This Business Associate Agreement is a contract between a HIPAA-covered entity and a business associate that sets forth the protections and uses for protected health information to ensure compliance with HIPAA regulations.
Also known as: BAA for HIPAA, HIPAA BAA
This Business Associate Agreement (BAA) under HIPAA typically contains the following elements: Obligations and Activities: Describes the permitted and required uses of PHI by the business associate. Safeguards: Specifies administrative, physical, and technical safeguards that the business associate must implement to protect PHI. Reporting: Outlines the requirements for reporting breaches of unsecured PHI to the covered entity. Subcontractors: Requires the business associate to ensure that any subcontractors agree to the same restrictions and conditions on PHI. Access and Availability: Stipulates that the business associate must provide access to PHI as specified by the covered entity or as required by law. Termination: Defines the terms upon which the contract may be terminated and what happens to PHI upon termination. Compliance: Requires the business associate to comply with the applicable requirements of the HIPAA Security Rule and make its internal practices, books, and records available to the Secretary of Health and Human Services for purposes of determining compliance with the HIPAA Rules.
