We’re building a production-grade fitness app that includes a voice assistant feature powered by LiveKit Agents. Since our app handles health-related conversations, we need to ensure full HIPAA compliance — which means getting a Business Associate Agreement (BAA) signed with LiveKit before any PHI flows through the platform.
I’ve gone through the HIPAA page at HIPAA Eligible Products and Services | LiveKit and confirmed that the services we plan to use - realtime transport, agent hosting, agent observability, and conversational models - are all listed as HIPAA-eligible. So we’re ready to move forward with the BAA.
A few questions for anyone who has been through this process:
What is the exact process to initiate a BAA with LiveKit? Is it through Contact sales | LiveKit or is there another channel?
What information or documents does LiveKit typically require from you upfront (company details, use case description, licensing tier, etc.)?
How long does the process take end to end - from first contact to a fully signed BAA?
Does the BAA cover all HIPAA-eligible services under one agreement, or do specific services need to be listed separately?
Are there any plan or billing tier requirements before LiveKit will sign a BAA?
Hi Aman, I’ll do my best to answer your questions here, but please be aware that any information you receive from our ‘Contact sales’ team should supersede this.
What is the exact process to initiate a BAA with LiveKit? Is it through Contact sales | LiveKit or is there another channel?
Yes, Contact sales is the best link
What information or documents does LiveKit typically require from you upfront (company details, use case description, licensing tier, etc.)?
Company details such as legal entity and business address, but not a use case description. Also, the project ID(s) that the BAA will cover.
How long does the process take end to end - from first contact to a fully signed BAA?
It’s typically not more than a few business days, but I don’t think we guarantee a specific timeline.
Does the BAA cover all HIPAA-eligible services under one agreement, or do specific services need to be listed separately?
My App does not require the Hippa, but it does require those under Age 17 be approved by parent before creating an account, or having any data saved. One of the things I use Livekit for in this is, I allow the Partent to record a short video to verify they give their permission.
I wish you the best with your fitness app, and I know the headaches some of the regulations can cause. I was amazed at all guidelines, and rules we must follow. I was close to adding an Avatar Assistant for Coaches and Athletes to my App, and decided not to, just to avoid all the extra regulations that came with it. Look forward to seeing what your fitness app looks like.