support groups

Support Groups


July 26, 2020 | Reading Time: 2 Minutes

Please support’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Virtual COVID-19 Groups (9,900) and HIPAA

Demand for virtual support groups for recovered COVID-19 patients continues to grow as more patients recover. Forced isolation has exacerbated patient depression, anxiety, and stress, causing many recovered patients to seek virtual groups to cope.

Dr. William Sanderson, a psychologist and director of the Anxiety & Depression Clinic at Hofstra University states, “Some people have been removed from the ability to meet their common human needs — socialization, meaningful work, getting together with family. Every time you block people meeting their needs, it results in emotional distress.”

He furthered, “The concern that we have is that reactions to COVID that are mild could turn into disorders beyond the pandemic. Depression is a slippery slope down … we need to help these people now to avoid a bigger problem down the road.”

Since support groups fall under the category of “treatment” as per the HIPAA regulation, behavioral health professionals wishing to offer COVID-19 groups must ensure that the groups are HIPAA compliant.

Support Groups and HIPAA

Much like a traditional support group, virtual groups must comply with the HIPAA Privacy Rule. Under the Privacy Rule, providers have an obligation to safeguard patient’s protected health information (PHI). Since the inherent nature of support groups is for patients to share information with several other patients that are experiencing similar conditions, the privacy requirement is often overlooked.

However, providers still have to adhere to the minimum necessary standard when using or disclosing PHI, ensuring its confidentiality. This means that although patients are permitted to share their own PHI, providers are not permitted to disclose patients’ PHI to the group.

Virtual groups must also ensure the integrity of PHI with security controls. As such, when choosing which telecommunications tool to use to host support groups, it is important that they have security measures in line with HIPAA standards.

This includes:

  • Access controls. Utilizes unique login credentials for each user to ensure that unauthorized users do not have access to closed sessions.
  • Audit controls. Monitors access to PHI to ensure adherence to the minimum necessary standard.
  • Masks sensitive data to ensure that it cannot be read by unauthorized users.

Lastly, telecommunications tools are considered business associates under HIPAA. As such, for the tech to be used for support groups, the tool must be willing to sign a business associate agreement (BAA). A BAA is a legal document that mandates the protections the business associate is required to have in place. Tools that are unwilling to sign a BAA cannot be used in conjunction with PHI, and therefore cannot be used to treat patients.

Introduction to Telehealth Theory & Practice

Enjoy a fast-moving overview of telebehavioral and telemental health. Understand the key points related to telehealth clinical, legal, ethical, technology, reimbursement, social media and other pivotal issues.

HIPAA Compliant Social Media for Professionals

Tips and tricks for using social media to grow your practice without violating legal requirements.

Essential Telehealth Clinical & Best Practices

Now’s the time to get your professional, telehealth clinical best practices training. Learn telehealth competencies from industry leaders.

Disclaimer: offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...