HIPAA Business Associate Agreement Check List [Infographic]

Request the ReminderCall.com Business Associates Agreement

Why Have a HIPAA Business Associate Agreement?

Since 2009 there have been more than 800 patient data breaches and 29 million patient records affected by HIPAA violations. The Office of Civil Rights has been carrying out its second phase of HIPAA audits, and it is estimated that 350 healthcare organizations will be asked to submit information on protected health information (PHI) security. Of those, approximately 150 will be audited and may face fines. ⁽¹⁾

If you are a healthcare provider, a health plan, or a healthcare clearinghouse (i.e. a “covered entity”), the HIPAA Privacy Rule allows you to use the services of another person or business. Before you can disclose patient-protected health information to this “business associate”, you must have them sign a HIPAA Business Associate Agreement (BAA). This is a contract meant to protect patient privacy and prevent accidental disclosures of patient data. The BAA stipulates that the business associate will use the information only for the purposes for which it was hired. It requires safeguards to prevent information misuse. In essence, it helps you comply with some of your duties under the Privacy Rule. ⁽²⁾

HIPAA Business Associate Agreement Contents

Want to know what you need to include in the Business Associate Agreement between you and your vendor? To give you a summary of the requirements we’ve reviewed instructions from the HHS Office for Civil Rights and created the infographic below.