As healthcare professionals and business owners, it is imperative to protect the confidentiality and security of patient information. This is where the Health Insurance Portability and Accountability Act (HIPAA) comes into play. HIPAA requires that any business associate who handles protected health information (PHI) sign a business associate agreement (BAA) in order to ensure compliance.
Finding a BAA template can be challenging, but fortunately, there are free options available. Here is a free HIPAA business associate agreement template for 2020 that you can use:
[Company Name] Business Associate Agreement
This Business Associate Agreement (“Agreement”) is made and entered into by and between [Your Company Name] (“Business Associate”) and [Healthcare Provider’s Name] (“Covered Entity”).
WHEREAS, Covered Entity is a “covered entity” as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and Business Associate is a “business associate” as defined by HIPAA;
WHEREAS, Covered Entity and Business Associate desire to enter into this Agreement to ensure compliance with the privacy and security of PHI as required by HIPAA;
NOW, THEREFORE, in consideration of the mutual promises and covenants set forth herein, the parties agree as follows:
1. Definition of Terms: In this Agreement, the following terms have the meanings set forth below:
a. “HIPAA” means the Health Insurance Portability and Accountability Act of 1996, including the regulations promulgated thereunder.
b. “PHI” means “protected health information” as defined by HIPAA.
c. “Electronic PHI” means PHI that is transmitted or maintained in electronic media.
d. “Breach” means an unauthorized access, acquisition, use, or disclosure of PHI that compromises the security or privacy of the PHI.
2. Obligations and Activities of Business Associate:
a. Use and Disclosure of PHI. Business Associate shall use PHI only for the purposes specified in this Agreement or as required by law.
b. Safeguards. Business Associate shall implement administrative, physical, and technical safeguards to protect electronic PHI in accordance with the Security Rule.
c. Reporting of Breaches. Business Associate shall report to Covered Entity any Breach of PHI promptly upon discovery.
3. Term and Termination:
a. Term. This Agreement shall be effective as of the date signed by both parties and shall continue until terminated by either party.
b. Termination for Cause. Either party may terminate this Agreement upon notice to the other party if the other party breaches a material term of this Agreement.
c. Return or Destruction of PHI. Upon termination of this Agreement, Business Associate shall return or destroy all PHI in its possession.
4. Miscellaneous:
a. Notices. All notices required or permitted to be given under this Agreement shall be in writing and shall be delivered personally, sent by certified or registered mail or by email.
b. Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the state in which the Covered Entity is located.
c. No Third-Party Beneficiaries. Nothing in this Agreement shall create any rights in or liabilities to any third-party beneficiaries.
The undersigned, on behalf of Business Associate and Covered Entity, have executed this Agreement as of the date set forth below.
[Your Company Name] [Healthcare Provider’s Name]
By: _______________________ By: _______________________
Name: _____________________ Name: ____________________
Title: ______________________ Title: _____________________
Date: _______________________ Date: ______________________
In conclusion, having a BAA in place is crucial for the protection of PHI and compliance with HIPAA regulations. Use this free HIPAA business associate agreement template for 2020 to ensure a smooth and secure business relationship between your organization and your healthcare provider clients.