top of page

HIPAA Business Associate Agreement Template

What is a HIPAA Business Associate Agreement?

A HIPAA business associate agreement (BAA) is a legal contract between a covered entity and its business associate. A business associate is any person or entity that performs functions or activities on behalf of a covered entity that involves the use or disclosure of PHI.

A BAA is required under HIPAA to ensure that PHI is protected by the business associate and used only for authorized purposes. The BAA outlines the specific responsibilities of the business associate in protecting PHI and complying with HIPAA regulations.

The BAA also establishes the terms and conditions of the relationship between the covered entity and the business associate. This includes provisions related to termination of the agreement, indemnification, and liability for breaches of PHI.

HIPAA Business Associate Agreement Template:

This Business Associate Agreement (the "Agreement") is entered into by and between [Covered Entity Name], a [Type of Entity] with a principal place of business at [Address], ("Covered Entity") and [Business Associate Name], a [Type of Entity] with a principal place of business at [Address], ("Business Associate"). Covered Entity and Business Associate may each be referred to as a "Party" or collectively as the "Parties".


A. Covered Entity and Business Associate are parties to certain agreements or arrangements (the "Agreements") under which Business Associate may receive, create, maintain or transmit protected health information ("PHI") of individuals who are patients or clients of Covered Entity.

B. The Parties acknowledge that this Agreement is necessary to comply with the Health Insurance Portability and Accountability Act of 1996, as amended, and the regulations promulgated thereunder ("HIPAA").


1. Definitions

Capitalized terms not defined in this Agreement shall have the same meaning as in HIPAA.

2. Permitted Uses and Disclosures of PHI

Business Associate may use or disclose PHI only as necessary to perform the services set forth in the Agreements, or as required by law. Business Associate shall not use or disclose PHI for any other purpose without the prior written consent of Covered Entity.

3. Safeguards

Business Associate agrees to implement and maintain appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI in accordance with HIPAA.

4. Reporting of Breaches

Business Associate shall promptly report to Covered Entity any breach of unsecured PHI as required by HIPAA. Business Associate shall also cooperate with Covered Entity in investigating and mitigating the breach, as necessary.

5. Access and Amendment

Business Associate shall provide access to PHI to Covered Entity in accordance with HIPAA. Business Associate shall also cooperate with Covered Entity in responding to requests for amendment of PHI.

6. Termination

In the event of termination of the Agreements, Business Associate shall return or destroy all PHI in its possession, in accordance with HIPAA.

7. Indemnification and Liability

Business Associate shall indemnify and hold harmless Covered Entity from and against any and all claims, damages, losses, liabilities, and expenses arising out of Business Associate's use or disclosure of PHI in violation of HIPAA or this Agreement.

8. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the state where the Covered Entity is located.

9. Entire Agreement

This Agreement, together with the Agreements, constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior or contemporaneous oral or written agreements or understandings with respect to the subject matter hereof.

10. Amendments

This Agreement may not be amended except in writing signed by both Parties.

11. Counterparts

This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.

IN WITNESS WHEREOF, the Parties have executed this Agreement as of the date first above written.

[Covered Entity Name]

By: ________________________________ Print Name: ___________________________ Title: ________________________________

[Business Associate Name]

By: ________________________________ Print Name: ___________________________ Title: ________________________________

Recent Posts

See All


Commenting has been turned off.
bottom of page