Business Associate (HIPAA) Agreement

The Business Associate Agreement is required by HIPAA to allow a third (3rd) party (“business associate”) access to protected health information (PHI) from a medical office (“covered entity”). It outlines the rules by which personal medical records may be shared in accordance with federal law. After authorization, the business associate will be responsible for safeguarding all shared protected health information with specific instructions in the chance of a security breach. The business associate is strictly prohibited from selling any prohibited health information or using for underwriting.

HIPAA Laws – 45 CFR Part 16045 CFR Part 164

Employee (HIPAA) Agreement – For use by a medical office that will be hiring individuals that will be in contact with patient medical records.

Tax Class – A business associate in this agreement will be treated as a 1099 independent contractor responsible for payment of their personal income taxes and employees.

How to Write

Download in Adobe PDF, Microsoft Word (.docx) or Open Document Text (.odt).

1 – Access A Template Of This Agreement Directly From This Page

The preview image on this page will give you an opportunity to view the form before downloading it. You may download and use this template as a PDF, Word, or ODT file by selecting one of the buttons attached to the image.

2 – Both Parties Must Be Clearly Identified In Their Roles

Two parties will be directly involved with this Business Associate Agreement. While this form will contain the required language to operate under the HIPAA, the individuals it directly relates to must be presented in the initial paragraph.

First, we will address the role of the Covered Entity. This is the individual who intends to allow another to access and act with his or her Medical records. Fill in the First, Middle, and Last Name of the Covered Entity on the first blank line. This Name must be reported exactly as it appears on the Covered Entity’s official I.D.  Now, we must name the individual (Business Associate) who will be granted access to the Covered Entity’s medical records as per the Health Insurance Portability And Accountability Act Of 1996. Produce the Full Legal Name of the Business Associate on the second blank space in the first paragraph. Make sure this Name is identical to this entity’s I.D. Cards (i.e. Driver’s License, Passport).

3 – Review And Execute This Paperwork

Both the Covered Entity and the Business Associate should take the time to read this paperwork. It will cover topics such as what each party should expect, how the Business Associate may or may not behave, how this Agreement may be used, and other relevant information. If both parties have read and decided to agree to the terms listed in this document, then each one must participate in its execution.

The first signature area is titled “Covered Entity” and will require this party to sign and date his or her Name on the blank spaces labeled “Signature” and “Date” (respectively). Once his or her “Signature” has been provided, the Covered Entity must print his or her Name on the line labeled “Print Name” and document any “Title” he or she holds on the next blank space. The next section, “Business Associate” has been reserved so the entity accepting the responsibilities and approvals granted by this paperwork can sign his or her Name. The Business Associate must execute his or her “Signature” and report the Calendar Date when he or she signed this form on the first two blank spaces. The next line in this section will also contain two blank lines. Here the Business Associate is required to Print his or her Name and report any “Title” held accordingly.