Does Tebra (Kareo + PatientPop) Provide an NPP?

By NPP Generator Research Team  ·  Published Apr 25, 2026  ·  Last reviewed Apr 28, 2026  ·  3 min read

Tebra (formed from the Kareo + PatientPop merger) provides EHR, practice management, and patient-engagement tools for small practices. A common assumption among new Tebra customers is that the platform's HIPAA-compliant infrastructure or BAA covers the NPP requirement. It does not. The NPP is a covered-entity-side document — your practice produces it, distributes it, and posts it.

What Tebra does provide for HIPAA compliance

Tebra provides HIPAA-compliant infrastructure and contractual protections, but none of them are an NPP:

• HIPAA-compliant infrastructure across the Tebra (Kareo + PatientPop) platform
• BAA on Professional and higher tiers
• Practice-customizable patient portal
• Patient-engagement marketing tools (calls, text, scheduling)
• Templates for intake forms — not NPPs

Plan tiers and BAA availability

Tebra offers tiered plans. The BAA is included on Professional and higher tiers and executed during onboarding.

How to request the BAA from Tebra

Tebra's BAA is executed during onboarding. The BAA portal is accessible to admin users; legal-team review is recommended before execution.

What the Tebra BAA covers (and doesn't)

The Tebra BAA binds Tebra to HIPAA's safeguard obligations for PHI it handles on your behalf. It does not produce an NPP, fulfill your NPP-distribution obligation, or substitute for any patient-facing HIPAA documentation. The BAA covers vendor-side responsibilities; the NPP covers practice-side patient communications.

Alternatives if you need NPP support

Tebra is well-suited to small practices that need a turnkey EHR + marketing stack. For the NPP itself, use NPP Generator's tool ($49) and upload to Tebra's patient portal as a shared intake document.

Setup after enabling Tebra's HIPAA features

Configure Tebra patient portal to deliver NPP at intake, post on practice website, and at physical office locations.

Common patient-facing scenarios with Tebra

In day-to-day operations using Tebra, several scenarios commonly surface NPP-related questions:

• New patient onboarding — present the practice's NPP at first encounter; capture acknowledgment electronically through the practice-management workflow
• Returning patients post-NPP-update — when the NPP materially changes, surface the updated NPP at the next encounter or via the patient portal
• Patient-portal NPP availability — make the NPP downloadable from the patient-portal documents area
• Right of Access requests — patients may request electronic copies of their records; the NPP describes this right and the practice's response process
• Vendor-relationship changes — if you switch from Tebra to another EHR, the NPP may need updating to reflect the new vendor relationship

Audit-readiness with Tebra

When OCR or a state regulator audits a practice using Tebra, expect the auditor to request:

• Signed BAA between the practice and Tebra
• Practice-issued NPP (current version)
• Acknowledgment-tracking documentation
• Evidence of patient-portal NPP availability
• Documentation of any data exchanges between the practice and other vendors (each requires its own BAA)

What changed in the HHS February 2026 model

The HHS February 2026 final rule introduced several NPP content updates that affect every covered entity, including practices using Tebra: clarified Right of Access language, updated breach-notification provisions, refined marketing-communication requirements, and explicit safeguards-against-AI language. Practices issuing or updating NPPs after February 16, 2026 should align to the new model. Tebra's patient-portal infrastructure typically supports either model; the document content is the practice's responsibility.