Where can I find the Business Associate Agreement (BAA) template? 

Business Associate Agreement

What is a Business Associate?

A person or entity, other than a member of the workforce of a covered entity, who creates, receives, maintains, or transmits PHI on behalf of the covered entity.

What are examples of Business Associates (BA)*?

  • 3rd party billing company/consultant
  • Independent medical transcriptionist
  • Answering services
  • Document storage or disposal companies
  • Accreditation organizations
  • Temporary staffing organizations
  • Data conversion, de-identification and data analysis service providers
  • Photographer/Videographer
  • Freelance Reporter
  • Marketing Firm/Consultant
  • Web Designer

* List is not meant to be all inclusive of vendor types. 

What is a Business Associate Agreement (BAA)?

  • The HIPAA Rules generally require that covered entities and business associates enter into contracts (Business Associate Agreements) with their business associates to ensure that the business associates will appropriately safeguard protected health information.
  • A BAA serves to clarify and limit the permissible uses and disclosures of PHI by the BA based on the relationship between the parties and the activities or services being performed by the BA. 

How do I know if the University has a BAA with a particular person/entity/vendor? 

WU Purchasing Services maintains a list of all current BAAs:

Master BAA List

How do I obtain a BAA with a particular person/entity/vendor? 

The workforce member with the relationship with the vendor should forward a copy of the WU BAA template to their contact with the vendor for review and consideration.  Any proposed revisions to the template by the BA requires review/approval from the HIPAA Privacy Office prior to signature. 

Who Can Sign a BAA on behalf of the University?

  • Executive Vice Chancellor or Vice Chancellor with oversight responsibility, or
  • Assistant Vice Chancellor for Resource Management, or
  • HIPAA Privacy Officer