Simple Practice Updated Terms of Service




CAMFT members who use Simple Practice may have questions regarding its updated Terms of Service which were issued earlier this month. CAMFT's Legal Team has carefully reviewed the Terms and been in communication with Simple Practice to ensure any concerns regarding HIPAA compliance are addressed. CAMFT requested that Simple Practice push back its deadline for customers to agree to its updated Terms so members would have sufficient time to review the Terms, and Simple Practice would be able to provide further clarification regarding members’ outstanding questions. Simple Practice has extended its deadline to September 6, 2023. The updated Simple Practice FAQs detailing key changes to its Terms of Service may be accessed by clicking here:    

 Simple Practice has informed CAMFT of the following: 

  • Simple Practice does not sell user or client data and has no intention of doing so. Should this change in the future, Simple Practice will let customers know. If Simple Practice de-identifies user data and Protected Health Information, it will do so in accordance with HIPAA regulations (e.g. removing all 18 identifiers, including names, telephone numbers, fax numbers, social security numbers, etc.).  
  • Simple Practice does not use or sell customer website templates or content and has no intention of doing so. Should this change in the future, Simple Practice will let customers know. 
  •  Simple Practice is not using custom templates and/or forms without customers’ awareness and willing participation. For any custom templates and/or forms offered through Simple Practice's service and created by a customer, the company has entered into compensation agreements with them. Additionally, Simple Practice is not selling customers' custom templates and/or forms. Should this change in the future, Simple Practice will let customers know.  
  • Simple Practice does not access Protected Health Information (PHI) outside of HIPAA regulations. 
  • Simple Practice does not keep PHI for more than 65 days after the termination of a customer's account. (Simple Practice keeps PHI for up to 64 days post-account termination to allow providers time to export their data).  
  • Simple Practice does not provide AI with access to any user data/PHI. 
  • As required by HIPAA, Simple Practice has business associate agreements with all third-party organizations it works with that may have access to PHI. (Per these agreements, the third-party organizations must also comply with HIPAA). 

Based on this information and our review of Simple Practice's updated terms of service, the terms appear to comply with HIPAA, especially given the company's HIPAA-compliant practice of entering into business associate agreements with third party entities that access PHI (e.g. to provide services and software practitioners need to use Simple Practice). 

To reach out to Simple Practice directly, use the link to the updated FAQs above, scroll to the bottom of the page, and click "Get More Help.” 

Return to Newsletter