Baa Agreement Form

Please visit the U.S. Department of Health and Human Service website for more information on how HIPAA defines the companies and business partners covered. HIPAA allows counterparties to identify health-related information when such authority is conferred in the ASA. This provision is an example of this conferral of powers. Either most of the companies concerned do not allow counterparties to use anonymized data for commercial purposes, or they want to access searches carried out with anonymous data. Consider discussing other solutions with a lawyer who can review the provision. All relevant companies that intend to share protected health information with a third party must establish a HIPC-compliant counterparty agreement before declaring their readiness to do business together. In addition to our free BAA, ComplyAssistant also offers a complete turnkey solution to assess a CE`s BAs via our compliance management portal. For more information, visit our website with The Health Compliance Software.

This Agreement may be used as a separate agreement between the Parties or may be annexed to a Service Agreement as evidence. In particular, the law requires you to sign a counterparty agreement before any work is done. Failure to do so could be a costly mistake. See our sample agreement in PDF, which lists the terms of the partnership between “Covered Entity, Inc.” and “Business Associate, LLC.” The following terms used in this Agreement have the same meanings as the terms of the HIPAA Rules: breach, data aggregation, data records, disclosure, healthcare company, individual, minimum necessary, reference to data protection practices, protected health information, legal, secretary, security incident, subcontractor, insecure protected health information, and use. `counterparty` means any natural or legal person who is not a member of the staff of a classified entity, who performs functions or activities on behalf of a classified entity or who provides the classified entity with certain services which involve the counterparty`s access to protected health information. A “business partner” is also a subcontractor who creates, receives, maintains or transmits protected health information on behalf of another counterparty. Typically, HIPC rules require companies and covered counterparties to enter into contracts with their counterparties to ensure that counterparties adequately protect protected health information. The counterparty agreement shall also aim to clarify and, where appropriate, limit the permitted uses and disclosures of health information protected by the counterparty on the basis of the relationship between the parties and the activities or services performed by the counterparty.

. . .