Does Kareo (Tebra) sign a HIPAA BAA?

Yes. Kareo/Tebra executes a Business Associate Agreement with covered entity practices. The BAA covers Kareo/Tebra's handling of PHI in its billing, EHR, and patient engagement tools. It does not satisfy the covered entity's separate obligation to provide patients with a Notice of Privacy Practices.

What is the difference between Kareo and Tebra?

Kareo and PatientPop merged in 2021 and rebranded as Tebra in 2022. The Kareo brand is still widely used for the clinical and billing modules. For HIPAA compliance purposes, the entity is now Tebra — but both names refer to the same platform, and the BAA and compliance obligations are the same.

What do I still need for HIPAA compliance if I use Kareo?

You still need a HIPAA-compliant Notice of Privacy Practices aligned to the HHS February 2026 model, posted publicly on your website, displayed at your office, and provided to each patient at first service. Kareo/Tebra's BAA covers the vendor relationship but not the patient-facing NPP obligation.

EHR & Vendor

Does Kareo (Tebra) Provide a Notice of Privacy Practices?

Q: Does Kareo provide a Notice of Privacy Practices?

No. Kareo (rebranded as Tebra in 2022 after merging with PatientPop) does not provide a HIPAA Notice of Privacy Practices. Kareo/Tebra signs a BAA and offers billing, EHR, and practice management tools, but the NPP — required by 45 CFR § 164.520 — must be produced by your practice.

By NPP Generator Research Team · Published Apr 24, 2026 · Last reviewed Apr 24, 2026 · 5 min read

Key Takeaways

✓ Kareo / Tebra does not produce a HIPAA Notice of Privacy Practices for your practice
✓ Kareo / Tebra does sign a BAA — but that covers the vendor relationship, not patient-facing HIPAA notices
✓ Kareo rebranded as Tebra in 2022 after merging with PatientPop; both names refer to the same platform
✓ The NPP is the covered entity's obligation regardless of which billing or EHR platform you use
✓ The February 16, 2026 deadline to update to the HHS revised model has passed

Quick answer: No — Kareo (Tebra) does not provide a HIPAA Notice of Privacy Practices. It signs a BAA and provides billing, EHR, and patient-engagement infrastructure, but the NPP — the patient-facing document required by 45 CFR § 164.520 — is your practice's responsibility to create, distribute, and keep current.

Kareo (now operating as Tebra after its 2022 merger with PatientPop) is a popular practice management, billing, and EHR platform for independent medical practices — primary care, specialty practices, and small groups. Like all EHR and billing platforms, it handles the technical infrastructure of HIPAA compliance but does not produce the patient-facing HIPAA documents your practice is obligated to provide.

Kareo vs. Tebra: What's the Same

Kareo and PatientPop merged in 2021 and rebranded as Tebra in 2022. If you signed up with Kareo before the rebrand, your account migrated to Tebra. The clinical module (EHR), billing module, and patient engagement tools are all under the Tebra umbrella now — but many practices still refer to the platform as Kareo. For HIPAA purposes, the entity providing your BAA is Tebra.

What Kareo / Tebra Provides

Business Associate Agreement. Tebra executes a BAA with covered entities, covering PHI handled through the billing, EHR, and patient-engagement tools.
HIPAA-compliant billing and claims. Electronic claims submission through HIPAA-standard transactions (EDI 837).
EHR and clinical documentation. Note templates, order management, e-prescribing — all within a HIPAA-compliant environment.
Patient portal. Secure patient-facing portal for messaging, appointment scheduling, and document sharing.
Practice management. Scheduling, check-in, and revenue cycle management tools.

None of these include a Notice of Privacy Practices for your practice. The NPP is a specific regulatory document with mandated content; it isn't generated by billing or EHR software.

The NPP Is Your Practice's Obligation

Under 45 CFR § 164.520, every HIPAA covered entity must:

Produce a Notice of Privacy Practices with all required content elements
Provide a copy to each patient at first service delivery
Post the NPP on the practice's public website
Post a printed copy at each physical service location
Update the NPP when material changes occur and redistribute accordingly

The HHS February 2026 revised model (integrating 42 CFR Part 2 SUD language) represents a material change — the compliance deadline was February 16, 2026. Practices still operating under a pre-2026 NPP are out of compliance.

What You Still Need if You Use Kareo / Tebra

A compliant NPP aligned to the HHS February 2026 model
Public website posting of the NPP (the Tebra patient portal is not sufficient)
Physical office posting of the NPP
An acknowledgment-of-receipt process for new patients
NPP redistribution process for future material changes

Frequently Asked Questions

Does Kareo provide a Notice of Privacy Practices?▼

No. Kareo (Tebra) provides a BAA and billing/EHR infrastructure but does not produce or maintain a Notice of Privacy Practices. The NPP is a covered-entity obligation under 45 CFR § 164.520.

Does Kareo / Tebra sign a BAA?▼

Yes. Tebra (the entity operating Kareo) executes a Business Associate Agreement with covered entity practices. The BAA governs Tebra's handling of PHI — it does not satisfy the NPP requirement.

Is Kareo the same as Tebra?▼

Yes. Kareo merged with PatientPop in 2021 and the combined company rebranded as Tebra in 2022. The Kareo name is still widely used colloquially for the clinical and billing modules.

What's the difference between an NPP and a BAA?▼

A BAA is a contract between your practice and a vendor (like Kareo/Tebra). An NPP is a patient-facing notice from your practice to your patients. Both are HIPAA requirements, but they serve different purposes. See NPP vs. BAA — what's the difference.

Generate your NPP in under 5 minutes.

Built on the HHS February 2026 model with Part 2 SUD language. Upload to your Tebra patient portal, post to your website, and you're covered. $49 one-time — no subscription.

Start your NPP — $49

Free watermarked preview available. See sample →