Business Associate Agreements

Business Associate Agreements Made Easy


January 4, 2017 | Reading Time: 2 Minutes

Please support’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

In 2016, The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) levied millions in fines for the unlawful disclosure of protected health information (PHI) to Business Associates (BAs) and the Business Associate Agreements (BAAs) that they are required to use. HHS defines PHI as any health information that can be used to personally identify an individual patient. PHI often comes in the form of health records that contain demographic information such as a patient’s name, date of birth, address, social security number, telephone number, or financial information.

Under federal HIPAA regulation, Covered Entities (CEs) are required to execute contracts with their BAs in order to keep their patients’ data from being breached and distributed on the black market. Covered Entities are defined under HIPAA regulation as any health care provider, health plan, or clearinghouse that produces, stores, or maintains PHI.

These contracts, called Business Associate Agreements (BAAs), must be exchanged when a BA is hired to handle PHI in any way over the course of services they’ve been payed to provide for the health care provider. Common examples of BAs include lawyers, IT services, billing companies, cloud storage providers, and email encryption services, among others.

What should a good Business Associate Agreement contain?

BAAs should clearly identify the responsibilities of the health care provider and the business associate in regards to PHI. If a breach occurs, the federal government will look at these BAAs to determine liability. That’s why it’s essential for behavioral health specialists to have lawful and up-to-date BAAs to protect their practices and organizations from OCR’s record enforcements and fines.

For easy reference, here’s a quick list of features that every good Business Associate Agreement must contain:

  • The Health Care provider is identified as the Covered Entity
  • The Vendor is identified as the Business Associate
  • Liability in the event of a breach is clearly defined and belongs to whichever party is responsible for the source of the breach
Introduction to Telehealth Theory & Practice

Enjoy a fast-moving overview of telebehavioral and telemental health. Understand the key points related to telehealth clinical, legal, ethical, technology, reimbursement, social media and other pivotal issues.

Advanced Telehealth Regulations & Ethical Issues: Best Practices & Informed Consent

Essentials of practice guidelines published by the leading professional associations, explained with a focus on what-to-do rather than theory that leaves you empty-handed.

BCTP®-III Telehealth Training & Certificate

Join the elite professionals who have immersed themselves in the depths of telehealth training, obtained monthly group consultation to tailor their learning to their needs, and earned the coveted BCTP®-III distinction!

Disclaimer: offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…