Required Documents for HIPPA Compliance


Once you bill Medicaid or private insurance, you are responsible for maintaining certain HIPAA documents. Some must be shared with clients, and others must be kept on file for compliance.

For Clients


  1. Notice of Privacy Practices (NPP) (Required + must be shared with clients)

This document explains:

  • How you use and protect client health information
  • When information may be shared (e.g., billing, care coordination)
  • Clients’ rights regarding their records

Requirement:

You must:

  • Give it to every client
  • Make a good-faith effort to get written acknowledgment
  • Keep a copy on file

Resource: US Department of Health & Human Service PP Templates

Templates in Doulado: Privacy Practice Agreement


  1. Acknowledgment of Receipt of NPP (Required + must be shared with clients)

This is proof that the client received your privacy notice. It can be combined with the Notice of Privacy Practice, above.

HIPAA requires you to document that you tried to give the notice. The client does is not required to sign this acknowledgment (important the signature field is optional). If a client refuses to sign, you must be able to document that you shared this acknowledgment.

  1. Client Authorization to Release PHI (Required when sharing data)

This allows you to share a client’s information with:

  • Insurance companies
  • Medicaid agencies
  • Care teams or referral partners
  • Program administrators or researchers (if applicable)

Authorizations must be specific, time-limited, and revocable.

Templates in Doulado: Client Authorization to Release Protected Health Information (PHI)



  1. Client Service Agreement / Consent for Care

This form outlines:

  • Scope of doula services
  • Communication methods
  • Emergency boundaries
  • Privacy expectations
  • Payment terms

While not strictly required by HIPAA, this helps set clear expectations and supports transparency, and protects you and the client.


  1. Electronic Communication Consent

If you use:

  • Video calls
  • Messaging
  • Portals
  • Apps
  • Email

You should have written permission acknowledging electronic communication risks. This is especially important for HIPAA compliance.


  1. Staff or Contractor Confidentiality Agreement (If Applicable)

If you work with:

  • Backup doulas
  • Administrative help
  • Students or interns

They should sign confidentiality agreements acknowledging HIPAA obligations.

Internal Business Documentation


  1. Business Associate Agreements (BAAs) (Required)

You must have BAAs in place with any vendors that:

  • Store PHI
  • Transmit PHI
  • Access PHI on your behalf

Examples include:

  • Your EHR/CRM (like Doulado)
  • Billing or clearinghouse services (If external to Doulado)
  • Secure messaging platforms

BAAs do not get shared with clients but must be kept on file.


  1. HIPAA Privacy Policy (Required)

This outlines how you:

  • Safeguard PHI
  • Limit access to client data
  • Respond to privacy concerns or breaches

This policy should align with your Notice of Privacy Practices.


  1. HIPAA Security Policy (Required)

This documents how you protect PHI through:

  • Secure software systems
  • Passwords and access controls
  • Device security (phones, laptops, tablets)
  • Backup and data recovery practices

  1. Breach Notification Policy (Required)

This explains:

  • What constitutes a data breach
  • How you would respond
  • How clients would be notified if their data is compromised

Even solo doulas are required to have this documented.

Key Takeaway for Doulas

If you previously worked with self-pay clients only, you may not have needed formal HIPAA documentation. Once you bill insurance, however, these documents are legally required, even for solo practitioners.

Why These Documents Matter

These forms help:

  • Protect your client’s privacy
  • Build trust and transparency
  • Ensure legal compliance
  • Support successful insurance billing
  • Reduce misunderstandings

For many doulas transitioning from self-pay to insurance billing, this can feel like an added layer of paperwork. In reality, these documents are part of operating as a professional healthcare provider and protecting both you and your clients.

Doulado offers secure, HIPAA-compliant tools and templates to help you collect, store, and manage these documents electronically, so you can spend less time on administration and more time providing meaningful care.