HIPAA Business Associate Policy

Summary

This template HIPAA business associate policy establishes an employee health plan sponsor's internal policies and procedures for dealing with third-party service providers that will handle protected health information on behalf of the plan (HIPAA business associates) in accordance with requirements under the Health Insurance Portability and Accountability Act (HIPAA). This template includes practical guidance and drafting notes. For a full listing of key content covering HIPAA considerations, see HIPAA Resource Kit. For a general discussion of the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and other so-called HIPAA administrative simplification provisions, see HIPAA Privacy, Security, Breach Notification, and Other Administrative Simplification Rules. For a template services agreement between a covered health plan and a business associate, see HIPAA Business Associate Agreement.