Glossary · Healthcare

Business Associate Agreement (BAA)

HIPAA contract between a covered entity and a vendor that handles protected health information on its behalf.

Definition

In long form.

Under HIPAA, any third party that creates, receives, maintains, or transmits Protected Health Information on behalf of a covered entity is a Business Associate. The BAA is the legal contract that binds that vendor to the same privacy and security standards as the covered entity. Subcontractors of Business Associates also need BAAs (subcontractor BAAs).

In context

Before any healthcare engagement begins, the BAA should be signed. We have a standard BAA on file that's been countersigned by every healthcare client we've worked with since 2019.

Related terms

Adjacent definitions.

Health Insurance Portability and Accountability Act(HIPAA)

Healthcare

U.S. law setting privacy and security standards for protected health information held by covered entities and their vendors.

Discovery first

Talk to us about your engagement.

Discovery calls are free. Scope, timelines, and pricing are quoted after we understand what you’re solving.

Request a discovery call