Business Associate Agreement

Clients Rate Lawyers on our Platform 4.9/5 Stars
based on 3,979 reviews

Jump to Section

Need help with a legal contract?

Post Project Now

Post Your Project (It's Free)

Get Bids to Compare

 Hire Your Lawyer

What Is A Business Associate Agreement?

A business associate agreement, also known as business associate contracts, is a legally-binding document that establishes a party’s responsibilities regarding personal healthcare information (PHI). The contract must provide guidance on a privacy policy for protecting PHI and electronic PHI (ePHI) on cloud services, applications, storage, and communications.

Numerous rules and regulations are surrounding PHI and ePHI. Health care lawyers can help business associates and providers draft an agreement.

Here is an article about what a business associate agreement is .

Understanding Business Associate Agreements

Business associate agreements are specific to healthcare providers and others who deal with PHI. They are part of the continuous effort to ensure that PHI and ePHI are not inadvertently or intentionally disclosed to unauthorized individuals. Specific individuals must sign a business associate agreement and acknowledge all applicable laws.

Who Should Sign A Business Associate Agreement?

All relevant parties should sign a business associate agreement. However, these agreements are generally signed by managers with protocols implemented and delegated to the team individually.

These are the following individuals who typically sign a business agreement:

  • Vendors
  • Contractors
  • Hospitals
  • Clinics
  • Labs
  • Attorneys
  • And more

If you have questions about who should be signing a business associate agreement in your organization, ensure that you speak with healthcare lawyers for advice. They can help you identify all parties with a vested legal or financial interest in the matter.

Here is an article on the basics of business associate agreements .

ContractsCounsel Business Associate Agreement

Who Needs A Business Associate Agreement?

There are two parties who could need a business associate agreement. The first one is a business associate, and the second is a covered entity. Both parties have separate duties and responsibilities that should be carefully established in a business associate agreement.

Who Is Considered A Business Associate?

Business associates are individuals or business entities who perform specific activities that involve the direct use or divulgence of PHI or ePHI. These activities include operation management and administration according to the Privacy Rule and Administrative Simplification Rules.

A business associate can range from software companies to cloud services providers. Anyone who could potentially view PHI or ePHI and is not a covered entity employee is a business associate.

Covered Entity vs. Business Associate

Covered entities are hospitals and healthcare providers and are different from business associates. Business associates are not employed by covered entities. However, a business associate provides a service to the covered entity as part of its normal course of business.

Here is an article about business associates .

Meet some lawyers on our platform

Bryan B.

97 projects on CC
View Profile

Daniel R.

8 projects on CC
View Profile

Kristen R.

39 projects on CC
View Profile

Todd H.

2 projects on CC
View Profile

Parts of a Business Associate Agreement

Under HIPAA and HITECH, business associates must follow specific security rules and routinely review them when working with a covered entity. For both parties to protect themselves, it is essential to address the key parts of a business associate agreement. Leaving out important details can result in legal problems in the future.

These are the parts of a business associate agreement under Health and Human Services (HHS) guidelines:

  • Part #1: Establish permitted uses of PHI as well as any disclosures.
  • Part #2: Require that the business associate not use the information as permitted or required by law.
  • Part #3: Demand that the business associate utilize reasonable security protocols to prevent unauthorized use of PHI.
  • Part #4: Set terms and conditions related to breaches of PHI.
  • Part #5: Address the business associate’s obligation to handle PHI copy requests.
  • Part #6: Explain how HIPAA obligations require business associates to comply with applicable laws.
  • Part #7: Require the business associate to maintain high internal standards and practice related to the handling of PHI.
  • Part #8: Determine how contract terminations should be handled as well as how to return or destroy PHI data.
  • Part #9: Specify how business associates should deal with subcontractors and their use of PHI.
  • Part #10: Provide for contract termination of a material business associate violation from the terms contained within.

As you can see, business associate agreements are highly technical and complex. It is necessary and imperative to understand the role of HIPAA compliance and BAAs when forging this type of relationship with a covered entity. If you have any questions, privacy lawyers are able to provide specific legal advice.

ContractsCounsel Business Associate Agreement Child Image

Image via Pexels by Ketut Subiyanto

HIPAA-Compliance and BAAs

The Health Insurance Portability and Accountability Act (HIPAA) sets standards that are not just limited to covered entities. HIPAA standardized how PHI should be used, stored, transmitted, and disclosed for everyone working in the healthcare industry. Since business associates use PHI, it is essential that BAAs comply with current rules and regulations.

Here is an article about HIPAA business associate agreements .


Get Free Bids to Compare

Leverage our network of lawyers, request free bids, and find the right lawyer for the job.

Get Bids Now

BAAs and Cloud Services

Before business associates can use, store, or process PHI, they must ensure that the services of the covered entities are secure. Even if the business associate claims that they are HIPAA and HITECH compliant, they cannot use ePHI until a risk analysis is performed when it is being stored in the cloud.

However, there is an added element in that cloud services are also considered business associates. As such, covered entities must ensure that they have BAAs in place with them as well. Before uploading any PHI data to cloud services, the covered entity must have a signed BAA with their providers.

Cloud computing service providers can be liable for accessing ePHI if their services do not comply with HIPAA standards, even if they did not see any data. It is also essential to remember that not all cloud computing providers are willing to sign BAAs.

Also, BAAs do not necessarily make cloud services to be HIPAA compliant upon signing. Even with an agreement in place, HIPAA laws can be violated, which means that no provider can be authentically HIPAA compliant alone.

Simply put, HIPAA compliance is determined by how the platform is used.

