Business Associate Agreements:
More Than Just a Template

How to get the best out of your BAAs

Business Associate Agreements (BAAs) are an essential part of any effective HIPAA compliance program. But understanding what a good BAA should and should not include isn’t as intuitive as understanding that you need one in the first place.

Below, we’ve compiled the basic components and definitions of a HIPAA Business Associate Agreement template for you to peruse.  Keep in mind that BAAs are legally binding contracts, so it’s best to have a compliance expert, security officer, or lawyer help you before finalizing anything with your organization’s Business Associates (BAs).

Business Associates

But first, let’s define what exactly the HIPAA Rules qualify as a Business Associate (BA). According to guidance from the Department of Health and Human Services (HHS), a BA is:

“[A] person or entity, other than a member of the workforce of a covered entity who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information. A [BA] also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another [BA].”

Essentially, if an organization is hired to handle, use, distribute, or access protected health information (PHI), they likely qualify as a BA under HIPAA regulation.

The quick rule to remember with Business Associates: before you share PHI, you must have a compliant BAA in place. A HIPAA Business Associate Agreement is the easiest way to protect your practice or organization in the event of a breach, which we’ll discuss in more detail below.

Compliancy Group’s web-based compliance solution, The Guard, comes equipped with everything you and your organization need to manage your HIPAA Business Associates.

Need BAA Help?

Let us help manage your business associate agreements.

HIPAA Seal of Compliance