HIPAA Business Associate Agreement


Summary

This form business associate agreement is for an employer health plan subject to the Health Insurance Portability and Accountability Act (HIPAA) and a third-party service provider that will handle protected health information on its behalf (a HIPAA business associate), drafted in accordance with HIPAA requirements. This template includes practical guidance, drafting notes, and alternate and optional clauses. This form covers the specific business associate agreement requirements under HIPAA's Security and Privacy Rules (see 45 C.F.R. §§ 164.314(a) and 164.504(e)), as amended by Health Information Technology for Economic and Clinical Health Act (HITECH). Based in part on the January 2013 sample agreement available at the Department of Health and Human Services website, this form is enhanced to more clearly reflect HITECH compliance. For more information on business associate agreements and HIPAA generally, see HIPAA Privacy, Security, Breach Notification, and Other Administrative ...