Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: Yes.
Recommend for your HIPAA risk management needs?: Yes. Be sure to read our one caveat and the notes for a couple of important points.
# of Caveats: 0 view caveats→
# of Usage Notes: 8 view notes→

Relevant Product Characteristics

  • This product is designed specifically with mental/behavioral health professionals in mind.

What Is This Product?

A green and blue logo that looks like people with their arms raised.

TheraNest is a well-rounded web-based practice management suite, that offers a variety of tools.

TheraNest is a good solution for clinicians who need:

  • A client scheduling portal.
  • Insurance submissions.
  • Case notes and client record management.
  • Coordination between multiple clinicians and administrators
  • Client reminders and payments.

. For a full review of TheraNest’s features, see Tame Your Practice’s review. –

Our Impressions

Our overall impression of the company was that they were committed to security and risk management, and that they are always thinking about how to improve their product. We feel comfortable recommending them for your practice management and risk management needs.

This product offers a free service tier or a free trial account:

We encourage all clinicians interested in this product to try out the free trial or experiment with the free tier to see if it suits your needs.

If you discover anything of concern that isn’t addressed in this review yet, please tell Liath about it at [email protected].

This product has also been reviewed by:

  • Tame Your Practice: Rob Reinhardt of Tame Your Practice does highly-respected reviews of EHR products. While we review them primarily for risk management appropriateness, Rob reviews them for features and quality. Read Rob’s review of this product→


Caveats are criticsms of the company or product that we feel are relevant to your risk management or other important considerations.



Notes cover points where the product can’t ensure compliance or ethical action for you. These help you know what your part of the compliance puzzle looks like when using this product. A high note count usually correlates with a feature-rich product, and not necessarily with a product that has problems.

1) Enable “show only client initials in synced calendars,” and have a BAA with that calendar provider

TheraNest does not perform any mobile calendar notification itself, instead syncing with Google Calendar and iCal.  Since we generally recommend using initials in calendars as a precaution, we recommend you enable the option to “Show only client initials in synced calendars” in TheraNest, under each clinician’s profile.

While initials are less information, they’re still considered PHI, so you should have a BAA with your calendar provider. Gsuite from Google is one such example.

2) Avoid sending unsecured appointment reminders or payment notifications without proper collaborative risk analysis

TheraNest offers appointment reminders by email, SMS text message, and automatic voice call. TheraNest can also send payment-related notifications.

TheraNest gives you the ability to have clients opt-out before sending them email, voice, or SMS text reminders. TheraNest, thoughtfully, also has a check-box in each client’s contact record to indicate whether the client consents to having the name of your clinic mentioned in communications. We did find the opt-out settings a bit confusing, as it doesn’t differentiate between preferred contact method and never contact client via this method. We recommend being very explicit with your clients around contact methods for both appointment reminders and payment.

Remember that when using conventional email or text messaging, you need to determine if simple opt-out is sufficient for your ethical and legal needs. Read our article on unsecured communications here for some guidance to help you decide what you need to do to around appointment reminders to stay legal and ethical in your practice. It is also covered in Engaging in HIPAA Security and Digital Confidentiality as a Mental Health Professional, Module 4: Using Email, Text, Phone, and Video in a HIPAA-Compliant Manner in detail.

If it turns out that unsecured email or text communications are legally-ethically workable for you, TheraNest executes a Business Associate Agreement with you, which makes it legal for them to send those emails or texts on your behalf.

3) Be sure you are following simple security measures like using appropriate passwords and computer/device security

TheraNest has very un-complex password requirements, so when setting a password be sure to exceed their suggested minimum complexity.

TheraNest has a mobile app. This is very useful and convenient, and the app depends on you to keep your phone secure so that the app is secure, too. TheraNest helps a bit by requiring a password every time you launch the application. Our HIPAA Investigation Repellent course covers smartphone security in detail. Our video on how to use the security features of your smartphone is also quite helpful.

4) E-sign your progress notes and be mindful with your permissions

Be sure to e-sign your client progress notes once you’ve completed them, as until they are e-signed they can be updated or deleted by any clinician with access to that client. TheraNest does track changes to notes, and could tell you, for example, that Clinician A updated Clinician B’s progress notes on Client Z. That said, once you have completed writing a note and don’t anticipate any changes to it, we recommend e-signing it.

Note, though, that clicking “Save and schedule next appointment” after writing a progress note does not e-sign the progress note. You will have to go back and e-sign it.

If you are in a group practice, one way to mitigate the risk of another clinician overwriting, changing, or even viewing your clients’ progress notes is to be cautious about enabling rights for clinicians to view client information of clients other than their own.

5) Use your HIPAA-friendly email account to receive reports from TheraNest

TheraNest can send some useful reports and alerts to your be email on a regular basis.  We recommend that you use your HIPAA-friendly email account (one with a Business Associate Agreement in place) to receive the emails.

6) Be sure to request, sign, and submit your BAA

TheraNest does not automatically execute a Business Associate Agreement with you. In order to agree to the BAA, you must request one as part of the new account creation process, through the support chat tool. You will then need to sign it and submit it.

If you are on a trial trying out TheraNest, if you request a Business Associate Agreement, TheraNest will execute one as well.

7) Have a discussion with your clients about the best ways to contact you

TheraNest has a secure client messaging portal that allows clinicians to send messages to clients and clients to send messages to clinicians. Oddly, though, there is no mechanism to alert the clinician that a client has sent a new message. The only way to tell if you have a new message is to log in to TheraNest. We would recommend updating your Communications Policy (you have one, right?) to be explicit that in emergencies or time-sensitive situations, clients should not use TheraNest messaging to contact you.

8) Superbill update

TheraNest has the ability to send superbills to clients, but this uses normal, unescrowed e-mail, rather than the TheraNest client portal. Roy does not recommend ever sending superbills via e-mail, even with client consent, as superbills contain diagnoses and CPT codes

** TheraNest has fixed the issue in which clients who have selected “Do not contact by email” on their profile could still receive superbills despite their account settings. This is no longer an option. When trying to send an email of any type to a client who has not consented to emails, the following message is displayed:


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss