What Is a Business Associate Agreement?

Business contract agreements are usually taken into account especially when it involves two parties. Business contracts are usually made so people can agree to the terms and conditions written on them. A business associate agreement is defined as a written contract that specifies the duties and responsibilities of a party or both parties when it comes to protected health information. This business agreement includes both the covered entities and their business associates having the sense of responsibility for protecting the health information. Having this kind of agreement is the best and safest way to protect an organization as well as the practice in the event of a breach from the associate.

A business associate may disclose protected health information only when he or she is permitted to do so or even when they are required by the law. But they cannot just directly disclose information from it since it adheres to the law, punishments may be sanctioned accordingly.

Who Needs a Business Associate Agreement?

A business associate agreement can be used by an organization or company that can potentially access protected health information in delegating work to their employees. This agreement should be signed by a business associate. Direct employees from a company need not sign this kind of business agreement since they are not considered business associates. It is the responsibility of the employer to train the employees in their utmost integrity and perseverance. In an instance where an employer hires a subcontractor and that they will come in contact with protected health information, a business associate agreement is ought to be executed. Following the terms and conditions of the agreements, the subcontractor has to agree to identical restrictions the same as the original business associate.

What Are The Obligations of Business Associate?

There are obligations and activities that a business associate should willingly agree to. Listed below are the following obligations and activities:

Elements of a Business Associate Agreement

In order for business-minded people to have a full grasp of the meaning of this agreement. There are certain elements of a business associate agreement that needs to comprehend, although some are self-explanatory, stated below are the following elements that you look at and take into account.

Established Protected Health Information: The covered entity and business associate must establish the permitted and requires uses and disclosures of protected health information by the business associate.Provide that the business associate will not disclose the information: It should be stated in the agreement that the covered entity must provide that the business associate is not to disclose further information to other people regardless if permitted or they are required by the contract or law.Require the business associate to implement appropriate safeguards: Requiring the business associate to implement appropriate safeguards can prevent unauthorized use or disclosure of the information, including all the requirements needed from a certain security rule with regard to electronically protected health information.Require the business associate to report to the covered entity: Reporting all incidents of disclosure that constitutes breaches of unsecured protected health information.Require the business associate to disclose protected health information as specified in its contract: Having this required satisfies a covered entity’s obligation with respect to individuals’ requests for copies of their own protected health information as well as to make it available for amendments.Carry out a covered entity’s obligation:  To the extent, the business associate is to carry out a covered entity’s obligation under the Privacy Rule. It is also required from the business associate to comply with the requirements applicable to the obligation.Return or destroy all protected health information: At the end of the contract or its termination, if it is possible and can be done, it is required from the business associate to return or destroy all protected health information received from, or created and received by the business associate on behalf of the covered entity.Ensure the same restrictions to subcontractors: It is required from the business associate to ensure that if the employer has hired a subcontractor, they should also follow the same restrictions, terms, and conditions that apply to the business associate with respect to such information.Authorize termination of the contract: A complete termination of the contract is implied by the cover identity if the business associate violates a material term of the contract. Contracts between business associates and business associates that are subcontractors are subject to these same requirements.

How To Create a Business Association Agreement

In creating a business association agreement, there are a lot of templates and provisions that you can find online. There is necessary information that is taken into account when you opt to download a business agreement. In this section, you will be able to create a business associate agreement in just a few easy steps.

1. Access a Template That Is Easily Downloadable

Business Association Agreement Templates are readily made available, you just have to take quick access to them and download it. This is convenient for those organizations or companies that have business associates and subcontractors.

2. Roles Should Be Identified Clearly

There are two parties that are directly involved with the Business Association Agreement. Moreover, a business association agreement usually has the required language to operate under the HIPAA. The individuals it directly relates must be presented in the initial paragraph. The first thing to be addressed is the role of the covered entity. The role of the covered entity is to allow another to access and act with his or her medical record. Basic information of the cover entity must be stated in the agreement which has the first blank line. The name must be reported exactly as it appears on the covered entity’s official identification card. The next thing to put in is the name of the business associate who will be granted to the covered entity’s medical records. His or her name must be written on the second blank space in the first paragraph following the cover entity. You must also make sure that the business associate’s name is identical to his or her identification card such as driver’s license, passport, or any government-issued identification card.

3. Review and Execute The Paperwork

The cover entity and the business associates should take time to review the business agreement to avoid any mistakes or false information that is stated in the agreement. It will cover topics such as what each party should expect, how the Business Associate may or may not behave, how the Agreement may be used, and other relevant information. IF both parties have agreed that all written outputs are factual and there are no corrections seen and implicated then each one must participate in its execution. Following this, both parties should affix their signature on the blank spaces that are labeled “Signature” and “Date”, respectively. Once, both of the signatures have been affixed, the business associate has been reserved so the entity accepting the responsibilities and approvals granted by this paperwork can sign his or her name.

This article includes a sample business associate agreement provisions that may help covered entities and business associates easily comply with all the contract requirements. These sample templates are written and made with the purpose of having a clear and concise provision between the cover entity and business associate.


Who Is Not Considered a Business Associate?

Business associate exceptions include but are not limited to internet service providers, US postal service, and other courier services. These exceptions are considered ‘conduits’ for protected health information.

What Happens if My Business Associate Discloses Protected Health Information?

If a business associate fails to meet the requirement of the business agreement, then, sanctions are provided that could result in substantial ramifications. Penalties and violations for making uses or disclosures of protected health information that are not authorized by the agreement or contract, or by the law. When a business associate breaches the business associate agreement, the covered entity must take reasonable steps to amend the breach and end the violation. Should the steps be unsuccessful, the agreement is put to an end or is terminated. If the contract is terminated, the covered entity is said and required to report such a problem to the office for Civil Rights.

Do You Have to Sign a Business Associate Subcontractor Agreement (BASA) With a Business Associate?

Yes, a subcontractor does not have any contact with a covered entity yet he or she must sign a business associate subcontractor agreement with the business associate to comply with such requirements.

In handling a business or a corporation, the employer can have a business associate who works as a member of a workforce of a covered entity. In simpler, the business associate is like the pawn in a game of chess where they serve as the guard to protect someone behind. Yet, in order for them to have an appropriate function, an agreement is made to be signed by both parties so that there will be no biases in having such responsibility and obligation. Should there be any mistakes, false information, or breach amendments, the covered entity can file a lawsuit bearing in mind that the protected health information has been disclosed to another party or it is authorized by the contract or required by law. A business associate has also been made directly liable and subject to civil penalties for failing to protect the health information if such an incident may occur in a given scenario.