Does Practice Fusion Provide a Notice of Privacy Practices?
By NPP Generator Research Team · Published Apr 24, 2026 · Last reviewed Apr 24, 2026 · 4 min read
Key Takeaways
- ✓ Practice Fusion does not produce a HIPAA Notice of Privacy Practices for your practice
- ✓ Practice Fusion does sign a BAA — a vendor contract, not a patient-facing HIPAA notice
- ✓ Practice Fusion offers a free EHR tier (ad-supported) — but using a free EHR doesn't change your HIPAA obligations
- ✓ The NPP obligation belongs to the covered entity regardless of EHR cost or tier
- ✓ Practice Fusion has had HIPAA enforcement history (2019 OIG settlement) — all the more reason to maintain your own compliance documentation
Practice Fusion is a cloud-based EHR for small and independent practices, best known for its free tier — the platform is supported by advertising and (historically) pharmaceutical data partnerships. Being on a free EHR does not reduce your HIPAA obligations as a covered entity. The Notice of Privacy Practices is your practice's document to produce and maintain regardless of what you pay for your EHR.
What Practice Fusion Provides
- Business Associate Agreement. Practice Fusion executes a BAA with covered entity practices, committing to HIPAA obligations for PHI in the EHR.
- Cloud EHR with free tier. Clinical documentation, e-prescribing, and basic billing tools at no charge (ad-supported). A paid plan with additional features is also available.
- Patient portal. Secure patient-facing portal for messaging and document exchange.
- Intake form templates. Generic forms that practices can customize — but Practice Fusion does not supply a Notice of Privacy Practices template.
A Note on Practice Fusion's Compliance History
In 2019, Practice Fusion paid $145 million to resolve criminal and civil allegations that it accepted kickbacks from a pharmaceutical company to display clinical decision support alerts that promoted opioids. The settlement included OIG and DOJ components. This history is a reminder that choosing a HIPAA-compliant EHR does not insulate your practice from your own compliance obligations — including maintaining a current, accurate Notice of Privacy Practices.
What You Still Need if You Use Practice Fusion
- A HIPAA-compliant NPP aligned to the HHS February 2026 model
- Public website posting of the NPP
- Physical office posting at each service location
- An acknowledgment-of-receipt process for each new patient
- NPP redistribution when material changes occur
See NPP requirements in 2026 for the full compliance checklist.
Frequently Asked Questions
Does Practice Fusion provide a Notice of Privacy Practices?▼
No. Practice Fusion provides a BAA and a free HIPAA-compliant EHR but does not produce a Notice of Privacy Practices. The NPP is a covered-entity obligation under 45 CFR § 164.520.
Does Practice Fusion sign a BAA?▼
Yes. Practice Fusion executes a Business Associate Agreement with covered entity practices. The BAA covers Practice Fusion's handling of your patients' PHI.
Is Practice Fusion still active in 2026?▼
Yes. Practice Fusion continues to operate as a free EHR for small practices. The platform was acquired by Veeva Systems in 2023. The free tier remains available; practices using Practice Fusion have the same HIPAA compliance obligations as practices on paid EHR platforms.
Do free EHR users still need a compliant NPP?▼
Yes. The NPP requirement is determined by your status as a covered entity under HIPAA, not by your EHR plan or cost. Any practice that transmits health information electronically in standard transactions is a covered entity and must maintain a compliant NPP.
Generate your NPP in under 5 minutes.
Built on the HHS February 2026 model with Part 2 SUD language. Upload to your Practice Fusion patient portal, post on your website, and you're covered. $49 one-time — no subscription.
Start your NPP — $49Free watermarked preview available. See sample →