Getting Help With a Business Associate Agreement

Federal and state laws take HIPAA violations seriously. As such, it is critical to hire healthcare lawyers when getting help with a business associate agreement. The value, knowledge, and experience they provide will protect you and your organization in the future while avoiding common pitfalls.

These are the advantages of hiring healthcare lawyers when dealing with a business associate agreement:

  • Vast knowledge of laws that help you avoid HIPAA violations
  • Ability to interpret laws and court rulings when making decisions
  • Business associates and covered entities will understand their rights
  • Experience will help clients better prepare for the transaction
  • Manage expectations among all negotiating parties
  • Compliance under all federal, state, and county regulations and laws, such as the CCPA
  • Representation in case future disputes arise

Due to the intricate nature of healthcare laws, especially those related to PHI and HIPAA, ensure that you do not make the critical mistake of guessing your way through the business associate agreement. Doing so could create problems in the future, and the losses could far outweigh the costs of hiring privacy lawyers the first time around.

Privacy lawyers will listen to your needs and draft a contract that meets them. They will also focus on keeping patient information private and secure.

Here is an article with resources for providers on PHI compliance and data security .

Need Help from Privacy Lawyers?

Get help from privacy lawyers in your state with ContractsCounsel. Post your project for free to start receiving proposals.

How ContractsCounsel Works
Hiring a lawyer on ContractsCounsel is easy, transparent and affordable.
1. Post a Free Project
Complete our 4-step process to provide info on what you need done.
2. Get Bids to Review
Receive flat-fee bids from lawyers in our marketplace to compare.
3. Start Your Project
Securely pay to start working with the lawyer you select.

Meet some of our Business Associate Agreement Lawyers

Orin K. on ContractsCounsel
View Orin
5.0 (3)
Member Since:
October 23, 2021

Orin K.

Partner
Free Consultation
Get Free Proposal
New York
19 Yrs Experience
Licensed in NY
New York Law School

I'm an employment lawyer. I counsel and represent employees in all professions, from hourly workers to doctors and executives, and all in between. I also counsel and represent employers in many aspects of employment law.

Scott S. on ContractsCounsel
View Scott
4.9 (14)
Member Since:
October 26, 2021

Scott S.

Attorney
Free Consultation
Get Free Proposal
New York, NY
16 Yrs Experience
Licensed in NY
Benjamin Cardozo School of Law

Scott graduated from Cardozo Law School and also has an English degree from Penn. His practice focuses on business law and contracts, with an emphasis on commercial transactions and negotiations, document drafting and review, employment, business formation, e-commerce, technology, healthcare, privacy, data security and compliance. While he's worked with large, established companies, he particularly enjoys collaborating with startups. Prior to starting his own practice in 2011, Scott worked in-house for over 5 years with businesses large and small. He also handles real estate leases, website and app Terms of Service and privacy policies, and pre- and post-nup agreements.

Michelle F. on ContractsCounsel
View Michelle
Member Since:
January 24, 2022

Michelle F.

Attorney
Free Consultation
Get Free Proposal
New York
5 Yrs Experience
Licensed in NY
Touro College Jacob D. Fuchsberg Law Center

I provide comprehensive legal and business consulting services to entrepreneurs, startups and small businesses. My practice focuses on start-up foundations, business growth through contractual relationships and ventures, and business purchase and sales. Attorney with a demonstrated history of working in the corporate law industry and commercial litigation. Member of the Bar for the State of New York and United States Federal Courts for the Southern and Eastern Districts of New York, Southern and eastern District Bankruptcy Courts and the Second Circuit Court of Appeals. Skilled in business law, federal court commercial litigation, corporate governance and debt restructuring.

Steve C. on ContractsCounsel
View Steve
Member Since:
October 26, 2021

Steve C.

Principal | Attorney
Free Consultation
Get Free Proposal
Irvine
24 Yrs Experience
Licensed in CA
Loyola Law School

I am a corporate and business attorney in Orange County, CA. I advise start-ups, early-growth companies, investors, and entrepreneurs in various sectors and industries including technology, entertainment, digital media, healthcare, and biomedical.

Oscar B. on ContractsCounsel
View Oscar
Member Since:
October 28, 2021

Oscar B.

Attorney
Free Consultation
Get Free Proposal
Saint Petersburg, FL
21 Yrs Experience
Licensed in FL
Stetson University, College of Law

Oscar is a St. Petersburg native. He is a graduate of the University of Florida and Stetson University, College of Law. A former US Army Judge Advocate, Oscar has more than 20 years of experience in Estate Planning, Real Estate, Small Business, Probate, and Asset Protection law. A native of St. Petersburg, Florida, and a second-generation Gator, he received a B.A. from the University of Florida and a J.D. from Stetson University’s College of Law. Oscar began working in real estate sales in 1994 prior to attending law school. He continued in real estate, small business law, and Asset Protection as an associate attorney with the firm on Bush, Ross, Gardner, Warren, & Rudy in 2002 before leaving to open his own practice. Oscar also held the position of Sales & Marketing Director for Ballast Point Homes separately from his law practice. He is also a licensed real estate broker and owner of a boutique real estate brokerage. As a captain in the US Army JAG Corps, he served as a Judge Advocate in the 3rd Infantry Division and then as Chief of Client Services, Schweinfurt, Germany, and Chief of Criminal Justice for the 200th MP Command, Ft. Meade, Maryland. He is a certified VA attorney representative and an active member of VARep, an organization of real estate and legal professionals dedicated to representing and educating veterans. Oscar focuses his practice on real small business and asset protection law.

Find the best lawyer for your project

Browse Lawyers Now

Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call