Business Associate Agreement Explained

Everything You Need To Know About the Business Associate Agreement

The purpose of a business associate agreement (BAA) is to ensure there aren’t any violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

Does creating the business associate agreement seem challenging? This guide will tell you how to write a BA contract hassle-free. We will also show you the best and quickest way to draw up any legal document!

HIPAA Business Associate Agreement Explained

According to the Health Insurance Portability and Accountability Act Privacy Rule, the business associate agreement needs to be signed between:

  • Covered entities (CE) and business associates (BA)
  • Business associates and business associate subcontractors (BAS)

The HIPAA Privacy Rule secures the Protected Health Information (PHI), such as client, patient, and employee data. The BAA is a legal contract that specifies the signing parties’ PHI responsibilities. Covered entities should only work with BAs who agree to sign the BAA.

Covered Entity

A covered entity is an individual or organization that provides medical treatment or collects health information. These are some of the covered entities:

  • Dentist
  • Physician
  • Health insurance provider
  • Optometrist
  • Health plan
  • Ophthalmologist
  • Healthcare clearinghouse

One covered entity has the right to disclose the PHI to another CE for payment, treatment, and healthcare operations purposes. In this case, the business associate agreement isn’t required.

Business Associate

Business associates are organizations hired to create, receive, transmit, or maintain the PHI on the covered entity’s behalf. The following organizations are common business associates:

  • Medical billing companies
  • File sharing vendors
  • Attornies
  • Accountants
  • Transcription services
  • IT support vendors
  • Backup storages
  • Email encryption providers
  • Shredding companies
  • File sharing vendors

If a business associate has access to the PHI, the covered entity should require a business associate agreement.

Business Associate Subcontractor

Business associates have the right to hire an organization that will create, maintain, transmit, and receive the PHI on their behalf. In this case, the subcontractor needs to sign the business associate agreement. The Health and Human Services (HSS) can check if the BAA has been signed even when a business associate hires a subcontractor.

Other Employees

Employees who aren’t associates or subcontractors aren’t expected to sign a BAA. To ensure these individuals don’t disclose the PHI, you can ask them to sign a confidentiality agreement that states the following:

  • What type of information the contract covers
  • Whether the signing party needs to return the info in question upon the employer’s request
  • What the consequences for breaching the PHI are

Why Is the Business Associate Agreement Important?

Since the PHI can be found in multiple places nowadays—not only your doctor’s office—protecting that info is of significant importance. The BAA allows covered entities to protect their practice even if some other individual or organization is hired to transmit, process, or store the PHI. The contract will also satisfy HIPAA regulations and ensure you don’t get fined.

What Happens if Someone Violates the Business Associate Agreement?

HIPAA will charge a penalty according to the severity of the violation if:

  1. There’s no business associate agreement
  2. The existing BAA is incomplete
  3. One of the signing parties fails to honor the BAA

Covered entities that disclose the PHI on purpose can face a fine of up to $50,000 and one year in prison. CEs whose intent was to sell or use the PHI for harm, personal gain, or commercial advantage will have to pay up to $250,000 and spend ten years in prison.

How To Create a Business Associate Agreement on Your Own

Considering the severe consequences of an incomplete business associate agreement, you should take the contract seriously. You might choose to hire a lawyer who will create a valid document for your business associates to sign. If you can’t afford a lawyer, you could consult a few BAA templates online.

You can also attempt to write the agreement yourself, but you need to make sure that the agreement is in accordance with the HIPAA and HHS requirements. Here’s what info you should include:

  • Your and your business associate’s names
  • What is the required and allowed PHI your business associate can use
  • State that the BAA or BAS won’t disclose other PHI
  • A clause that requires the BAA or BAS to use necessary safeguards to protect the PHI

Create a Myriad of Legal Documents in a Jiffy With DoNotPay

While you would need to hire a lawyer to create a business associate agreement, offers a more affordable solution for other legal documents.

Not everyone can afford legal assistance for every single document. That’s why DoNotPay has created a handy feature that will help you draw up an unlimited number of contracts for a small fee. Why waste time searching for contract templates that don’t include everything you need if you can rely on DoNotPay to create a complete and valid document for you?

To write a professional contract with our help, open your account and do the following:

  1. Enter the name of the document
  2. Answer all of the questions
  3. Download and sign the contract

Thanks to our feature, you can create various legal documents, including:

Real Estate

Business Contracts


Clear Your Schedule With the Help of DoNotPay

DoNotPay is renowned for making our users' lives infinitely easier. Not only can we root out unwanted subscriptions for you—you don't need to do it manually one by one any longer—but we can unsubscribe you from unwanted email and snail mail lists.

Fire up our app and let it navigate the phone tree instead of you or use it to make a DMV appointment at your earliest convenience. Forget about googling clinical trials near you—DoNotPay can sort them out according to your needs and their individual eligibility criteria.

We can fill out the paperwork that you need to file at your local small claims court to initiate a dispute. You can work around the U.S. penal system and have DoNotPay locate an imprisoned loved one instead of you trying to reach individual prisons attempting to do it yourself.

You don't need to go to great lengths to get in touch with a counselor to sign your college fee waiver either—DoNotPay does it for you and then forwards the necessary documents on your behalf.

DoNotPay Never Ceases To Amaze

Where there's one useful feature, there are nifty features galore!

Use our Virtual Credit Card to sign up for free trials and stop robocalls and spam text messages from reaching your phone. If you feel a free trial unrightfully turned into an expensive paid membership, we can help you request a refund or chargeback for the inconvenience.

We can further assist you in exercising your consumer rights by making a warranty claim in your place and verifying your online accounts with temporary phone numbers.

We can also break down the Freedom of Information Act for you and introduce you to online fax options and property tax reductions.

Want your issue solved now?