> ## Documentation Index
> Fetch the complete documentation index at: https://docs.daily.co/llms.txt
> Use this file to discover all available pages before exploring further.

# HIPAA Compliance for healthcare

> Learn how to turn on HIPAA compliance with the Daily API.

<Badge color="yellow">Healthcare add-on only</Badge>

With just a few lines of code, developers can embed HIPAA-compliant video calls. Both [Daily Prebuilt](/docs/prebuilt) and custom interfaces built using the [Daily call object](/docs/daily-js) can be used to build HIPAA-compliant applications.

## How to enable HIPAA compliance

1. Sign up for a Daily account at [dashboard.daily.co/signup](https://dashboard.daily.co/signup)
2. Add a credit card via the dashboard [billing page](https://dashboard.daily.co/billing)
3. Apply for the Healthcare add-on using this [form](https://forms.gle/TKfUm8sNp8QUsqKT8)

If you have any additional questions, [contact our support team](https://daily.co/contact-us).

## Business Associate Agreement (BAA)

To partner with you and build HIPAA-compliant applications, we've designed our APIs with data security and privacy as our top concern. We will sign a Business Associate Agreement (BAA) at no additional cost.

## HIPAA mode restrictions

<Warning>
  1. Room names are automatically replaced with random strings to keep PII out. If your workflow sets a custom room name, update that logic or the create-room call will fail.
  2. Logs and metrics will not include `userName` or non-UUID `userId` values.
  3. Recordings are restricted to local storage or a customer-managed S3 bucket — Daily's cloud storage is disabled.
</Warning>

## Room names

To create HIPAA-compliant rooms, use the [REST API](/reference/rest-api/rooms/create-room) to automatically create a randomized name for your room, preventing room names from including any PII or PHI. Trying to set a name manually will result in an error.

## HIPAA-compliant recording types

We offer three HIPAA-compliant recording options:

1. [`"local"`](/reference/daily-js/instance-methods/start-recording) recordings
2. [`"cloud"` and `"cloud-audio-only"`](/reference/daily-js/instance-methods/start-recording) recordings, but only when configured to store recordings in a custom S3 bucket
3. `"raw-tracks"` recordings (requires a custom S3 bucket)

These recordings are not stored on Daily servers.

<Warning>
  Accounts with HIPAA enabled cannot use live streaming, to maintain HIPAA compliance.
</Warning>

## Text chat

HIPAA-compliant text chat is available by default. When using Daily Prebuilt, text chat can be enabled via the `enable_chat` [room property](/reference/rest-api/rooms/create-room). Chat messages in Daily Prebuilt are never stored on Daily servers.

Developers can also build their own HIPAA-compliant text chat using Daily's [`sendAppMessage()`](/reference/daily-js/instance-methods/send-app-message) method. Chat data sent by `sendAppMessage()` is HIPAA-compliant by default. Developers are responsible for ensuring chat messages are not stored externally by their app.

## Pricing

HIPAA compliance requires the paid Healthcare add-on. Visit our [pricing page](https://www.daily.co/pricing) for more information.

<Tip>
  **Receive a \$15 credit for free**

  New accounts have a \$15 credit automatically applied when you add a credit card. Learn more about pay-as-you-go features on our [pricing page](https://www.daily.co/pricing).
</Tip>