HIPAA Business Associate Policy

Summary

This template HIPAA business associate policy establishes an employee health plan sponsor's internal policies and procedures for dealing with third-party service providers that will handle protected health information on behalf of the plan (HIPAA business associates) in accordance with requirements under the Health Insurance Portability and Accountability Act (HIPAA). This template includes practical guidance and drafting notes. For extensive coverage of important topics in the healthcare industry, see Healthcare Fundamentals Resource Kit. For a full listing of key content that can be used by in-house counsel to develop, revise, and implement a company's employee and third-party-related policies, see In-House Company Policies Resource Kit. For a full listing of key content covering HIPAA considerations, see HIPAA Resource Kit. For more on health information privacy and security, see Health Information Privacy and Security Resource Kit. For a general discussion of the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and other so-called HIPAA administrative simplification provisions, see HIPAA Privacy, Security, Breach Notification, and Other Administrative Simplification Rules. For a template services agreement between a covered health plan and a business associate, see HIPAA Business Associate Agreement. For more information on the privacy rule segment of the HIPAA omnibus rule, see Computer Law: A Guide to Cyberlaw and Data Privacy § 27.05.