Therapy HIPAA Hub
COMPLETE STACK — 2026

Best Software for Private Practice Therapists — Complete 2026 Stack

Running a private practice in 2026 requires 3–4 core software tools — and most of them must be HIPAA-compliant. The most common mistake therapists make when launching a practice is choosing software based on price or familiarity (Gmail, Google Calendar, Zoom) without checking HIPAA compliance status. This creates compliance liability that can cost far more than the software savings.

This guide covers every software category a private practice therapist needs, the best HIPAA-compliant option for each, honest alternatives, and what tools to avoid. The entire stack can be built for under $100/month.

Updated May 2026 · All recommendations verified HIPAA-compliant with BAA availability confirmed

🗂️

EHR / Practice Management

Your core system for notes, scheduling, billing, and client records. This is the most important software decision you will make — it must be HIPAA-compliant with a signed BAA.

TOP PICK

SimplePractice

Best overall for solo and small group practices — easiest setup, built-in telehealth, modern interface.

ALTERNATIVES

  • TherapyNotes (best for Wiley Planners)
  • Sessions Health (best free option)
  • TheraNest (best for large groups)
Try SimplePractice Free →
✉️

HIPAA-Compliant Email

Standard Gmail, Yahoo, and Outlook are not HIPAA-compliant. Any email used for client communication requires a signed BAA from your email provider.

TOP PICK

Hushmail for Healthcare

Built specifically for healthcare providers — simple setup, BAA included, no IT required.

ALTERNATIVES

  • Google Workspace Business (BAA available)
  • Microsoft 365 Business (BAA available)
  • Paubox (best for high volume)
Try Hushmail for Healthcare →
📹

Telehealth Platform

If you do any video sessions, the platform must sign a HIPAA BAA. Standard Zoom, FaceTime, and Google Meet do not qualify.

TOP PICK

SimplePractice (built-in)

If you already use SimplePractice, telehealth is included — no separate platform needed.

ALTERNATIVES

  • Doxy.me (best free standalone option)
  • Zoom for Healthcare (BAA on healthcare plans only)
📅

Client Scheduling

Online booking software must be HIPAA-compliant. Standard Calendly is not — it only offers a BAA on expensive Enterprise plans.

TOP PICK

Included in your EHR

Most modern EHRs (SimplePractice, TherapyNotes) include client self-scheduling — no separate tool needed.

ALTERNATIVES

  • Acuity Scheduling (BAA available on paid plans)
  • Avoid standard Calendly — not HIPAA-compliant
🌐

Therapy Website

Your public website does not need to be HIPAA-compliant unless it collects PHI (like a contact form where clients describe their symptoms). A simple brochure site is fine on any platform.

TOP PICK

Squarespace or WordPress

Simple, professional websites without the complexity of healthcare hosting. Your HIPAA compliance lives in your EHR and email — not your public website.

ALTERNATIVES

  • Psychology Today profile (client-finding, not a website)
  • TherapyDen listing
💳

Insurance Billing

Insurance billing clearinghouses must sign a HIPAA BAA. Most EHRs include billing — using a separate billing service requires its own BAA.

TOP PICK

Included in your EHR

SimplePractice and TherapyNotes both include full insurance billing clearinghouses. Using your EHR's billing avoids needing a separate BAA.

ALTERNATIVES

  • Headway (handles insurance entirely for you)
  • Availity (standalone clearinghouse with BAA)

The Minimum Viable Compliance Stack

For a solo therapist starting out, here is the simplest HIPAA-compliant setup that covers all the bases:

1.

SimplePractice Essential ($69/mo)

Covers: EHR + scheduling + telehealth + billing + messaging + BAA

2.

Hushmail for Healthcare ($9.99/mo)

Covers: HIPAA-compliant email for any communication outside SimplePractice

Total: ~$79/month for a fully HIPAA-compliant private practice tech stack.

☀️ Summer 2026 Offer

Trusted by 225,000+ Therapists

50% Off Your First 4 Months of SimplePractice

SimplePractice is the #1 HIPAA-compliant practice management platform for therapists. Includes a signed BAA, encrypted messaging, telehealth, and full insurance billing.

