Sample BAA Agreement:
$ 100 Coalition members
$ 130 non-members
Sample Amendment to BAA Agreement:
$ 55 Coalition members
$ 75 non-members
Templates will be emailed - so please be sure to specify valid email address. All templates are in Microsoft Word format.
Download the order form.
For questions contact Teyana Reed at (212)
742-1600 x101 or firstname.lastname@example.org
HIPAA Business Associate Agreements
HIPAA BUSINESS ASSOCIATE AGREEMENTS
June 10, 2013
Created by Lewis Creek Systems, LLC
This information and the template agreements are provided as an educational guide to
HIPAA compliance only. Review any changes or replacements of your agreements with your attorney to ensure
compliance with state law and consistency with your counsel’s recommended legal language and provisions.
The Health Information Technology for Economic and Clinical Health Act (HITECH) within the American Recovery and Reinvestment Act of 2009 (ARRA) contains several provisions that require modification of Business Associate Agreements (BAAs) between HIPAA Covered Entities (CEs) and their Business Associates (BAs) who may use or disclose protected health information on their behalf. These changes are now codified in the HIPAA Omnibus Update published January 25, 2013.
The changes are focused primarily in three areas of concern:
- Requirements for BAs and their subcontractors to comply with specific sections of the HIPAA Rules
- New language surrounding breach notification and the securing of data
- New disclosure-related requirements where Electronic Health Records (EHRs) are concerned.
Two documents are provided for consideration:
- A set of amendment language to be used with pre-existing business associate agreements. The language includes that required for both Security and HITECH/Omnibus changes, and for the HITECH/Omnibus changes separately.
- A complete set of agreement language based on the proposed language put forth by the US Department of Health and Human Services (HHS) under the Privacy Rule, based on the “standard” agreement put forth by HHS on January 25, 2013, available at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html.
The documents include numerous explanations and notes describing additional considerations for sections that may be affected when regulations are issued.