If the producers of 1970s TV series Black Sheep Squadron (formerly entitled Baa Baa Black Sheep) were looking for guest stars, Peter Frampton probably wasn't at the top of the list. It was a show ...
The dramatized World War II adventures of US Major Gregory "Pappy" Boyington and his Marine Attack Squadron 214, AKA The Black Sheep Squadron. The film also acted as the pilot for the television ...
A BAA serves to clarify and limit the permissible uses and disclosures of PHI by the BA based on the relationship between the parties and the activities or services being performed by the BA.
A Business Associate Agreement (BAA) is a contract required under HIPAA whenever a healthcare organization shares protected health information (PHI) with an outside company that will handle it.
Is a BAA required by law? Yes, a Business Associate Agreement (BAA) is a legal requirement under the Health Insurance Portability and Accountability Act (HIPAA). If you are a covered entity sharing Protected Health Information (PHI) with a vendor, you must have a BAA in place to be compliant.
What Should a BAA Include? According to the Department of Health and Human Services (HHS), a BAA should address: Permitted or Required Uses of PHI: Clearly define how the BA can use PHI. This includes specifying whether the BA can handle PHI for treatment, payment, or healthcare operations.
In this HIPAA Compliance Guide, we’ll explain exactly what BAAs are, why they’re essential for HIPAA compliance in healthcare software and hosting, and what elements every HIPAA-compliant BAA must include.
A BAA is not necessarily a single standalone agreement; BAAs often include a combination of service level agreements, response times for incidents, and RTO and RPO guarantees for a disaster recovery solution.