GoHighLevel HIPAA Compliance: 4 Things to Be Aware Of

We may earn commissions if you buy via links on our website. Commissions don’t affect our opinions or evaluations. Learn more.

GoHighLevel has HIPAA compliance available to anyone who uses the platform to process protected health information.

However, simply purchasing the service is not enough to ensure full HIPAA compliance for your business. 

Key Takeaways:

  • HIPAA compliance costs $297/month or $2,970/year plus your usual subscription fee
  • GoHighLevel HIPAA only covers the platform—agencies must also be HIPAA-compliant
  • Once you purchase HIPAA compliance, you cannot cancel it

Is GoHighLevel HIPAA Compliant?

Is GoHighLevel HIPAA Compliant?

GoHighLevel offers Health Insurance Portability And Accountability Act (HIPAA) compliance, but it doesn’t come as standard. 

When you initially pay for a subscription (Starter, Unlimited, or Pro plans), the platform will not be HIPAA compliant. Instead, it’s available as a paid add-on to your usual subscription price.

How Does It Work, Exactly?

Once you have purchased a subscription plan from GoHighLevel, you will find the option to upgrade to HIPAA inside your Agency account. You’ll find it in the Add-Ons tab.

Once you have completed the purchase for HIPAA compliance, you will be invited to read and sign the necessary documents.

After this, GoHighLevel’s database will automatically encrypt all data. There’s nothing else to do on your end in terms of setup or modification.

Who Needs It?

Who Needs It?

Anyone or any business that handles protected health information (PHI) requires HIPAA compliance.

This includes:

  • Healthcare Providers: Doctors, dentists, medical facilities, chiropractors, etc.
  • Insurance Companies: Employer-sponsored health plans, Medicare, Medicaid, etc.
  • Business Associates: Any entity that processes health information between providers and payers—for example, billing services and legal services

Now, while you may not be directly involved in any of these industries, you may take on clients that are.

Therefore, you must be HIPAA compliant if any PHI is collected, stored, processed, or transmitted via GoHighLevel or your agency.

PHI is collected

To make this clearer, let’s take a look at a quick example:

  • You are a marketing agency using GoHighLevel, and you take on clients who own osteopathy practices.
  • You start to handle their booking systems, take patient appointments, send out reminders, and deal with patient follow-ups.
  • Since you are processing and storing patient data (which includes PHI), your agency must be HIPAA compliant.

Now, let’s say you take on osteopathy clients, but the work you do for them is different:

  • Your clients request that you set up marketing campaigns for offers on treatment bundles.
  • You collect lead data (names and emails) to send out promotional emails containing the offers.
  • Interested individuals call the osteopathy practice directly to book, and at no point do you deal with any patient bookings, follow-ups, etc.
  • Since the data you collect does not involve PHI or medical details, in this case, it is not necessary to be HIPAA compliant.
  • However, if you collect more than just names and emails—symptoms, previous treatments, or anything directly health-related—this could fall under PHI, and HIPAA compliance would be required.

GoHighLevel HIPAA Compliance Doesn’t Mean Your Business Is Compliant

GoHighLevel HIPAA Compliance Doesn’t Mean Your Business Is Compliant

It’s very important to distinguish GoHighLevel’s HIPAA obligations from your own.

Just because you’ve purchased the GoHighLevel HIPAA add-on doesn’t mean that you or your agency are HIPAA compliant. It simply means that the platform is.

In other words, it’s not just necessary to ensure that GoHighLevel is HIPAA compliant. You must also get HIPAA compliance for your business.

To do this, you need to:

  • Sign a US Department of Health and Human Services, Business Associate Agreement (BAA) with each of your clients.
  • Designate a HIPAA compliance officer and conduct employee training on HIPAA rules and regulations.
  • Complete a risk assessment to identify any security risks.
  • Implement policies for PHI access, data sharing, and breach response.
  • ALL tools and software (including GoHighLevel) your agency uses must be HIPAA compliant, complete with access controls, encryption, and audit logs.
  • All devices (computers, phones, etc.) require strong security and access control.

If you’re ever in doubt, it’s worth working with a HIPAA compliance consultancy (The Compliancy Group, HIPAA One, etc.). They can ensure you’re fully compliant and provide certification proving the fact.

How Much Does GoHighLevel HIPAA Compliance Cost?

How Much Does GoHighLevel HIPAA Compliance Cost?

There are two ways to pay for GoHighLevel HIPAA compliance:

  • Monthly: $297
  • Annually: $2,970

Overall, paying annually is cheaper since it saves you $594 compared to paying monthly.

Useful things to know:

  • This price is in addition to your usual subscription amount. 
  • HIPAA compliance can be added to any GoHighLevel plan.
  • It covers all locations (sub-accounts) within your agency account.

Once You Get It, You Can’t Go Back

Once You Get It, You Can’t Go Back

Think very carefully about whether or not you want to take on clients that require HIPAA compliance.

Once you have purchased the HIPAA add-on, removing it is impossible, even if you stop taking on medical clients. So, you’ll be stuck paying for it forever, regardless of which direction you take your business.

The only way to remove HIPAA compliance from GoHighLevel is to cancel your account altogether.

How to Set Up GoHighLevel HIPAA (A Quick Guide)

How to Set Up GoHighLevel HIPAA (A Quick Guide)

Make sure you’re in the Agency View of your account. Click Add-Ons and find the HIPAA section.

Choose and click on your preferred

Choose and click on your preferred subscription method and click Buy Now.

You will be taken to the payment screen where you can complete the purchase.

Buy Now

Still the Agency View of your account, click Settings > Compliance. You’ll now see a request for you to read and sign the BAA document.

Once the document has been signed and submitted, it can take up to 72 hours for HIPAA compliance to be activated.

Frequently Asked Questions

Once you have purchased the GoHighLevel HIPAA compliance add-on, it takes between 48 to 72 hours to be fully set up. The faster you sign the BAA form, the quicker the process will be.

You can get GoHighLevel HIPAA by purchasing the add-on from within your GoHighLevel account. It costs $297 per month or $2,970 per year in addition to your usual subscription fee.

Reddit
Facebook
Twitter
LinkedIn
Email

About Authors

  • Janette

    Janette Bonnet is a Senior Writer at SupplyGem. She’s been in the teaching and training field for over 10 years and has been writing about it for more than 5 years. She knows a lot about online course tools like GoHighLevel, Systeme.io, and Teachable. Thanks to her long experience and a professional training certification she earned from CIPD, she’s great at helping readers understand these platforms. When you read her articles, you’re getting advice from someone who’s actually used and knows these tools inside out. Beyond her professional endeavors, Janette has dedicated many years to volunteering, especially in animal welfare, showcasing her commitment to giving back to the community.

  • Nicole Marron

    Nicole Marron is an editor at SupplyGem. She brings over three years of editing expertise and a strong academic background to her role. Equipped with her High Level Proofreading Pro certification, Nicole has collaborated with numerous coaches, course creators, and authors to refine their messaging and amplify their impact. With her eye for detail and intuitive grasp of flow, Nicole elevates the clarity and effectiveness of the content she refines.

NEW & EXCLUSIVE OFFER FOR A LIMITED TIME

Hours
Minutes
Seconds