What's the cheapest way to get an NPP for my practice?

The HHS model notices are free and can be adapted manually, but they require you to fill in practice-specific fields (entity name, Privacy Officer, website, effective date) and add Part 2 SUD language if applicable. Tools like NPP Generator take the HHS model, capture practice information via a guided intake, and produce a formatted PDF and Word file for $49.

If I switch from Oracle Cerner Millennium to another EHR, do I need to update my NPP?

Possibly. The NPP describes uses and disclosures; if changing EHR materially changes data flows or vendor relationships, the NPP may need updating. Re-distribute on material change.

Does HIPAA-compliant infrastructure satisfy the NPP requirement?

No. HIPAA-compliant data hosting, encryption, and audit logging are Security Rule safeguards. The NPP is a Privacy Rule requirement under § 164.520 — distinct and not satisfied by infrastructure.

EHR & Vendor

Does Oracle Cerner Millennium Provide a Notice of Privacy Practices?

Q: Does Oracle Cerner Millennium provide a Notice of Privacy Practices?

No. Oracle Cerner Millennium provides HIPAA-compliant infrastructure and signs a BAA on appropriate plans, but does not produce a HIPAA-compliant NPP. The NPP is the covered entity's responsibility under 45 CFR § 164.520.

Q: Does Oracle Cerner Millennium sign a BAA?

Yes, on appropriate enterprise/healthcare-tier plans. Oracle Cerner Millennium licenses to enterprise customers (hospitals and large healthcare systems). The BAA is part of the standard enterprise contract negotiated during implementation.

By NPP Generator Research Team · Published Apr 25, 2026 · Last reviewed Apr 28, 2026 · 4 min read

Need to update your NPP?

Update → Generate new →

Quick answer: No. Oracle Cerner Millennium does not provide a HIPAA-compliant Notice of Privacy Practices for your practice. Oracle Cerner Millennium provides HIPAA-compliant infrastructure and signs a BAA with covered-entity customers as part of standard enterprise contracts. The NPP — the patient-facing HIPAA document required by 45 CFR § 164.520 — is the covered entity's responsibility to produce and maintain.

Oracle Cerner Millennium (formerly Cerner, now Oracle Health Millennium) serves hospitals and large healthcare systems with electronic health records, revenue cycle management, and clinical decision support. A common assumption among new Oracle Cerner Millennium customers is that the platform's HIPAA-compliant infrastructure or BAA covers the NPP requirement. It does not. The NPP is a covered-entity-side document — your practice produces it, distributes it, and posts it.

What Oracle Cerner Millennium does provide for HIPAA compliance

Oracle Cerner Millennium provides HIPAA-compliant infrastructure and contractual protections, but none of them are an NPP:

Enterprise HIPAA-compliant infrastructure (encryption, audit logs, role-based access)
BAA executed during implementation contract
Patient portal with customizable patient-facing notices
Cerner-supplied document templates — customizable but not a 45 CFR § 164.520 NPP
Integration capability for the system's own NPP via portal and intake workflows

Plan tiers and BAA availability

Oracle Cerner Millennium licenses to enterprise customers (hospitals and large healthcare systems). The BAA is part of the standard enterprise contract negotiated during implementation.

How to request the BAA from Oracle Cerner Millennium

Oracle Cerner's BAA is negotiated as part of the implementation contract. Healthcare-system legal and compliance teams handle this directly with Oracle Cerner's contracting team.

What the Oracle Cerner Millennium BAA covers (and doesn't)

The Oracle Cerner Millennium BAA binds Oracle Cerner Millennium to HIPAA's safeguard obligations for PHI it handles on your behalf. It does not produce an NPP, fulfill your NPP-distribution obligation, or substitute for any patient-facing HIPAA documentation. The BAA covers vendor-side responsibilities; the NPP covers practice-side patient communications.

Alternatives if you need NPP support

Hospital systems using Oracle Cerner typically have compliance teams that produce the system's NPP. Smaller affiliates or new system rollouts can use NPP Generator to produce an HHS-Feb-2026-aligned NPP for $49 and integrate it into the Cerner-driven patient-engagement workflow.

Setup after enabling Oracle Cerner Millennium's HIPAA features

After Cerner implementation, configure the patient portal to surface the NPP at first patient encounter, post on the system's public website, and post visibly at clinical sites. Re-distribute on material change.

Common patient-facing scenarios with Oracle Cerner Millennium

In day-to-day operations using Oracle Cerner Millennium, several scenarios commonly surface NPP-related questions:

New patient onboarding — present the practice's NPP at first encounter; capture acknowledgment electronically through the practice-management workflow
Returning patients post-NPP-update — when the NPP materially changes, surface the updated NPP at the next encounter or via the patient portal
Patient-portal NPP availability — make the NPP downloadable from the patient-portal documents area
Right of Access requests — patients may request electronic copies of their records; the NPP describes this right and the practice's response process
Vendor-relationship changes — if you switch from Oracle Cerner Millennium to another EHR, the NPP may need updating to reflect the new vendor relationship

Audit-readiness with Oracle Cerner Millennium

When OCR or a state regulator audits a practice using Oracle Cerner Millennium, expect the auditor to request:

Signed BAA between the practice and Oracle Cerner Millennium
Practice-issued NPP (current version)
Acknowledgment-tracking documentation
Evidence of patient-portal NPP availability
Documentation of any data exchanges between the practice and other vendors (each requires its own BAA)

What changed in the HHS February 2026 model

The HHS February 2026 final rule introduced several NPP content updates that affect every covered entity, including practices using Oracle Cerner Millennium: clarified Right of Access language, updated breach-notification provisions, refined marketing-communication requirements, and explicit safeguards-against-AI language. Practices issuing or updating NPPs after February 16, 2026 should align to the new model. Oracle Cerner Millennium's patient-portal infrastructure typically supports either model; the document content is the practice's responsibility.

More EHR & vendor guides

Athenahealth Provide AN Npp Charmhealth Provide AN Npp Drchrono Provide AN Npp Eclinicalworks Provide AN Npp Elation Health Provide AN Npp Epic Provide AN Npp Greenway Health Provide AN Npp Jane App Provide AN Npp Kareo Provide AN Npp Meditech Provide AN Npp Nextgen Provide AN Npp Practice Fusion Provide AN Npp Simplepractice Provide AN Npp Tebra Provide AN Npp Theranest Provide AN Npp Therapynotes Provide AN Npp Valant Provide AN Npp Veradigm Allscripts Provide AN Npp

Generate a compliant NPP in 5 minutes

HHS Feb 2026 model · Part 2 SUD language · Section 1557 taglines · whether you're updating or starting fresh.

Update my existing NPP → Generate a new NPP →

No subscription · PDF + Word · Free watermarked preview · See sample →

Related: EHR & practice-management vendors

athenahealth CharmHealth DrChrono eClinicalWorks Elation Health Epic Greenway Health Jane App