certification course does not provide, including how the Privacy Rule’s heightened protections for psychotherapy notes apply in practice, when overlapping federal confidentiality frameworks restrict disclosures beyond the HIPAA baseline, and how to handle the disclosure decisions that arise in counseling settings where multiple clients or treatment relationships are involved.

HIPAA Rules Counselors Must Be Trained On

The Privacy Rule governs permissible uses and disclosures of protected health information, establishes the minimum necessary standard, and gives clients enforceable rights over their records. In counseling practice, the Privacy Rule also provides separate and stricter protection for psychotherapy notes, which may not be disclosed in most circumstances without explicit written authorization from the client, even where standard clinical records could be released without that step. The Security Rule requires covered entities to train all workforce members who access systems storing or transmitting electronic PHI on security awareness topics including device security, credential management, email protocols, and incident recognition and reporting. The Breach Notification Rule requires the covered entity to notify affected clients, the Department of Health and Human Services, and in cases involving 500 or more individuals the local media, when unsecured PHI is involved in an impermissible disclosure, access, or loss. A HIPAA certification course for counselors covers all three frameworks and applies them to the types of decisions, documentation practices, and communication scenarios that counselors encounter in their day-to-day work.

Choosing a Counselor-Specific HIPAA Certification Course

Counselors who complete a general HIPAA certification course designed for broad healthcare audiences receive instruction on the rules as they apply across all covered entity types but do not receive guidance on the compliance scenarios that distinguish counseling from other care settings. A counselor working with clients who have substance use disorders must understand when 42 CFR Part 2 applies and requires stricter consent conditions than HIPAA alone. A counselor working with minors must understand how state minor consent laws affect parental access to records under HIPAA, and how to respond when a parent requests records that the minor authorized independently. A counselor who conducts couples, family, or group sessions must understand how PHI from one participant in a shared session may need to be protected from others present in that same therapeutic relationship. None of these scenarios is addressed in standard HIPAA certification training, and a counselor who has completed only general training carries gaps in compliance knowledge that apply directly to routine practice.

HIPAA Training for Therapists and Counselors from The HIPAA Journal

HIPAA Training for Therapists and Counselors is an accredited certification course from The HIPAA Journal designed for licensed professional counselors, licensed clinical social workers, substance use disorder counselors, marriage and family therapists, and the administrative and billing staff who support those practices. Section One covers the mandatory Privacy Rule, Security Rule, and Breach Notification Rule content through modules that use behavioral health scenarios rather than general clinical examples, and includes instruction on the federal confidentiality frameworks that apply alongside HIPAA in specific treatment contexts, including 42 CFR Part 2, Title X, and the Family Violence Prevention and Services Act. Section Two provides additional modules on the compliance risks of generative AI tools in clinical documentation, the rules governing staff use of social media in connection with counseling practice, and the consequences of HIPAA violations for individual workforce members. Assessments use randomized questions drawn from a pool of over 600 items, ensuring that each learner demonstrates substantive understanding before a certificate is issued. The course awards an accredited certificate carrying 5.0 continuing education units from the Compliance Certification Board on completion of all mandatory modules and assessments, and the certificate records the learner’s name, the course title, and the date of completion.

HIPAA Certification for Counselors Online

The HIPAA Training for Therapists and Counselors course is delivered entirely online through a web-based learning management system that counselors and their staff can access from any internet-connected device, including mobile phones, tablets, and desktop computers. The format is self-paced, allowing counselors to complete the certification around client appointment schedules without requiring dedicated time away from practice. Learners may pause and resume the course between sessions and may retake module assessments until a passing score is achieved, with no limit on retakes. Closed captions and variable playback speed are available to support different learning requirements. The certificate of completion is issued automatically once all required modules and assessments are finished and can be downloaded immediately for inclusion in personnel files, onboarding records, and compliance documentation. HIPAA requires covered entities to retain workforce training records for six years, and a dated certificate from an accredited course satisfies that standard. For counseling practices purchasing five or more seats, an administrator dashboard provides real-time visibility into individual learner progress and completion status, with exportable reports that support OCR audit readiness and internal compliance review.

Author: PJ Murray

PJ Murray is the founder and publisher of The HIPAA Journal. He has more than 10 years of experience writing about HIPAA, healthcare compliance, patient privacy, and the protection of medical records. Through The HIPAA Journal, PJ helps healthcare organizations, business associates, and their employees better understand HIPAA regulations, reduce compliance risks, and strengthen the safeguards used to protect patient information.

PJ has a background in software development, holds an engineering degree, and specializes in the cybersecurity aspects of HIPAA compliance, including data security, medical record protection, and workforce training. He has also played a leading role in the development and launch of The HIPAA Journal Training, which provides HIPAA and cybersecurity training for healthcare organizations, business associates, students, and healthcare-related workforces.

PJ's work focuses on making complex regulatory and technical requirements easier for healthcare professionals and organizations to understand and apply in practice.
Connect on LinkedIn.