Share post:
TABLE OF CONTENTS
See Virtru In Action
Share post:
Mental health professionals handle some of the most sensitive information imaginable. Every email to a client about appointment scheduling, every intake form, every treatment update contains protected health information (PHI) that must be secured under HIPAA regulations.
Yet many therapists still rely on standard, free email platforms, unaware that these services don't provide adequate protection for PHI. The consequences of a HIPAA violation can be severe: fines ranging from $100 to $50,000 per violation, damage to your professional reputation, and most importantly, a breach of trust with the clients who depend on you.
The good news: HIPAA compliant email for therapists doesn't have to be complicated or expensive. In fact, the right solution should be so seamless that it enhances—rather than disrupts—your workflow.
Real-World Success: How One Counseling Practice Solved Their Email Security Challenge
Lance Clark, founder and director of Clark Christian Counseling in Cary, North Carolina, faced the same challenge many therapists encounter when starting or growing a practice. As a licensed clinical mental health counselor who transitioned from engineering to counseling as a second career, Lance found himself overwhelmed by HIPAA requirements.
"I was looking for something that was going to be easy to use for the consumer, easy to use for me as the chief administrator of the practice, and would meet all HIPAA compliance concerns without me needing to become masterfully expert and versed and hyper-vigilant constantly in meeting all those criteria," Lance explains.
His practice, which has grown from a solo operation to a team of five counselors and interns, needed a therapist secure email solution that could:
- Integrate seamlessly with existing workflows
- Require minimal technical expertise to manage
- Provide ironclad HIPAA compliance
- Be simple enough for clients of all ages and tech-comfort levels to use
After researching multiple options, Lance chose Virtru—and hasn't looked back. Watch the video to hear his story.
Why Email Is the Backbone of Modern Therapy Practice
Before diving into the solution, it's important to understand why email security is so critical for therapists. Lance's practice illustrates how central email communication has become to delivering quality mental health care:
Real-Time Crisis Management
"If there's an emergent or an urgent need that a client has, which happens more often than you might think, I get an email that I can then push out to my staff to help cover the need while I'm still engaged with the person in front of me," Lance notes.
When you're in session with one client and another is experiencing a crisis, secure email allows you to coordinate care without compromising either client's treatment.
Documentation and Recordkeeping
Email provides a permanent record of client communications—essential for both clinical and legal reasons. Whether you're documenting appointment changes, treatment decisions, or referrals to other providers, having a secure, searchable email trail protects both you and your clients.
Client Engagement Between Sessions
Modern therapy often extends beyond the weekly 50-minute session. Secure email allows clients to reach out when they're struggling, share insights from their week, or ask clarifying questions about their treatment plan—all while maintaining complete confidentiality.
Practice Management
From onboarding new clients to coordinating with your administrative staff, email keeps your practice running smoothly. But only if it's secure.
The Virtru Solution: HIPAA Email for Therapists That Actually Works
Seamless Integration with Microsoft Outlook and Gmail
One of Virtru's standout features is that it doesn't require you to learn a completely new email system. For therapists using Microsoft Outlook, Virtru offers a plug-in that integrates directly into your existing email interface.
"I didn't want a learning curve. I didn't want new software," Lance explains. "I wanted to just go as a one-man show for a lot of years. I needed something that wouldn't get in my way, but would fit in the flow of how my brain already thinks, the way I already work."
Virtru also integrates with Gmail, making it accessible regardless of which major email platform you prefer. The encryption happens automatically—you don't need to remember to turn it on or navigate to a separate portal.
Mobile Access for Your Team
Your staff can access Virtru's secure email through a mobile app, making it easy to stay connected while maintaining HIPAA compliance. This is particularly important for practices with multiple locations or therapists who work remotely.
"My staff liked it because there's a Virtru app that they can use on their phone," Lance shares. "I like to email most everything in my practice, both with clients and with my staff."
Client-Friendly Experience
One of the biggest concerns therapists have about encrypted email is whether their clients will be able to use it. After all, if a client in crisis can't figure out how to read your secure message, what's the point?
Lance reports that client feedback has been "remarkable":
"The ease of use for them is a two-step verification process, which normally goes off without a hitch. And then there's a one-click feature that you guys have implemented that for the elderly demographic that we serve, I've found very beneficial. They can use that feature because a lot of times the two-step thing could get confusing for them."
This flexibility is crucial. Virtru allows therapists to adjust security settings based on each client's technical comfort level while maintaining full HIPAA compliance.
The Trust Factor
Beyond the technical features, Lance notes that using HIPAA compliant email actually helps build therapeutic trust from the very first interaction:
"I think it leaves an immediate impression up front because a lot of times clients have been so used to interacting with other healthcare providers who don't do HIPAA-compliant things. For me to take them and their information seriously communicates that I expect them to take themselves seriously. I'm sort of modeling how to esteem them just through using something like Virtru."
