ContractsCounsel Logo

Business Associate Agreement Review

Clients Rate Lawyers on our Platform 4.9/5 Stars
based on 7,473 reviews
Home Blog Business Associate Agreement Review

Jump to Section

Need help with a legal contract?

Post Project Now

Post Your Project (It's Free)

Get Bids to Compare

 Hire Your Lawyer

What is a Business Associate Agreement?

A business associate agreement, often abbreviated to BAA, is a legally binding contract used in the healthcare industry. BAAs were established under the Health Insurance Portability and Accountability Act (HIPAA) and are used to formalize the relationship between a covered entity, like a healthcare provider, and a business associate, like a vendor.

The business associate agreement outlines the specific responsibilities and requirements that the business associate must adhere to in order to protect and secure the protected health information of patients. The purpose of this contract is to ensure compliance with HIPAA regulations and maintain the privacy and security of personal health information.

How Do I Review a Business Associate Agreement?

Reviewing a business associate agreement is a crucial step for any organization in the healthcare industry that deals with protected health information.

To effectively review a business associate agreement, follow these steps:

  1. Obtain a copy and read the entire contract. Typically, the covered entity like a healthcare provider will provide the BAA to the business associate. Ensure that you have the most up-to-date version of the agreement and take your time reading the entire document.
  2. Review HIPAA compliance obligations. Carefully review the sections that outline each party's obligations regarding personal health information security, privacy, and compliance with HIPAA rules.
  3. Check for termination provisions. Review the BAA for termination clauses and understand the conditions under which the agreement can be terminated.
  4. Clarify dispute resolution procedures. The BAA should outline the procedures for dispute resolution which could involve mediation, arbitration, or litigation.
  5. Seek advice from a lawyer. If you are unsure about any aspect of the business associate agreement or have concerns about its terms, it's advisable to seek legal counsel familiar with the healthcare industry and HIPAA compliance.

What Should Be Included in a Business Associate Agreement?

A comprehensive business associate agreement should contain the following information and provisions:

  • Parties. The identities of all parties involved and clear designation of the covered entity and the business associate by name and contact information.
  • Scope of the agreement. A description of the services or functions the business associate will perform on behalf of the covered entity that involve the use or disclosure of personal health information.
  • HIPAA compliance obligations. The BAA should outline the specific HIPAA compliance obligations of both the covered entity and the business associate. Obligations can include the business associate’s obligation to use and disclose personal health information only as permitted by the agreement and HIPAA regulations.
  • Security measures. Detail the security measures and safeguards that the business associate will implement to protect personal health information. Common security measures include data encryption, access controls, and risk assessments.
  • Privacy practices. How the business associate will maintain privacy when handling personal health information. Methods could include limiting personal health information use and disclosure to the minimum necessary.
  • Reporting and breach notification. The procedures for reporting security incidents and breaches of personal health information including the timeframe for reporting, the method of reporting, and notification to the affected individuals.
  • Indemnification and liability. Each party's financial responsibilities in case of a breach or violation.
  • Termination provisions. The conditions under which either party can terminate the agreement and the required notice period for termination.
  • Dispute Resolution. The procedures for dispute resolution in case disagreements arise between the covered entity and the business associate.
  • Governing law. The governing law that will apply in case of legal disputes related to the BAA.
  • Signatures and effective date. The BAA must be signed and dated by authorized representatives of both the covered entity and the business associate.
Meet some lawyers on our platform

Zachary J.

180 projects on CC
View Profile

Emmanuel K.

1 project on CC
View Profile

Daniel R.

74 projects on CC
View Profile

James H.

2 projects on CC
View Profile

How Long is a Business Associate Agreement Good For?

Under HIPAA, there is no specific duration for the validity of a business associate agreement. However, several factors can influence how long a BAA should remain in effect.

  1. Duration of services. The primary factor that affects the duration of a BAA is the length of time the business associate will be providing services to the covered entity. The BAA should remain in effect for the duration of the services being provided.
  2. Retention of personal health information. The BAA should continue to be in effect if the business associate retains personal health information records, even if the business associate is no longer working with the covered entity.
  3. Regulatory compliance. HIPAA regulations are subject to change and the covered entity and business associate must maintain compliance. If there are updates to HIPAA rules during the term of the BAA, the agreement needs to be amended to follow HIPAA law.
  4. Business relationship changes. If there are significant changes in the business relationship between the covered entity and the business associate, like modifications to the scope of services, the parties may need to amend or extend the duration of the BAA.
  5. State and local laws. Some state and local laws may have regulations governing BAAs and the duration of the agreement. It is important that your business associate agreement complies with all applicable state and local regulations.

The duration of a business associate agreement can vary based on the specific terms outlined in the agreement, the type of services provided by the business associate, and the retention of personal health information.

If you are unsure how long your business associate agreement is good for or what the local laws and regulations dictate, you should contact a knowledgeable attorney. An attorney who specializes in business associate agreements will be familiar with applicable HIPAA requirements and laws to ensure that your business associate agreement is still in effect.

Should I Hire an Attorney to Review My Business Associate Agreement?

Yes. It is highly recommended that you hire an attorney to review your business associate agreement. BAAs are complex legal contracts that must adhere to HIPAA laws and regulations. It is essential that this document is up to date on current laws to protect both parties when dealing with personal health information.

Hiring a lawyer to review a business associate agreement provides the following advantages:

  • Legal expertise. A lawyer familiar with BAAs will have specialized knowledge of healthcare laws like HIPAA standards and laws governing personal health information. This legal expertise is essential to ensure the contract complies with all applicable laws.
  • Mitigating risks. BAAs often involve handling sensitive healthcare data. An attorney can help identify potential risks in the agreement and advise on ways to mitigate them. This can be crucial in protecting your interests and reputation.
  • Negotiation/customization. If the BAA needs negotiation or customization to better align with your business needs, an attorney can help you negotiate terms that protect your interests.

