HIPAA & BAA · Practice management / EHR (behavioral health)
Is SimplePractice HIPAA compliant?
Yes. SimplePractice publishes its BAA and signs one on paid plans; it can be executed electronically from within account settings.
Key facts
- BAA available: Yes — with a signed BAA
- What it takes: Any paid plan (free trial excluded for PHI)
- Official source: SimplePractice Business Associate Agreement — https://www.simplepractice.com/baa/ (verified 2026-06)
How to use SimplePractice in a HIPAA-compliant way
- Sign up for or confirm a paid SimplePractice subscription (the free trial is not for storing PHI).
- Review the published BAA at SimplePractice's BAA page.
- Execute the BAA electronically via Account Settings (Security section).
- Configure account security (MFA, access controls) and complete your own risk analysis before loading PHI.
- Retain a copy of the executed BAA for your records.
Important caveats
- The free trial/onboarding context does not permit PHI storage—use a paid plan with the BAA executed first.
- The BAA covers SimplePractice's core services (EHR, scheduling, billing); confirm any add-ons are in scope.
- HITRUST certification and the BAA support compliance but do not replace your own safeguards.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring SimplePractice correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with SimplePractice.
Frequently asked questions
Does SimplePractice sign a BAA?
Yes. Any paid plan (free trial excluded for PHI) A signed BAA is required before any PHI is involved.
Is SimplePractice HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when SimplePractice offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using SimplePractice with PHI?
The free trial/onboarding context does not permit PHI storage—use a paid plan with the BAA executed first.
