U.S. Business Associate Agreement (BAA)

From GM-RKB
Jump to navigation Jump to search

A U.S. Business Associate Agreement (BAA) is a U.S. healthcare contract agreement type between [[___]] and business associates when it comes to handling protected health information (PHI).



References

2022

  • https://www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html
    • NOTES:
      • Defines relevant terms like business associate, covered entity, and HIPAA Rules.
      • Outlines obligations and activities of the business associate, including to not disclose PHI improperly, implement security safeguards, report breaches, ensure subcontractors comply, provide access to PHI, amend PHI, account for disclosures, comply with HIPAA regulations, and make records available to HHS.
      • Specifies permitted uses and disclosures of PHI by the business associate, including minimum necessary requirements.
      • Allows the covered entity to inform the business associate of privacy practices and restrictions on use/disclosure of PHI.
      • Addresses term, termination, and post-termination obligations, such as returning or destroying PHI upon termination.
      • Includes optional miscellaneous provisions regarding regulatory references, amendments, and interpretation.
      • Provides sample language to facilitate HIPAA compliance but notes contracts still need to comply with state law and account for specifics of the business arrangement.

2012