While legal services can be expensive up front, they can also save you money in the long run by preventing legal disputes or regulatory fines. Hiring a lawyer to review your business associate agreement will ensure that your contract is legally binding, enforceable, and protects your interests

Get Help with Hiring an Attorney

Do you need help with a business associate agreement review? If so, post a project in ContractCounsel's marketplace to receive bids from lawyers who are licensed to practice law in your state and can handle your project. All lawyers on the ContractsCounsel's platform are vetted by our team to make sure you are provided with top-tier service.

How ContractsCounsel Works
Hiring a lawyer on ContractsCounsel is easy, transparent and affordable.
1. Post a Free Project
Complete our 4-step process to provide info on what you need done.
2. Get Bids to Review
Receive flat-fee bids from lawyers in our marketplace to compare.
3. Start Your Project
Securely pay to start working with the lawyer you select.

Meet some of our Lawyers

Michael K. on ContractsCounsel
View Michael
5.0 (37)
Member Since:
June 28, 2021

Michael K.

Associate Counsel
Free Consultation
Miami, FL
5 Yrs Experience
Licensed in FL
St. Thomas University School of Law

A business-oriented, proactive, and problem-solving corporate lawyer with in-house counsel experience, ensuring the legality of commercial transactions and contracts. Michael is adept in reviewing, drafting, negotiating, and generally overseeing policies, procedures, handbooks, corporate documents, and more importantly, contracts. He has a proven track record of helping lead domestic and international companies by ensuring they are functioning in complete compliance with local and international rules and regulations.

Scott S. on ContractsCounsel
View Scott
5.0 (26)
Member Since:
October 27, 2021

Scott S.

Free Consultation
New York, NY
16 Yrs Experience
Licensed in NY
Benjamin Cardozo School of Law

Scott graduated from Cardozo Law School and also has an English degree from Penn. His practice focuses on business law and contracts, with an emphasis on commercial transactions and negotiations, document drafting and review, employment, business formation, e-commerce, technology, healthcare, privacy, data security and compliance. While he's worked with large, established companies, he particularly enjoys collaborating with startups. Prior to starting his own practice in 2011, Scott worked in-house for over 5 years with businesses large and small. He also handles real estate leases, website and app Terms of Service and privacy policies, and pre- and post-nup agreements.

Jeremiah C. on ContractsCounsel
View Jeremiah
5.0 (31)
Member Since:
March 5, 2021

Jeremiah C.

Partner/Attorney at Law
Free Consultation
15 Yrs Experience
Licensed in NV, TX
Thomas Jefferson

Creative, results driven business & technology executive with 24 years of experience (15+ as a business/corporate lawyer). A problem solver with a passion for business, technology, and law. I bring a thorough understanding of the intersection of the law and business needs to any endeavor, having founded multiple startups myself with successful exits. I provide professional business and legal consulting. Throughout my career I've represented a number large corporations (including some of the top Fortune 500 companies) but the vast majority of my clients these days are startups and small businesses. Having represented hundreds of successful crowdfunded startups, I'm one of the most well known attorneys for startups seeking CF funds. I hold a Juris Doctor degree with a focus on Business/Corporate Law, a Master of Business Administration degree in Entrepreneurship, A Master of Education degree and dual Bachelor of Science degrees. I look forward to working with any parties that have a need for my skill sets.

Matthew S. on ContractsCounsel
View Matthew
4.9 (9)
Member Since:
August 5, 2020

Matthew S.

Free Consultation
Flemington, NJ
39 Yrs Experience
Licensed in NJ, NY
Benjamin N. Cardozo School of Law (Yeshiva University)

I am a 1984 graduate of the Benjamin N Cardozo School of Law (Yeshiva University) and have been licensed in New Jersey for over 35 years. I have extensive experience in negotiating real estate, business contracts, and loan agreements. Depending on your needs I can work remotely or face-to-face. I offer prompt and courteous service and can tailor a contract and process to meet your needs.

Tim E. on ContractsCounsel
View Tim
4.9 (41)
Member Since:
August 12, 2020

Tim E.

Founding Member/Attorney
Free Consultation
Cleveland, OH
9 Yrs Experience
Licensed in OH
Cleveland-Marshall College of Law

Tim advises small businesses, entrepreneurs, and start-ups on a wide range of legal matters. He has experience with company formation and restructuring, capital and equity planning, tax planning and tax controversy, contract drafting, and employment law issues. His clients range from side gig sole proprietors to companies recognized by Inc. magazine.

Curt L. on ContractsCounsel
View Curt
Member Since:
August 13, 2020

Curt L.

Business Attorney
Free Consultation
Houston, TX
33 Yrs Experience
Licensed in TX
South Texas College of Law Houston

For over thirty (30) years, Mr. Langley has developed a diverse general business and commercial litigation practice advising clients on day-to-day business and legal matters, as well as handling lawsuits and arbitrations across Texas and in various other states across the country. Mr. Langley has handled commercial matters including employment law, commercial collections, real estate matters, energy litigation, construction, general litigation, arbitrations, defamation actions, misappropriation of trade secrets, usury, consumer credit, commercial credit, lender liability, accounting malpractice, legal malpractice, and appellate practice in state and federal courts. (Online bio at

Find the best lawyer for your project

Browse Lawyers Now
other helpful articles

How It Works

Post Your Project

Get Free Bids to Compare

Hire Your Lawyer


Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call

Find lawyers and attorneys by city