HIPAA Business Associate Agreement


Summary

This template business associate agreement is for an employer health plan subject to the Health Insurance Portability and Accountability Act (HIPAA) and a third-party service provider that will handle protected health information on its behalf (a HIPAA business associate), drafted in accordance with HIPAA requirements. This template includes practical guidance, drafting notes, and alternate and optional clauses. This template covers the specific business associate agreement requirements under HIPAA's Security and Privacy Rules (see 45 C.F.R. §§ 164.314(a) and 164.504(e)), as amended by Health Information Technology for Economic and Clinical Health Act (HITECH). Based in part on the January 2013 sample agreement available at the Department of Health and Human Services website, this template is enhanced to more clearly reflect HITECH compliance. For a full listing of key content covering HIPAA considerations, see HIPAA Resource Kit. For a full listing of related data security & privacy ...