HIPAA & BAA · CRM / marketing platform
Is GoHighLevel (HighLevel) HIPAA compliant?
Conditionally. HighLevel (GoHighLevel) will sign a BAA via its paid HIPAA Compliance Package add-on (reported around $297/month), available to agencies on any plan; HIPAA is not enabled by default.
Key facts
- BAA available: Conditionally — on specific plans
- What it takes: Paid 'HIPAA Compliance Package' add-on (reported ~$297/month) on any agency plan; sign the BAA in Settings > Compliance and enable HIPAA per sub-account
- Official source: HighLevel Support — HIPAA Compliance in HighLevel — https://help.gohighlevel.com/support/solutions/articles/48000983084-hipaa-compliance-with-highlevel (verified 2026-06)
How to use GoHighLevel (HighLevel) in a HIPAA-compliant way
- Purchase the HIPAA Compliance Package add-on at the agency level.
- Go to Settings > Compliance to edit signer details, sign, and download the BAA.
- After signing, the package activates at the agency level.
- Manually enable HIPAA for each sub-account in Advanced Settings.
- Confirm the current price and terms directly with HighLevel before relying on it.
Important caveats
- HighLevel is NOT HIPAA compliant by default — the paid add-on and signed BAA are required.
- Once enabled, HIPAA applies to all sub-accounts and reportedly cannot be deactivated; the subscription is non-refundable.
- Pricing can change — confirm the current ~$297/month figure directly with HighLevel.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring GoHighLevel (HighLevel) correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with GoHighLevel (HighLevel).
Frequently asked questions
Does GoHighLevel (HighLevel) sign a BAA?
On specific plans. Paid 'HIPAA Compliance Package' add-on (reported ~$297/month) on any agency plan; sign the BAA in Settings > Compliance and enable HIPAA per sub-account A signed BAA is required before any PHI is involved.
Is GoHighLevel (HighLevel) HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when GoHighLevel (HighLevel) offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using GoHighLevel (HighLevel) with PHI?
HighLevel is NOT HIPAA compliant by default — the paid add-on and signed BAA are required.