In the mental health field, where many clients struggle with shame and feelings of unworthiness, this sends a powerful message: You and your information matter. I take your privacy seriously.
Critical HIPAA Features for Therapists
Email Revocation: Your Safety Net
We're all human. We click send too early, attach the wrong file, or send an email to the wrong person. In therapy practice, these simple mistakes can become HIPAA violations with serious consequences.
Virtru's email revocation feature has been Lance's "single greatest feature":
"The moment that I become aware of an error, I'm able to go into the plug-in in Outlook and simply hit the revoke button. And it's that simple. They lose access to being able to read it even if they've read it once."
How to revoke an email in Outlook
This gives you a crucial layer of protection. If you realize you've sent John's treatment summary to Jane, you can revoke access immediately—even if the email has already been delivered.
Another Virtru customer explains why this is such a big deal for HIPAA compliance. The Chief Compliance Officer at Total HIPAA, Jason Karn, put it like this:
Just having data encrypted point-to-point doesn't solve the problem. It's just one issue, but if that's all it took, then Gmail, Google Workspace, and Office 365 would be sufficient. The real issue is, "What do you do when you send PHI to the wrong person?" We have people with multiple ‘Johns’ in their contact list — they may send it to the wrong John. We had a client going through a major breach because of social engineering: Someone spoofed a member of upper management, and an employee sent out a file with names and PHI. It became a real issue — we had to report it as a breach to The Department of Health and Human Services. If they’d had Virtru, they could have just denied access to the email and this entire crisis could have been averted. The impact would have been limited, it would have had tracking, and they could have changed the access controls. Now, the horse is out of the barn. The barn is on fire. It’s, "What do we do now?"
End-to-End Encryption
With Virtru, your emails are end-to-end encrypted from the moment you hit send until the moment your client opens them. Unlike standard email, which travels through multiple servers in plain text, Virtru ensures that no one—not even Virtru or your email provider—can read your messages except you and your intended recipient.
This "zero-trust" approach to data security means your clients' PHI is protected at all times, not stored on vulnerable cloud servers where it could be exposed in a data breach.
Business Associate Agreement (BAA)
To be HIPAA compliant, therapists must have a Business Associate Agreement with any vendor that handles PHI. Virtru provides this documentation, ensuring you have the proper legal protections in place.
Beyond Email: Virtru Secure Share for New Client Paperwork Intake
While secure email solves many communication challenges, therapists face another common security headache: collecting intake paperwork from new clients.
Traditionally, this has meant:
- Mailing paper forms (slow and inefficient)
- Using unencrypted email attachments (HIPAA violation)
- Asking clients to fill out forms in your waiting room (privacy concerns and time-consuming)
- Using expensive, clunky "all-in-one" practice management systems
How Virtru Secure Share Works
Virtru Secure Share allows therapists to create a secure link that can be embedded directly on their website. Here's how it works:
- You create a Secure Share link for new client intake paperwork
- Embed the link on your website (on your "New Clients" page, for example)
- Clients click the link and are directed to a secure portal
- They upload completed forms, insurance cards, and other documents through an encrypted platform
- You receive a notification and can access the documents through your Virtru dashboard
- The client maintains control and can revoke or change access permissions at any time.
Real-World Applications for Therapists
Scenario 1: New Client Onboarding
After your initial phone consultation with a potential client, you can send them a Secure Share link via email. They can upload their intake questionnaire, insurance information, and any relevant medical records before your first session—giving you time to review their case and prepare.
Scenario 2: Assessments and Screening Tools
If you use standardized assessment tools (PHQ-9, GAD-7, etc.), clients can complete them at home and upload them securely rather than spending valuable session time on paperwork.
Scenario 3: Collaboration with Other Providers
When you need records from a client's psychiatrist, primary care physician, or previous therapist, you can send a Secure Share link directly to that provider. They can upload documents securely without needing to sign up for any new platforms.
Scenario 4: Group Practice Efficiency
For group practices, Secure Share can be embedded on each therapist's bio page on your website, with uploads automatically routed to the correct clinician. This eliminates administrative bottlenecks and ensures paperwork doesn't get lost.
Why This Matters for Your Practice
Lance Clark emphasizes the importance of limiting data stored on third-party cloud servers:
"My concern with cloud-based systems is that there's data stored somewhere that somebody else has access to. My clients are not at risk because of what I put in place. There's that end-to-end encryption that Virtru offers, the verification processes, the ability to revoke readability. There's not stuff floating around out there unless it's on my system or it's in your email box."
With Virtru, that data is closely governed. You decide who has access and for how long. Files are encrypted in transit and at rest, and you can revoke access at any time—even after someone has downloaded a file.
