Skip to content
BlurFirst

Screen-Sharing Privacy for Therapists: Protecting PHI in Telehealth

6 min read

Sharing your screen in a telehealth session can expose patient names, diagnoses and other PHI. Here's how to blur an EHR or chart safely, and how screen sharing fits with HIPAA's minimum-necessary rule.

When you share your screen during a telehealth session — to review results, a treatment plan, or a form with a client — your EHR, schedule and inbox can expose protected health information (PHI) that isn't part of that visit. The safeguard is to blur the PHI you're not actively discussing before you share, so an accidental reveal never happens. In a HIPAA context, an unintended disclosure isn't just awkward; it can be reportable.

What PHI can leak during a telehealth screen share

  • Other patients — the schedule, a patient list, or recent charts naming people unrelated to this session.
  • Identifiers on the current chart — name, date of birth, address, MRN, insurance and contact details.
  • Clinical detail — diagnoses, medications, and notes you're not reviewing together.
  • Inbox and messages — secure-message previews and notifications that surface other patients' names.

How to share an EHR or chart safely

  1. 1

    Share a single window

    Present only the EHR window — keep your email, schedule and other apps out of frame.

  2. 2

    Blur the surrounding PHI

    With BlurFirst, box-blur the patient list and navigation, and element-blur the identifiers on the chart you don't need to show.

  3. 3

    Reveal only what you're reviewing

    Leave visible just the result, plan or section you're discussing together. Everything else stays frosted.

  4. 4

    Keep panic blur ready

    If a message preview or another patient's record appears, press Ctrl/⌘ ⇧ H to blur the whole screen instantly.

Is screen sharing HIPAA compliant?

It can be, with the right safeguards. Two things are separate: the platform and the content. The video platform must be HIPAA-eligible and covered by a Business Associate Agreement (BAA). Separately, *what you reveal on screen* is your responsibility — and that's where the minimum-necessary standard applies: disclose only the PHI required for the purpose at hand. Blurring is a practical way to honor minimum-necessary during a live share.

A pre-session privacy checklist

  1. Confirm your video platform is HIPAA-eligible and you have a BAA in place.
  2. Share a single window, never your whole screen.
  3. Turn on Do Not Disturb so notifications with other patients' names don't appear.
  4. Blur the schedule, patient list and identifiers before you start sharing.
  5. Reveal only the section you're reviewing; keep the panic shortcut ready.

Frequently asked questions

Is Zoom HIPAA compliant for telehealth?

Zoom offers a HIPAA-eligible plan that can be covered by a BAA; the standard consumer plan is not. Platform compliance is separate from what you expose on screen — you still control PHI visibility during a share, which is where blurring helps.

Does BlurFirst store any patient data?

No. Everything you blur stays in your browser and is never screenshotted or uploaded. Per-site persistence stores which element you blurred (a selector), never the content inside it — so no PHI is collected.

Is blurring enough to be HIPAA compliant on its own?

No single tool makes you compliant. Blurring helps you meet the minimum-necessary standard during screen sharing, as one safeguard alongside a HIPAA-eligible platform, a BAA, access controls and staff training.

Blur it before you share it.

Hide any field, region or message on a page before your next call. Nothing you blur leaves your browser.

Add to Chrome

Keep reading