Below, we’ve compiled the basic components and definitions of a HIPAA Business Associate Agreement template for you to peruse.  Keep in mind that BAAs are legally binding contracts, so it’s best to have a compliance expert, security officer, or lawyer help you before finalizing anything with your organization’s Business Associates (BAs).

Business Associates

But first, let’s define what exactly the HIPAA Rules qualify as a Business Associate (BA). According to guidance from the Department of Health and Human Services (HHS), a BA is:

“[A] person or entity, other than a member of the workforce of a covered entity who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information. A [BA] also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another [BA].”

Essentially, if an organization is hired to handle, use, distribute, or access protected health information (PHI), they likely qualify as a BA under HIPAA regulation.

The quick rule to remember with Business Associates: before you share PHI, you must have a compliant BAA in place. A HIPAA Business Associate Agreement is the easiest way to protect your practice or organization in the event of a breach, which we’ll discuss in more detail below.

Compliancy Group’s web-based compliance solution, The Guard, comes equipped with everything you and your organization need to manage your HIPAA Business Associates.