Cost-Effective Solution for Solo and Group Practices
One of Lance's key criteria was finding a solution that conserved "time, energy, and money." After testing multiple options over the years, he's concluded that Virtru offers the best value:
"A lot of the out-of-the-box, the software-does-it-all models are overkill. I think there are things that are more cost-effective, not as cluttered, and something like Virtru fills a need very inexpensively, in my opinion, and very versatilely with robust credentials for HIPAA compliance."
Rather than paying for an expensive practice management system with features you don't need, Virtru allows you to secure the tools you're already using—email and file sharing—at a fraction of the cost.
Advice for Therapists Just Starting Out
For therapists opening their first practice or solo practitioners navigating HIPAA compliance alone, Lance offers this wisdom:
"I don't like to reinvent the wheel. I like to find people that make really good wheels and make it worth my dollar and then let them work for me. Buy a good wheel and implement it and don't brain yourself otherwise. For the person who's just starting out or a small practice, you're going to want to look at conserving your energy, your money, and your time. And I think you get the conservation of all three of those with Virtru's product."
Common Misconceptions About Therapy Privacy
"Regular email is fine if I add a disclaimer"
False. Email disclaimers don't provide encryption or HIPAA compliance. They're simply a warning—they don't actually protect the data.
"Texting is okay for quick messages"
As Lance notes, "Texting, as it stands, as most people understand texting, is not HIPAA compliant." Even brief messages about appointments can contain PHI.
"My clients can consent to unencrypted email"
Not true. "If I have a client that says just send me unencrypted emails, I say no, because the burden is on me to be compliant. You can't just give consent for me to break HIPAA. It doesn't work that way."
"HIPAA compliance is too complicated for small practices"
With the right tools, HIPAA compliance doesn't have to be overwhelming. As Lance discovered, finding solutions that handle the technical complexity behind the scenes allows you to focus on what you do best—helping clients.
The Virtru Difference: Customer Support That Cares
Beyond the product itself, Lance highlights Virtru's exceptional customer support:
"I always get a response, in my estimation, what feels like immediately. I don't feel like I've ever been left hanging in a real need. The follow-up is amazing. I'm constantly getting emails saying, 'Is somebody on this? Was the answer satisfactory?'"
When Lance encountered an unusual technical issue specific to his particular system setup, Virtru didn't dismiss it as a minor concern:
"Virtru didn't say, 'You're just a little guy, you're inconsequential.' They took it to heart. They promoted it up the chain of command. They investigated it. They did their due diligence."
For solo and small group practices, this level of support is invaluable. You don't have an IT department to troubleshoot technical issues—you need a vendor who treats your concerns with urgency and respect.
Ready to Protect Your Practice and Your Clients?
If you're a therapist looking for a HIPAA compliant email solution that's secure, affordable, and actually easy to use, Virtru delivers. Whether you're a solo practitioner just starting out or managing a growing group practice, Virtru scales with your needs without the complexity and cost of enterprise-level systems.
With features like:
- Seamless integration with Outlook and Gmail
- One-click encryption that works automatically
- Email revocation to fix mistakes instantly
- Mobile access for you and your team
- Secure Share for paperwork intake
- Client-friendly experience for all technical skill levels
- Responsive customer support from a team that cares
Virtru provides everything you need to communicate securely with clients while maintaining full HIPAA compliance.
Don't let email security become a barrier to providing excellent care—or a source of anxiety about potential violations. As Lance Clark discovered, the right solution makes therapy privacy simple, allowing you to focus on what matters most: your clients' wellbeing.
Contact our team today to schedule a demo and see how easy HIPAA compliant email can be.
Virtru provides easy-to-use encryption solutions for email and file sharing, trusted by healthcare professionals, therapists, legal firms, and organizations handling sensitive data. With end-to-end encryption, granular access controls, and seamless integration with the tools you already use, Virtru makes data protection simple and affordable for practices of all sizes.
Editorial Team
The editorial team consists of Virtru brand experts, content editors, and vetted field authorities. We ensure quality, accuracy, and integrity through robust editorial oversight, review, and optimization of content from trusted sources, including use of generative AI tools.
View more posts by Editorial TeamSign Up for the Virtru Newsletter
/blog%20-%20HIO%20Maya%20HTT/Maya-HTT-Level-2-lessons%20copy.webp)
/blog%20-%20cmmc%20level%203/CMMC-LEVEL-3.webp)
/blog%20-%207%20Healthcare%20Vulnerabilities/7-hipaa-vulns.webp)
/blog%20-%20please%20delete%20that%20email.%20domain%20wide%20protection/please-delete-that-email.webp)
/blog%20-%20next%20breakfast/next-breakfast-2.png)
/blog%20-%20microsoft%20bitlocker/microsoft-bitlocker.webp)
