HIPAA Business Associate Policy


This form HIPAA business associate policy establishes an employee health plan sponsor's internal policies and procedures for dealing with third-party service providers that will handle protected health information on behalf of the plan (HIPAA business associates) in accordance with requirements under the Health Insurance Portability and Accountability Act (HIPAA). This form includes practical guidance and drafting notes. For a general discussion of the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and other so-called HIPAA administrative simplification provisions, see HIPAA Privacy, Security, Breach Notification, and Other Administrative Simplification Rules. For a form services agreement between a covered health plan and a business associate, see HIPAA Business Associate Agreement.