Legal Templates

20M+ Documents Created Since 2015

Free HIPAA Subcontractor Agreement Template

Protect health information sharing between a business associate and a subcontractor with a HIPAA subcontractor agreement. Legal Templates's guided form will help you draft yours online in minutes.

  • 4.9
    2 Ratings
  • Takes 3 minutes
  • Ready to customize
  • PDF & Word

How It Works

  1. 1
    Choose Our Template
    Select our HIPAA subcontractor agreement template
  2. 2
    Answer Simple Questions
    Complete our guided questionnaire to customize your document
  3. 3
    Download Your Document
    Download your final agreement in PDF or Word format
  • Sara Hostelley
    Written by
    Sara Hostelley
    Sara Hostelley
    Written by
    Sara Hostelley
    Sara Hostelley is a legal content editor with a bachelor’s degree in English from the University of South Florida. She has over five years of experience crafting informative content across industries, including career, legal, and business sectors, with a focus on making complex topics more accessible to users.
    Full Bio Editorial Guidelines
  • Josh Sainsbury
    Fact-checked by
    Josh Sainsbury
    Josh Sainsbury
    Fact-checked by
    Josh Sainsbury
    Josh Sainsbury is a business content editor with expertise in legal writing. His degree in magazine journalism from Southampton Solent University, combined with 10 years of experience in content creation, has allowed him to produce clear, accessible resources in the legal and business sectors.
    Full Bio Editorial Guidelines
  • Harvey Barbee, J.D.
    Legally Reviewed by
    Harvey Barbee, J.D.
    Harvey Barbee, J.D.
    Legally Reviewed by
    Harvey Barbee, J.D.
    Harvey Barbee is an attorney with 15 years of legal experience in family law, criminal law, personal injury, and civil litigation. He graduated with a bachelor's degree in political science and a juris doctor from the University of North Carolina School of Law. He's an active member of the North Carolina State Bar, North Carolina Bar Association, and Greensboro Bar Association.
    Full Bio Editorial Guidelines
Last updated April 15, 2026

What Is a HIPAA Subcontractor Agreement?

A HIPAA subcontractor agreement is a contract between a business associate and a subcontractor hired to perform services that involve the transmission of protected health information (PHI). It helps PHI remain secure according to the HIPAA Privacy and HIPAA Security Rules when tasks are delegated to subcontractors.

Under the HIPAA Omnibus Rulesubcontractors are directly liable for their own compliance. The primary business associate must still ensure compliance and review the subcontractor’s methods.

A business associate can also be a subcontractor who transmits PHI on behalf of another business associate. Any subcontractor hired by a business associate must enter into a written agreement that meets HIPAA requirements. Without one, they should not handle sensitive PHI.

A HIPAA subcontractor agreement must include the same conditions that apply to the business associate under its original HIPAA business associate agreement (BAA). The restrictions must be at least as stringent as they are in the original BAA, but they can be stricter. This contract states that the subcontractor must protect physical and electronic PHI. They’re required to limit their access to PHI to the minimum necessary to perform their assigned tasks.

What to Include in a HIPAA Subcontractor Agreement

A business associate subcontractor agreement clarifies the relationship between the two parties. It also ensures that the subcontractor knows to keep PHI secure and safe from unauthorized disclosure. Learn about the key elements of a HIPAA subcontractor agreement below:

  • Primary contractor’s details. The primary contractor is the business associate. They have their own agreement with a covered entity.
  • Subcontractor’s details. The subcontractor is the party hired by the business associate to perform services. Identify the subcontractor by listing their name and address.
  • Subcontractor’s services. Detail the services that the subcontractor will provide. Consider attaching a separate exhibit to your HIPAA subcontractor agreement to describe them.
  • Subcontractor’s obligations. Outline the subcontractor’s duties for handling access, amendment, and disclosure record requests related to PHI.
  • Restrictions on further subcontracting. State whether the subcontractor is allowed to hire subcontractors of their own. If they are, ensure they understand that they must enter their own HIPAA subcontractor agreement with the other party.
  • Permitted uses of PHI. Consider listing additional permitted uses beyond those listed in the contract. For example, the subcontractor may be allowed to use the PHI as needed for billing.
  • Compensation. Explain how the subcontractor will be paid for their services. Include a payment schedule and details about reimbursement for expenses.
  • Commencement of services. Explain when the subcontractor will start providing services. They may start when the contract is signed or on a different date.
  • Termination. State whether the HIPAA subcontractor agreement will end after the completion of all services. If not, it may end after a fixed period of time, on a specific date, or at will.
  • Breaches. Outline the procedures that a subcontractor must follow if they breach the contract. Clarify the reporting deadlines for communicating the breach to the business associate. This timeline is often tight to allow the primary contractor to meet their reporting deadlines.
  • IP ownership. Specify who keeps ownership of the work produced under this agreement.
  • Insurance. Many HIPAA subcontractor agreements require the subcontractor to maintain commercial general liability insurance.
  • Non-compete clause. This clause states that the subcontractor cannot perform similar services for another contractor. Consider using a non-compete agreement to outline your conditions, where permitted by applicable law.
  • Non-solicitation. If desired, state that the subcontractor cannot solicit the primary contractor’s customers.
  • Indemnification. Clarify whether the subcontractor will be liable for service claims brought against the client.
  • Dispute resolution. State how the parties will resolve disputes arising out of the contract.
  • Governing law. Name the state whose laws will govern the HIPAA business associate subcontractor agreement.

You cannot add a clause that opposes any HIPAA regulations. For example, you cannot allow the disclosure or use of PHI without written patient authorization.

HIPAA Subcontractor Agreement Sample

View our HIPAA subcontractor agreement sample to ensure your contract includes the necessary safeguards. Our template helps you meet the federal standards for protecting PHI and managing direct liability. Once you create your document with Legal Templates’s guided form, you can download a final copy in PDF or Word format.

This is a document preview. Your customized version will be created after you answer a few quick questions.
HIPAA Subcontractor Agreement
Related Documents

Use AI to explore Legal Templates

HIPAA Subcontractor Agreement Template

The document above is a sample. Please note that the language you see here may change depending on your answers to the document questionnaire.

Fill in the details
Download your Template
We’ll send you the free template via email - No need to create an account
Check Your Inbox
We just sent your template. 
Check your inbox to access it.
Free HIPAA Subcontractor Agreement Template