• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Legal Templates

Legal Templates
  • Business Forms
    • Business Formation
      • LLC Operating Agreement
      • Articles of Incorporation
      • Shareholder Agreement
      • Partnership Agreement
      • Business Purchase Agreement
      • Joint Venture Agreement
      • Single-Member LLC Operating Agreement
    • Business Operations
      • Letter of Intent
      • Non-Disclosure Agreement (NDA)
      • Non-Compete Agreement
      • Invoice Template
      • Purchase Order
      • Hold Harmless Agreement
      • Release of Liability Form (Waiver)
      • Buy-Sell Agreement
      • Construction Contract
      • Licensing Agreement
    • Employment
      • Independent Contractor Agreement
      • Employment Contract
      • Freelance Contract
      • Leave of Absence Letter
      • Leave of Absence Agreement
      • Resignation Letter
    • Cease and Desist Letter
      • Copyright Infringement
      • Debt Collection
      • Defamation
      • Harassment
      • Trademark Infringement
  • Real Estate Forms
    • Lease Agreements
      • Lease/Rental Agreement
      • Sublease Agreement
      • Room Rental Agreement
      • Month-to-Month Lease Agreement
      • Commercial Lease Agreement
      • Short Term Lease Agreement
      • Land Lease Agreement
      • Lease Renewal
      • Lease Amendment
    • Lease Termination Letter
      • Eviction Notice
      • Notice to Vacate
      • Early Lease Termination Letter
      • Late Rent Notice
    • Deeds & Property
      • Warranty Deed
      • Mortgage Deed
      • Quitclaim Deed
      • Deed of Trust
      • Mechanic’s Lien
      • Property Management Agreement
    • Rental Application
    • Real Estate Purchase Agreement
    • Employment Verification Letter
  • Estate Planning Forms
    • Power of Attorney
      • Medical Power of Attorney
      • Durable Power of Attorney
      • Revocation of Power of Attorney
    • Wills
      • Living Will
      • Last Will and Testament
      • Codicil to Will
    • Advance Directive
    • Living Trust
    • DNR Form
  • Finance Forms
    • Loans
      • Promissory Note
      • Loan Agreement
      • IOU
      • Demand For Payment Letter
    • Bill of Sale
      • Vehicle Bill of Sale
      • Boat Bill of Sale
      • Firearm Bill of Sale
      • Horse Bill of Sale
      • Trailer Bill of Sale
    • Sales & Purchases
      • Sales Agreement
      • Purchase Agreement
      • Gift Affidavit
      • Stock Purchase Agreement
  • Personal/Family Forms
    • Affidavits
      • Affidavit of Death
      • Affidavit of Domicile
      • Affidavit of Heirship
      • Affidavit of Identity
      • Affidavit of Residence
      • Affidavit of Service
      • Affidavit of Title
      • Financial Affidavit
      • Gift Affidavit
      • Small Estate Affidavit
    • Marriage
      • Divorce Agreement
      • Prenuptial Agreement
      • Cohabitation Agreement
      • Separation Agreement
      • Postnuptial Agreement
    • Child & Pet Forms
      • Child Medical Consent
      • Child Travel Consent Form
      • Child Custody Agreement
      • Pet Care Agreement
    • Medical Records Release Form
  • Resources
    • All Legal Documents
    • Article Categories
      • Business
      • Estate Planning
      • Financial
      • Personal & Family
      • Real Estate
  • Help
    • Email Us
    • Contact Us
    • About Us
  • Sign In
  • :email
    • Dashboard Home
    • My Account
    • My Billing History
    • Sign Out
  • Help
    • Contact Us
    • Email Us
    • About Us
    • (855) 335-9779 Monday-Friday, 10AM - 6PM EDT
  • Sign In
  • :email
    • Dashboard Home
    • My Account
    • My Billing History
    • Sign Out

Home Legal Documents HIPAA Business Associate Agreement

Free (HIPAA) Business Associate Agreement

Use our HIPAA Business Associate Agreement if your business has access to health information and wants a third party to handle it.

Updated November 12, 2020

Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has required thousands of companies around the US to create business associate agreements.

HIPAA regulations allow covered entities to hire third-party service providers or other persons or businesses (known as business associates), with whom they would disclose protected health information (PHI) in order to assist the covered entity in carrying out its healthcare functions.

If your business has access to protected health information and plans to form partnerships with third parties to handle this information, you need this document.

Specifically, you’re required by law to sign a business associate agreement before any work is performed. Not doing so could be a costly mistake.

Protect your patients and your business with our free business associate templates, or simplify the process with our online builder.

What Is a Business Associate Agreement?

A HIPAA business associate agreement (BAA) is a written contract detailing both the covered entity and business associate’s responsibilities regarding confidential, personally identifiable health information — and is legally distinct from a non-disclosure agreement.

Details include:

  • the business associate’s permitted and required uses and disclosures of PHI.
  • a clause stating the business associate will not use or further disclose PHI other than as permitted by the BAA or as required by law.
  • measures the business associate must take to keep PHI secure.
  • steps the business associate must take in the event of a breach.

What is a business associate?

A business associate is any individual, agency, or organization that is given protected health information in order to perform a service on behalf of a covered entity.

An example of a business associate would be:

  • A third-party administrator that assists a health plan with claims processing.
  • A CPA firm whose accounting services require a healthcare provider to disclose protected health information.
  • An attorney whose legal services to a health plan involve access to protected health information.
  • A consultant who performs utilization reviews for a hospital.
  • A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a healthcare provider, and then forwards the processed transaction to an insurance payer.
  • An independent medical transcriptionist who provides transcription services to a physician.
  • A pharmacy benefits manager who manages a health plan’s pharmacist network.

