Model Business Associate Agreement Template Page 2
ADVERTISEMENT
1
2
3
4
5
6
7
8
9
10BUSINESS ASSOCIATE AGREEMENT
T
B
A
A
(“Agreement”) dated _________________,
HIS
USINESS
SSOCIATE
GREEMENT
2012 (the “Effective Date”), is entered into by and between ____________________ (“Covered
Entity”) and ____________________(“Business Associate”), each a “Party” and collectively,
the “Parties.”
Covered Entity and Business Associate have entered into, are entering into, or may
subsequently enter into, agreements or other documented arrangements (collectively, the
“Business Arrangements”) pursuant to which Business Associate may provide products and/or
services for Covered Entity that require Business Associate to access, create and use health
information that is protected by state and/or federal law.
Pursuant to the Administrative Simplification provisions of the Health Insurance
Portability and Accountability Act of 1996 (“HIPAA”), the U.S. Department of Health & Human
Services (“HHS”) promulgated the Standards for Privacy of Individually Identifiable Health
Information (the “Privacy Standards”), at 45 C.F.R. Parts 160 and 164, requiring certain
individuals and entities subject to the Privacy Standards (each a “Covered Entity”, or
collectively, “Covered Entities”) to protect the privacy of certain individually identifiable health
information (“Protected Health Information” or “PHI”).
Pursuant to HIPAA, HHS issued the Security Standards (the “Security Standards”), at 45
C.F.R. Parts 160, 162 and 164, for the protection of electronic protected health information
(“EPHI”).
In order to protect the privacy and security of PHI, including EPHI, created or maintained
by or on behalf of the Covered Entity, the Privacy Standards and Security Standards require a
Covered Entity to enter into a “business associate agreement” with certain individuals and
entities providing services for or on behalf of the Covered Entity if such services require the use
or disclosure of PHI or EPHI.
On February 17, 2009, the federal Health Information Technology for Economic and
Clinical Health Act was signed into law (the “HITECH Act”), and the HITECH Act imposes
certain privacy and security obligations on Covered Entities in addition to the obligations created
by the Privacy Standards and Security Standards.
The HITECH Act revises many of the requirements of the Privacy Standards and
Security Standards concerning the confidentiality of PHI and EPHI, including extending certain
HIPAA and HITECH Act requirements directly to Business Associates.
The HITECH Act requires that certain of its provisions be included in business associate
agreements, and that certain requirements of the Privacy Standards be imposed contractually
upon Covered Entities as well as Business Associates.
THSA– Model Business Associate Agreement
Page 2
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Business