Revset
Services
Revenue System BuildAI Application BuildMarketing AutomationRevenue System AuditPlatform Migration
GoHighLevel
GHL HubCRM & ContactsAutomation & WorkflowsFunnels & WebsitesCalendars & BookingAll Categories →
Platform
Academy
Resources
BlogAI CenterCompareCase Studies
About
Book a Free Audit

30-minute call · No obligation

HomeGHL HubCRM & ContactsAchieve HIPAA Compliance in GoHighLevel for Your Agency
REVSET LABS · EXPERT GUIDE·CRM & Contacts

Achieve HIPAA Compliance in GoHighLevel for Your Agency

894 words·4 min read·Updated 27 April 2026·beginner·
Arsalan ZaffarArsalan ZaffarLinkedIn

👉 Start your 30-day GoHighLevel free trial.

Start 30-Day Free Trial
Quick Answer

To enable HIPAA compliance for your agency in GoHighLevel, go to Agency Settings → Compliance. This process takes about 5-10 minutes to complete the subscription and Business Associate Agreement (BAA) signing. You must then enable it for each relevant sub-account that handles Protected Health Information (PHI).

Key Takeaways
  • HIPAA compliance is a permanent activation once enabled at the agency level and cannot be canceled or refunded.
  • You must manually enable HIPAA for each individual sub-account after the agency-level package is activated and the BAA is signed.
  • GoHighLevel serves as a Business Associate (BA), but your agency must also maintain its own HIPAA compliance to protect client data fully.
  • The GoHighLevel HIPAA package includes a signed Business Associate Agreement (BAA) between your agency and GoHighLevel.
  • All Protected Health Information (PHI) stored within your GoHighLevel accounts is automatically encrypted at the database level.

Understanding HIPAA and GoHighLevel's Role

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards to protect sensitive patient health information (PHI). For agencies serving healthcare clients, understanding and adhering to HIPAA is crucial. GoHighLevel helps you achieve compliance by offering specific safeguards and a Business Associate Agreement (BAA). In the context of GoHighLevel, your healthcare client (the 'Practice') is generally considered the 'HIPAA-covered entity.' Your agency, and GoHighLevel itself, are both designated as 'HIPAA Business Associates.' This means both your agency and GoHighLevel must protect PHI according to HIPAA's Privacy and Security Rules. GoHighLevel has partnered with The Compliancy Group to ensure its platform meets these strict requirements.

✅ IMPORTANT: Agencies on any paid GoHighLevel plan (Starter, Unlimited, Pro, Agency Pro, or SaaS plans) can subscribe to the HIPAA compliance package.

Key Components of the GoHighLevel HIPAA Compliance Package

The GoHighLevel HIPAA compliance package provides essential tools and agreements to help your agency meet regulatory standards when handling Protected Health Information (PHI). This package safeguards your entire agency and provides critical documentation. Once activated, the HIPAA safeguards apply agency-wide, protecting all data within your GoHighLevel environment. You receive a signed Business Associate Agreement (BAA) directly from GoHighLevel, outlining shared responsibilities for PHI protection. The platform also includes explicit consent confirmations during checkout to ensure intentional activation and transparent pricing.

⚠️ The HIPAA compliance package is a permanent activation. Once enabled, it cannot be canceled, refunded, removed, or downgraded.

🔥 Pro Tip

GoHighLevel's database automatically encrypts all data at rest using 256-bit Advanced Encryption Standard. This happens without any setup required from you, ensuring your client's PHI is secure by default.

Subscribing to the HIPAA Compliance Package

Activating HIPAA compliance for your agency in GoHighLevel is a straightforward process. You will subscribe to the package within your agency settings, review the terms, and complete the payment. This action enables the foundational HIPAA protections for your entire agency account.

