HIPAA Business Associate Agreement Playbook

Summary

This playbook provides guidance for negotiating an agreement between a "Covered Entity" (e.g., health insurance companies, employer-sponsored health plans, healthcare clearinghouses, healthcare providers, hospitals, physicians, pharmacies, nursing homes, etc.) subject to the Health Insurance Portability and Accountability Act (HIPAA), 42 U.S.C. §§ 1320d through 1320d-9, and a third-party service provider that will handle protected health information on behalf of the Covered Entity (a "Business Associate"). This playbook is drafted in accordance with HIPAA requirements and includes practical guidance, drafting notes, and alternate and optional clauses. This playbook can be used by counsel to streamline the contract negotiation process for HIPAA Business Associate Agreements (known as a "BAA"), with a focus on a BAA between an employer health plan and a HIPAA Business Associate.