HIPAA Notice of Privacy Practices for Small Medical Practices
Solo physicians, nurse practitioners, and small group practices need a HIPAA Notice of Privacy Practices on file. Generate a compliant notice in under five minutes.
Quick facts for small medical practices
- Solo physicians, nurse practitioners, and small group practices are HIPAA covered entities
- Medicare and Medicaid participation triggers Section 1557 taglines requirement
- EHR vendors, billing services, and cloud storage are business associates requiring separate BAAs
- The HHS Feb 2026 model applies the same whether you have 1 physician or 50
Scope: what counts as a "small medical practice"?
For NPP purposes, practice size doesn't change the requirements — but it changes how the document gets used. We're thinking of: solo physicians in private practice, nurse practitioner offices, chiropractors, concierge medicine practices, internal medicine groups, pediatric practices, and similar practices with roughly 1–20 providers. Urgent care clinics, primary care, and specialty practices all follow the same NPP structure.
HIPAA covered entity status
You are a HIPAA covered entity if you transmit any of nine standard transactions electronically: claims, eligibility verification, referral certification, claim status requests, enrollment/disenrollment, payment/remittance advice, premium payments, coordination of benefits, or first reports of injury. If you accept insurance, you almost certainly transmit claims electronically — even if you outsource billing to a service, the service acts on your behalf and you remain the covered entity.
Section 1557 taglines
If you participate in Medicare or Medicaid — which most small medical practices do — you are subject to Section 1557 of the Affordable Care Act. This requires you to include taglines in the top 15 non-English languages of your service area, plus notices of availability of auxiliary aids and services. Our generator includes an optional 15-language taglines appendix.
Distribution for small practices
- At first visit: hand the NPP to each new patient at intake; obtain signed acknowledgment
- Physical posting: post in the waiting room or check-in area
- Website: post on your practice website (even a basic one)
- Electronic copies: provide on request via email or patient portal if you have one
- Re-distribute: on any material change (new Privacy Officer, change of location, etc.)
The cost calculus
An attorney-drafted NPP from a healthcare law firm typically runs $500–$2,500. A subscription to a legal-template service runs $40–$80 per month. NPP Generator is $49 one-time, includes Part 2 language when applicable, and produces an editable Word file so your office manager can make minor edits before posting. For a small practice, this is 10–50× cheaper than the alternatives.
Generate your NPP in under 5 minutes
Answer a few questions and download a HIPAA-compliant Notice of Privacy Practices based on the HHS February 2026 revised model.
Start your NPP — $49Not sure if your practice needs an NPP? Find out in 30 seconds →