1
Access Your Agency SettingsFrom your GoHighLevel dashboard, click on Settings in the left-hand navigation menu. This opens your agency-level configuration options.
2
Navigate to ComplianceWithin the Settings menu, locate and click on Compliance. This section manages all regulatory compliance features for your agency.
3
Review Package DetailsCarefully read all the 'Before You Buy' details presented on the Compliance page. Understand what the package includes and its implications for your agency.
4
Initiate Package PurchaseOnce you have reviewed the details, click on the Buy HIPAA Package at $297 per Month button to proceed with the subscription. This action will open the purchase modal.
5
Acknowledge Terms and FeaturesIn the purchase modal, read the 'Note,' 'Features,' and the 'Acknowledgement' box thoroughly. This step ensures you understand the terms, including the package's permanent nature and cost.
6
Complete Subscription PaymentAfter carefully reviewing and agreeing to the terms, check the 'Acknowledgement Box.' Then, click on Pay $297 & Subscribe to finalize your purchase and activate the HIPAA compliance package for your agency.

⚠️ Once subscribed, the HIPAA compliance package is permanent for your agency. It cannot be canceled, refunded, removed, or downgraded, even if you change your mind later.

✅ Your Business Associate Agreement (BAA) will be automatically generated and signed digitally as part of this subscription process. No separate signing step is required immediately after payment.

Try GoHighLevel Free

Start your 30-day GoHighLevel free trial

Everything in this guide is in your free trial. 30 days, no credit card — the platform behind 78+ revenue systems.

Start 30-Day Free Trial

Some links are affiliate links — if you sign up we may earn a commission, at no extra cost to you. We only recommend GoHighLevel because we build on it every day.

Activating HIPAA for Individual Sub-Accounts

After subscribing to the HIPAA compliance package at the agency level and signing the Business Associate Agreement (BAA), you must complete a critical final step: enabling HIPAA for each specific sub-account that will handle Protected Health Information (PHI). This ensures that each location's data benefits from the enhanced security and compliance measures.

1
Access Your Sub-AccountsFrom your GoHighLevel dashboard, click on Sub-Accounts in the left-hand navigation menu. This displays a list of all locations under your agency.
2
Select a Sub-AccountLocate and click on the specific sub-account that requires HIPAA protection. This will open the settings and details for that particular location.
3
Navigate to Advanced SettingsWithin the sub-account's configuration, find and click on Advanced Settings. This section contains granular controls for the sub-account.
4
Enable HIPAA ToggleScroll down to locate the 'HIPAA' toggle. Click to turn this toggle ON. This action activates HIPAA-specific controls and hardening for this individual sub-account.
5
Repeat for All Relevant Sub-AccountsReturn to your list of sub-accounts and repeat steps 2-4 for every other sub-account that handles Protected Health Information (PHI). Each sub-account must be individually enabled.

⚠️ Once you enable the HIPAA toggle for a sub-account, this setting cannot be turned off. This permanence protects PHI data, as it cannot be 'un-encrypted' or reverted.

🔥 Pro Tip

Perform a regular audit of your sub-accounts to ensure all locations handling PHI have the HIPAA toggle enabled. This proactive approach helps maintain continuous compliance.

Viewing and Downloading Your Signed BAA

After subscribing to the HIPAA package, your signed Business Associate Agreement (BAA) is securely stored within GoHighLevel. You can easily access, view, and download this crucial legal document directly from your agency settings whenever you need it.

1
Return to Compliance SettingsFrom your GoHighLevel dashboard, go back to Settings → Compliance in the left-hand navigation menu. This is where your agency's compliance documents are managed.
GoHighLevel screenshot
0
2
Locate Your Signed BAAOn the Compliance page, you will see a section displaying your signed Business Associate Agreement. It will indicate its status as 'Signed'.
GoHighLevel screenshot
1
3
View the DocumentClick on the View Document button next to your BAA. This action will open a new window or tab displaying the full text of your signed agreement.
GoHighLevel screenshot
2
4
Download the BAAWithin the document viewer, you will find an option to download the BAA. Click this option to save a copy of your signed agreement to your local device for your records.
GoHighLevel screenshot
3
GoHighLevel screenshot
GoHighLevel screenshot
GoHighLevel screenshot
GoHighLevel screenshot

✅ All HIPAA-related documents, including your signed BAA, are generated and stored directly within GoHighLevel’s Documents & Contracts system. This streamlines management and eliminates the need for external tools like PandaDoc.