What is a covered entity?

HIPAA defines a covered entity as any healthcare provider, health insurance plan, or health care clearinghouse that collects and electronically transmits an individual’s protected health information.

An example of a covered entity would be:

  • Doctors
  • Clinics
  • Nursing homes
  • Pharmacies
  • Insurance companies
  • Government healthcare programs
  • Billing services
  • Health Information Systems

Please visit the US Department of Health & Human Service website for more information on how HIPAA defines covered entities and business associates.

Who needs a business associate agreement?

All covered entities that plan to share protected health information with a third-party must create a HIPAA-compliant business associate agreement before agreeing to do business together.

As the electronic sharing of healthcare data and the use of digital and cloud-based storage increases, organizations within and adjacent to the health industry need a business associate agreement in order to operate.

HIPAA BAA Requirements

Compliance with the rules outlined under HIPAA is required by law if your company holds the personal health information of individuals, and seeks to expand business operations to outside associates.

What is BAA compliance?

The Health Insurance Portability and Accountability Act is broadly broken up into four sections:

  1. The Privacy Rule
  2. The HIPAA Security Rule
  3. The Breach Notification Rule
  4. The Enforcement Rules

In order to maintain HIPAA compliance, all covered entities and business associates must comply with the HIPAA privacy standards, as well as security and breach notification rules.

Privacy Rule

The HIPAA privacy rule set national standards to protect the confidentiality of health information with which business associates and covered entities must comply. It maintains that covered entities can’t use or disclose health information to third-parties without the consent of the individual.

Furthermore, it gives patients greater control over their protected health information by allowing them to review, correct inaccuracies, and obtain copies of their personal medical records.

Security Rule

The security rule established which safeguards must be put in place to protect PHI. For instance, a comprehensive security risk analysis of a covered entity and business associate’s operations should be conducted before either party is allowed to handle and transmit PHI.

Breach Notification Rule

A security breach is when the security and privacy of the protected health information has been compromised. HIPAA requires covered entities to notify all individuals whose protected health information is affected by a breach as well as the Secretary of Health and Human Services.

Business associates made aware of a security breach must promptly inform the covered entity so they may begin the proper notification processes.

Enforcement Rule

By establishing the enforcement rule, HIPAA set forth the rules by which covered entities and business associates must comply with the Health and Human Services department during any HIPAA violation investigation — in addition to the ramifications and penalties for violating HIPAA.

Penalties for violating HIPAA regulations

It’s in both the covered entity and business associate’s best interest to avoid violating HIPAA — the consequences of which may cripple your company.

Depending on the nature of the violation, current civil and criminal penalties under HIPAA include:

  • Minimum of $100 (up to $25,000) for each negligent violation made by an individual
  • Minimum of $50,000 (up to $250,000) for each willful violation made by an individual
  • Prison sentence of up to one year for each negligent violation
  • Prison sentence of up to five years for receiving PHI through dishonest means
  • Prison sentence of up to ten years for willful violations with the intent to profit or do harm

You can avoid civil penalties by implementing appropriate procedures to correct a non-willful violation within 30 days.

Related Business Operations Documents

View All Documents

Create a Partnership

  • Affiliate Agreement
  • Arbitration Agreement
  • Business Contract
  • Joint Venture Agreement
  • Manufacturing and Supply Agreement
  • Toll Manufacturing Agreement
  • Tolling Agreement

Manage Business Property

  • Business Purchase Agreement
  • Buy-Sell Agreement
  • Letter of Intent
  • Sales Agreement

Protect Your Business

  • Cease and Desist Copyright Infringement Letter
  • Cease and Desist Debt Collection Letter
  • Cease and Desist Defamation Letter
  • Cease and Desist Harassment Letter
  • Cease and Desist Letter
  • Cease and Desist Trademark Infringement Letter
  • Confidentiality Agreement
  • Hold Harmless (Indemnity) Agreement
  • Mutual Non-Disclosure Agreement (NDA)
  • Non-Disclosure Agreement (NDA)
  • Release of Liability Form (Waiver of Liability)
HIPAA Business Associate Agreement
PDF Word

Free HIPAA Business Associate Agreement Form

Create Your Business Associate Agreement in Minutes!

Legal Documents

  • All Legal Forms
  • Bill of Sale Forms
  • Quitclaim Deed
  • Cease and Desist
  • Last Will and Testament
  • Articles of Incorporation

Popular Forms

  • Lease Agreements
  • Power of Attorney Forms
  • Eviction Notice
  • Living Will
  • Non-Disclosure Agreement

Resources

  • Business
  • Estate Planning
  • Financial
  • Personal & Family
  • Real Estate

Company

  • Home
  • Blog
  • About Us
  • Contact Us
  • Partner With Us

Users

  • Account
  • Pricing
  • Terms of Use
  • Privacy Policy
McAfee - Together is power.
Trustpilot
BBB Accredited Business

(855) 335-9779, Monday-Friday, 10AM - 6PM EDT

Facebook Twitter LinkedIn

Copyright 2021 Legal Templates LLC. Legal Templates LLC is not a lawyer, or a law firm and does not engage in the practice of law. Legal Templates cannot and does not provide legal advice or legal representation. All information, software and services provided on the site are for informational purposes and self-help only and are not intended to be a substitute for a lawyer or professional legal advice. Use of this site is subject to our Terms of Use.