The Daily.co API for video calls is HIPAA compliant!
Our compliance stands out for its ease to developers and providers. We are proud to offer an API product that is specifically architected for HIPAA.
Simply ask us to turn on the HIPAA configuration for your organization. With our HIPAA product, a developer can add compliant video calls in minutes. It’s also simple to customize your users' experience, with our API's advanced features, in-app controls, and complete layout control.
Not only are we proud to announce compliance, we value clean implementation. The Daily.co video calling API is easy to use. Our customers can stay focused on their mission — not take on onerous development, or compliance risks unique to video calling.
If your organization is interested in HIPAA compliance, please contact us. You can email us at firstname.lastname@example.org, or talk to us via our website chat.
A Covered Entity that requires compliant video calls for protected health information (PHI) can use the Daily.co API HIPAA configuration. This includes telehealth providers, virtual care platforms, health plans, and mobile app developers.
If you are a developer working with PHI, you can use the Daily.co video chat API. Daily.co will sign a Business Associate Agreement (BAA).
Specifically, our company and API product adhere to the guidelines set forth by Health and Human Services, in HITECH in 2013:
Contact us, via email@example.com or our website chat, to ask about your organization's HIPAA compliance.
The Daily.co video chat API is actively compliant. We have done the work to architect each piece of the HIPAA product, so that when you use this configuration, your video calls are compliant.
Other vendors, in contrast, pass on the burden of compliance to your organization. This happens through a couple mechanisms. In its 2013 rules, HITECH lays out a ‘conduit’ exception. This is for organizations that transport a call (like a telephone provider). They primarily transmit a call; they don’t access its information. A vendor may claim to be only a conduit — in particular, they advise your developers build an integration that does not hand off certain information to them.
For example, in a digital platform it’s typical to create tokens and identifiers for your users. These are included in transmission, and your vendor may store these. Your developers have to take the additional steps to make sure to use the API in a compliant manner.
That means that the technical debt to configure tokens and strings properly is entirely upon your organization. It is paramount to check that no string associated with a call participant is stored on a vendor server.
The Daily.co API does not expose you to this risk. As a baseline, all of our video calls are encrypted and secure. We do not have access to in-call audio and video data. Furthermore, for a customer set up with our HIPAA configuration:
The above precautions are included, seamlessly, in our HIPAA product.
Our team here at Daily.co is proud to support the privacy safeguards afforded by HIPAA. We can provide sample code and development support, and Daily.co can sign HIPAA BAA agreements. Email firstname.lastname@example.org or use our website chat to talk with us.
Our work at Daily.co is grounded in the simple idea that people value talking to each other, face-to-face; it's exciting to make that easier, in a field as vital as healthcare. With our HIPAA configuration, your organization confidently can add secure video chat, to help your patients, users and providers connect better.