✓ 7-day free trial✓ 50% off first 4 months✓ Free credentialing available (up to 2 payers)✓ BAA included
Claim 50% Off SimplePractice →

Limited-time summer offer · No credit card required for trial

Need HIPAA-compliant email only? See Hushmail for Healthcare →

Your BAA Checklist — Which Tools Need One

A Business Associate Agreement is required for every software platform that stores or transmits Protected Health Information on your behalf. Use this checklist to audit your current software stack.

BAA REQ.

EHR / Practice management system

Must have BAA. Most paid EHRs include one — confirm it is in writing.

BAA REQ.

Email service

Free Gmail, Yahoo, and standard Outlook do not have BAAs. Switch to Google Workspace Business, Hushmail, or similar.

BAA REQ.

Video / telehealth platform

BAA required if used for therapy sessions. Standard Zoom and FaceTime do not qualify.

BAA REQ.

Scheduling software

Required if clients book therapy appointments. Standard Calendly does not offer a BAA on affordable plans.

BAA REQ.

Cloud storage (Google Drive, Dropbox)

Required if you store client files. Standard personal accounts don't qualify — need Business plans with BAA.

BAA REQ.

Insurance billing clearinghouse

Required if submitting claims. Most EHRs cover this — standalone billing services need their own BAA.

BAA REQ.

SMS / text messaging service

Required for appointment reminders. Standard carrier SMS is not HIPAA-compliant. Use Spruce, SimplePractice portal, or similar.

OPTIONAL

Public website

Not required unless your site collects PHI (e.g., a contact form where clients describe symptoms or ask clinical questions).

OPTIONAL

Payment processing (Stripe, Square)

Typically not required for standard payment processing — but verify with your specific provider's terms.

5 Software Mistakes Therapists Make When Starting a Practice

Mistake 1: Using free Gmail for client email

Fix: Switch to Google Workspace Business (BAA available) or Hushmail for Healthcare. Takes under 1 hour to set up.

Mistake 2: Using standard Calendly for therapy appointment booking

Fix: Switch to SimplePractice's built-in scheduling or Acuity Scheduling's HIPAA plan. Both include BAAs.

Mistake 3: Storing client notes in personal Google Drive or Dropbox

Fix: Use your EHR's built-in storage, which is covered by the EHR's BAA. Or set up Google Workspace Business with a BAA.

Mistake 4: Using standard Zoom or FaceTime for telehealth sessions

Fix: Switch to SimplePractice's built-in telehealth (free with the plan) or Doxy.me (free with BAA).

Mistake 5: Choosing an EHR but never signing the BAA

Fix: Log into your EHR account settings and complete the BAA process. In SimplePractice, this is under Settings > Practice > HIPAA.

FAQ — Software for Private Practice Therapists

How much does software for a private practice therapist cost?

A complete HIPAA-compliant software stack costs approximately $70–120/month for a solo practice. SimplePractice Essential ($69/mo) covers EHR, telehealth, billing, and scheduling under one BAA. Adding Hushmail ($10/mo) for email brings the total to about $79/month. This is the minimum viable stack for full HIPAA compliance.

Do I need separate software for each function, or can one platform do everything?

A full EHR like SimplePractice or TherapyNotes handles scheduling, notes, telehealth, billing, and secure messaging in one platform with a single BAA. You will still need a separate HIPAA-compliant email service for any client communication that happens outside the EHR portal. Beyond that, one EHR covers most needs for a solo practice.

What software do I absolutely need to be HIPAA-compliant?

At minimum: (1) a HIPAA-compliant EHR with a signed BAA for client records, and (2) HIPAA-compliant email for any client communication. If you do telehealth, your video platform also needs a BAA. Everything else is secondary — but every tool you use that touches PHI needs its own BAA review.

Should I use a free EHR like Sessions Health to save money?

Sessions Health is a legitimate HIPAA-compliant EHR with a BAA included on its free plan — it is not just marketing. It includes telehealth, billing, client portal, and secure messaging at no cost for solo therapists. The tradeoff is that it is newer, less polished than SimplePractice, and has a smaller support community. It is a reasonable choice if budget is a constraint, but SimplePractice's Essential plan is the industry standard for a reason.