Troubleshooting Common Issues

⚠️ I cannot find the 'Compliance' section in my agency settings.
Ensure you are logged into your main Agency account, not a sub-account. The 'Compliance' option is only visible at the agency level. If still missing, check your agency plan eligibility.
⚠️ The HIPAA toggle is grayed out or unavailable in a sub-account's Advanced Settings.
First, confirm that your agency has successfully subscribed to the HIPAA compliance package and that the Business Associate Agreement (BAA) is signed. The sub-account toggle activates only after agency-level activation.
⚠️ I need to change the signer details on my BAA, but I don't see an option.
You can update signer information directly within GoHighLevel's Documents & Contracts system. Navigate to your Compliance section, view the document, and look for an 'Edit Signer Details' option within the interface.
⚠️ My agency subscribed to HIPAA, but I'm worried sub-accounts aren't protected.
Remember that agency-level subscription is separate from sub-account activation. You must manually go into each relevant sub-account's Advanced Settings and turn the HIPAA toggle ON for protection to apply.
⚠️ My payment for the HIPAA package failed during subscription.
Double-check your payment method details for accuracy (card number, expiry, CVV). If the issue persists, try a different payment method or contact your bank. GoHighLevel support can also assist with billing issues.

Common Mistakes to Avoid

  • Forgetting to enable the HIPAA toggle for *each* individual sub-account that handles PHI, assuming agency-level activation covers all.
  • Not fully understanding that the HIPAA compliance subscription is permanent and non-refundable once activated.
  • Skipping the detailed review of the 'Before You Buy' information and acknowledgment terms during the subscription process.
  • Attempting to use HIPAA-specific features or claim compliance without a signed Business Associate Agreement (BAA) in place.
  • Confusing GoHighLevel's role as a Business Associate with your agency's independent responsibility to maintain its own HIPAA compliance.

Frequently Asked Questions

QCan I cancel or remove the GoHighLevel HIPAA Compliance Package after activation?
No, once the HIPAA Compliance Package is enabled for your agency, it is a permanent activation. It cannot be canceled, refunded, removed, or downgraded. This policy ensures the integrity of Protected Health Information (PHI) once it's under HIPAA controls.
QIs the monthly fee for the HIPAA Compliance Package refundable?
No, the subscription fee for the HIPAA Compliance Package is non-cancellable and non-refundable. It is crucial to review all details and confirm your commitment before completing the purchase.
QWhich types of GoHighLevel agencies should enable HIPAA compliance?
Agencies that handle Protected Health Information (PHI) for their clients, particularly those serving healthcare practices, must enable HIPAA compliance. This package provides the necessary contractual and product-level controls, including a Business Associate Agreement (BAA), to protect sensitive patient data.
QCan a HIPAA-compliant sub-account be transferred between agencies?
Yes, a HIPAA-compliant sub-account can be transferred between agencies, provided that both the originating and receiving agencies have active HIPAA compliance packages and signed Business Associate Agreements (BAAs) with GoHighLevel.
QDoes the GoHighLevel mobile app support HIPAA compliance?
Yes, the GoHighLevel mobile app, including features like Conversations, Calendars, and Contacts, inherits the same encryption and multi-factor authentication (MFA) controls established by the agency-level HIPAA compliance package. Your PHI remains protected on mobile devices.
Try GoHighLevel Free

Start your 30-day GoHighLevel free trial

Everything in this guide is in your free trial. 30 days, no credit card — the platform behind 78+ revenue systems.

Start 30-Day Free Trial

Some links are affiliate links — if you sign up we may earn a commission, at no extra cost to you. We only recommend GoHighLevel because we build on it every day.

Arsalan Zaffar
Arsalan Zaffar
Revset Labs · Revenue Systems · 78+ GHL Builds

Arsalan writes GHL guides from real build experience — 78+ systems, $9.2M in client pipeline. Wharton, CXL & Google certified.

Connect on LinkedIn
Tags:HIPAAComplianceHealthcareSecurityBAAAgency Settings