Security you can rely on
Keep your account and electronic patient health information (PHI) safe.

Katie M. from Austin, TX
The SimplePractice Security and Privacy Program
Our Security and Privacy Program incorporates all aspects of the platform: people, process, and technology. It is based on HIPAA, HITRUST, NIST-CSF, PCI, ISO 27001/2, and CCPA frameworks. It includes security and privacy controls across 19 different domains, including but not limited to access control, data encryption and privacy, vulnerability management, vendor management, network protection, endpoint protection, risk management, and disaster recovery.

HIPAA-compliant and HITRUST certified
Keep sensitive data safe with an EHR that satisfies both HITRUST and HIPAA security requirements. There are no specific HIPAA certifications an organization can obtain. However, the gold standard to confirm compliance is HITRUST certification. After review by a third-party assessor, SimplePractice received a HITRUST Certification Report by the HITRUST Alliance.

Bank-level security
SimplePractice takes the security of your account information seriously. Multiple layers of encryption are used to protect your data while it is stored or transmitted electronically. PCI-level controls are implemented to ensure that the information you process is equivalent or better than some financial institutions.

Secure servers, monitored 24/7
Physical security is an important component to protect your data. Our platform servers are housed in a facility protected by proximity readers, biometric scanners, and security guards 24/7, 365 days a year.

Constantly tested to be
hack-proofWe hack our own site—running thousands of tests, scanning our ports, and protecting against cross-site scripting. In addition, we partner with external security firms to assess our platforms’ with an unbiased neutral approach.

96%
practitioner
satisfaction
Frequently asked questions
Here are some commonly asked questions about SimplePractice. See all our FAQs
Is SimplePractice compliant with HIPAA’s security and privacy policies?
Yes, we take your data security seriously. Our security page contains everything about what we do to ensure the safety and integrity of your data.
Is SimplePractice HIPAA-compliant?
Yes, we meet or exceed all the requirements of HIPAA as a business associate, including the Business Associate Agreement (BAA) in which SimplePractice agrees to be responsible for keeping all client information private and to immediately report any breach of personal health information.
Is SimplePractice ICD-10 compliant?
Yes. We are fully compliant with the requirements put forth by the Centers for Medicare & Medicaid Services (CMS) in the ICD-10 mandate.
Can I export data from SimplePractice?
Yes. You can easily and securely export your practice and client data as often as you like.
Can I export my data?
Yes, you absolutely can. You can export one client, or all clients, and select whether to password protect your exports. SimplePractice will email you when you exported data is ready to download.
Can we migrate our data from another system to SimplePractice?
Absolutely! We have a free, dedicated team to help you and your practice out with this process.
Do you have a Business Associate Agreement?
Yes. By signing up for a free, 30-day trial, you agree to our Business Associate Agreement.
Is SimplePractice GDPR compliant?
While we have continued to maintain HIPAA and HITRUST security requirements, we have also taken steps to help you handle GDPR data requests from your clients.
Be the best version of your (business) self
Be the best version of your (business) self