Skip to main content
Healthcare add-on only With just a few lines of code, developers can embed HIPAA-compliant video calls. Both Daily Prebuilt and custom interfaces built using the Daily call object can be used to build HIPAA-compliant applications.

How to enable HIPAA compliance

  1. Sign up for a Daily account at dashboard.daily.co/signup
  2. Add a credit card via the dashboard billing page
  3. Apply for the Healthcare add-on using this form
If you have any additional questions, contact our support team.

Business Associate Agreement (BAA)

To partner with you and build HIPAA-compliant applications, we’ve designed our APIs with data security and privacy as our top concern. We will sign a Business Associate Agreement (BAA) at no additional cost.

HIPAA mode restrictions

  1. Room names are automatically replaced with random strings to keep PII out. If your workflow sets a custom room name, update that logic or the create-room call will fail.
  2. Logs and metrics will not include userName or non-UUID userId values.
  3. Recordings are restricted to local storage or a customer-managed S3 bucket — Daily’s cloud storage is disabled.

Room names

To create HIPAA-compliant rooms, use the REST API to automatically create a randomized name for your room, preventing room names from including any PII or PHI. Trying to set a name manually will result in an error.

HIPAA-compliant recording types

We offer three HIPAA-compliant recording options:
  1. "local" recordings
  2. "cloud" and "cloud-audio-only" recordings, but only when configured to store recordings in a custom S3 bucket
  3. "raw-tracks" recordings (requires a custom S3 bucket)
These recordings are not stored on Daily servers.
Accounts with HIPAA enabled cannot use live streaming, to maintain HIPAA compliance.

Text chat

HIPAA-compliant text chat is available by default. When using Daily Prebuilt, text chat can be enabled via the enable_chat room property. Chat messages in Daily Prebuilt are never stored on Daily servers. Developers can also build their own HIPAA-compliant text chat using Daily’s sendAppMessage() method. Chat data sent by sendAppMessage() is HIPAA-compliant by default. Developers are responsible for ensuring chat messages are not stored externally by their app.

Pricing

HIPAA compliance requires the paid Healthcare add-on. Visit our pricing page for more information.
Receive a $15 credit for freeNew accounts have a $15 credit automatically applied when you add a credit card. Learn more about pay-as-you-go features on our pricing page.