Does SimplePractice Sign a HIPAA Business Associate Agreement?
By BAA Generator Editorial · Published Apr 20, 2026 · Last reviewed Apr 20, 2026 · 5 min read
Key Takeaways
- ✓ Yes — SimplePractice signs a HIPAA BAA on all paid plans (Starter, Essential, Plus)
- ✓ BAA execution is self-service via Account Settings → Security — no need to contact support
- ✓ Built-in telehealth video is covered under the same BAA — no separate agreement needed
- ✓ Free trial accounts do not include PHI storage or BAA coverage until upgraded
SimplePractice is the dominant EHR platform for solo and small-group mental health practices — therapists, psychologists, counselors, social workers, and other behavioral health providers. HIPAA compliance is central to what SimplePractice sells. Here is everything you need to know about their BAA process.
SimplePractice Plan BAA Coverage
SimplePractice offers a HIPAA BAA across all paid subscription tiers. The free trial is designed for onboarding only and does not permit PHI storage.
| Plan | BAA Available | Notes |
|---|---|---|
| Starter | Yes | Includes 1 clinician; BAA available via account settings |
| Essential | Yes | Most popular plan for solo practitioners; full BAA coverage |
| Plus | Yes | Group practice plan; BAA covers all clinicians on the account |
| Free Trial | No | No PHI storage permitted; BAA not available until upgrade |
How to Get a HIPAA BAA from SimplePractice
SimplePractice makes BAA execution exceptionally simple compared to most vendors. There is no need to email a compliance team or wait for a custom agreement. The process is fully self-service:
- Log in to your SimplePractice account
- Navigate to Account Settings
- Click on the Security tab
- Locate the Business Associate Agreement section
- Review the BAA and sign it electronically
Once signed, you will receive a confirmation and can download a copy for your records. SimplePractice retains the executed agreement on file. Most clinicians can complete this process in under five minutes.
What SimplePractice's BAA Covers
SimplePractice's BAA covers the core services delivered through their platform:
- Electronic health records (EHR) — clinical notes, treatment plans, progress notes
- Scheduling and appointments — patient calendar and automated reminders
- Billing and insurance claims — ERA processing, superbills, credit card processing
- Client portal — secure messaging, intake forms, document sharing
- Built-in telehealth video — SimplePractice's native video sessions
The telehealth coverage is especially important. SimplePractice uses its own HIPAA-compliant video infrastructure, so providers do not need to separately procure a BAA from Zoom or another video platform when using SimplePractice's built-in telehealth feature.
What Happens If You Use SimplePractice Without a BAA?
If you are storing or transmitting PHI through SimplePractice without a signed BAA, you are operating without a required safeguard under the HIPAA Privacy and Security Rules. Even though SimplePractice itself is built for HIPAA compliance, a BAA is a contract — and the contract must be signed before PHI flows to SimplePractice under HIPAA's business associate provisions.
Using a covered health service without an executed BAA exposes your practice to potential OCR investigation and civil monetary penalties. Fortunately, SimplePractice makes it trivially easy to fix — the BAA is a few clicks away in your account settings. See our guide on which vendors sign a HIPAA BAA and BAA requirements for therapists for broader context.
SimplePractice vs. Other EHRs on BAA Accessibility
One of SimplePractice's genuine advantages over competing platforms is how frictionless BAA execution is. Many enterprise EHRs require emailing a compliance team, waiting for a custom draft, and negotiating terms. SimplePractice's self-service model means any clinician can be fully compliant on the day they upgrade to a paid plan — without any back-and-forth.
For solo therapists in particular, this is meaningful. Understanding when you need a HIPAA BAA is the first step; SimplePractice makes acting on that understanding effortless.
Frequently Asked Questions
Does SimplePractice sign a HIPAA BAA?
Yes — SimplePractice signs a HIPAA BAA for all paid plan subscribers (Starter, Essential, and Plus). The BAA is executed electronically through Account Settings → Security. Free trial accounts are not eligible for PHI storage or a BAA.
Does SimplePractice's telehealth require a BAA?
SimplePractice's built-in telehealth video is covered under the same BAA as the rest of the platform. You do not need a separate BAA for SimplePractice's native video feature. However, if you use a third-party video tool (like Zoom or Doxy.me) alongside SimplePractice, you will need separate BAAs with those vendors.
Is SimplePractice HIPAA compliant for solo therapists?
Yes — SimplePractice is one of the most widely adopted HIPAA-compliant EHR platforms for solo mental health practitioners. With over 200,000 clinicians on the platform, SimplePractice is purpose-built for behavioral health and includes all the HIPAA safeguards (encryption, access controls, audit logging, and BAA) required for compliant solo practice.
What plan do I need to get a BAA from SimplePractice?
Any paid SimplePractice plan — Starter, Essential, or Plus — includes access to the HIPAA BAA. You do not need the highest-tier plan for BAA access. Once you upgrade from the free trial to any paid subscription, you can sign the BAA immediately through your account settings.
Need a BAA for your SimplePractice integration?
Generate a HIPAA-compliant Business Associate Agreement in minutes — covers all vendor types, free to start.
Generate Your BAA Free →