HIPAA business associate agreement (BAA)

A HIPAA business associate agreement (BAA) is a contract between a HIPAA covered entity and a HIPAA business associate (BA) that is used to protect personal health information (PHI) in accordance with HIPAA guidelines.

Security

RELATED TOPICS

INDUSTRIES
HIPPA
+ Show More

Under the U.S. Health Insurance Portability and Accountability Act of 1996, a HIPAA business associate agreement (BAA) is a contract between a HIPAA covered entity and a HIPAA business associate (BA). The contract protects personal health information (PHI) in accordance with HIPAA guidelines.

Effective Feb. 18, 2010 in accordance with the HITECH Act of 2009, a BA's disclosure, handling and use of PHI must comply with HIPAA Security Rule and HIPAA Privacy Rule mandates. Under the HITECH Act, any HIPAA business associate that serves a health care provider or institution is now subject to audits by the Office for Civil Rights (OCR) within the Department of Health and Human Services and can be held accountable for a data breach and penalized for noncompliance.

With these new regulations in mind, a HIPAA business associate agreement should explicitly spell out how a BA will report and respond to a data breach, including data breaches that are caused by a business associate's subcontractors. In addition, HIPAA business associate agreements should require a BA to demonstrate how it will respond to an OCR investigation.

This was first published in July 2012

Continue Reading About HIPAA business associate agreement (BAA)

Glossary

'HIPAA business associate agreement (BAA) ' is part of the:

View All Definitions

Dig deeper on Electronic health records security compliance

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close