HIPAA compliance is a paid-upgrade. HighLevel accounts are NOT HIPAA compliant by default. To enable HIPAA compliance for your account, visit your Agency dashboard, click Services, select HIPAA Compliance, then follow the signup instructions. Once HIPAA is purchased and enabled, it applies to all location accounts within your account and cannot be deactivated.


What is HIPAA?

HIPAA stands for the Health Insurance Portability And Accountability Act of 1996, which is a United States legislation that provides data privacy and security provisions for safeguarding medical information.


The act, which was signed into law by President Bill Clinton on Aug. 21, 1996, contains five sections, or titles: 

  • Title I: HIPAA Health Insurance Reform
  • Title II: HIPAA Administrative Simplification
  • Title III: HIPAA Tax-Related Health Provisions
  • Title IV: Application and Enforcement of Group Health Plan Requirements
  • Title V: Revenue Offsets

In context of online marketing, adhering to HIPAA Title II is what most people mean when they refer to HIPAA compliance.


HIPAA Title II

Also known as the Administrative Simplification provisions, Title II includes the following HIPAA compliance requirements:

  • National Provider Identifier Standard. Each healthcare entity, including individuals, employers, health plans and healthcare providers, must have a unique 10-digit national provider identifier number, or NPI.

  • Transactions and Code Sets Standard. Healthcare organizations must follow a standardized mechanism for electronic data interchange (EDI) in order to submit and process insurance claims.

  • HIPAA Privacy Rule. Officially known as the Standards for Privacy of Individually Identifiable Health Information, this rule establishes national standards to protect patient health information.

  • HIPAA Security Rule. The Security Standards for the Protection of Electronic Protected Health Information sets standards for patient data security.

  • HIPAA Enforcement Rule. This rule establishes guidelines for investigations into HIPAA compliance violations.

The two requirements that apply to the relationship between HighLevel, a customer Agency, and the agency's client (the Practice) are the HIPAA Privacy Rule and the HIPPA Security Rule. The details of each of these rules can be found here: 


HighLevel Compliance

In the relationship between HighLevel, a customer Agency, and the agency's client (the Practice); the Practice is considered "the HIPAA covered entity" and HighLevel and the Agency are considered "HIPAA Business Associates". 


HighLevel has worked with The Compliancy Group consultancy to ensure that we are in full compliance with the HIPAA Privacy Rule and the HIPPA Security Rule, so that we can enter into HIPAA Business Associate Agreements (BAA) with our customer Agencies. 


In order for the personal health record data of your client Practice's patients to be completely protected, however; your Agency must also be in full compliance with HIPAA Title II so that you can provide your client Practice with a HIPAA Business Associate Agreements as well. 


Please reach out to us if you would like the contact information of The Compliancy Group who can help you ensure that your Agency is fully compliant.