Use this button to switch between dark and light mode.

Know the Rules. HIPAA Business Associate Agreement Playbook

June 24, 2025 (3 min read)

The HIPAA Rules generally require that Covered Entities and Business Associates enter into a Business Associates Agreement (BAA) with their Business Associates to ensure that the Business Associates appropriately safeguard protected health information (PHI). This playbook provides guidelines and drafting tips for commonly negotiated provisions in BAAs between a "Covered Entity" (e.g., an employer-sponsored health plan, a health insurance company, a healthcare clearinghouses, healthcare providers, hospitals, physicians, pharmacies, nursing homes, etc.) that are subject to the Health Insurance Portability and Accountability Act (HIPAA), and a third-party service provider that will handle PHI on behalf of the Covered Entity (a "Business Associate"). 

READ NOW »

Related Content

  • HIPAA Business Associate Subcontractor Agreement
    Use this template/agreement for business associate subcontractors if you handle a covered entity’s protected health information (PHI). It applies to a service provider to an entity covered by HIPAA and a subcontractor of the service provider. This template includes practical guidance, drafting notes, and alternate and optional clauses.

Practical Guidance Updates 
Featuring the latest updates from your Practical Guidance account.    

PRACTICAL GUIDANCE CUSTOMER EMAIL EDITION ON THE WEB

Experience results today with practical guidance, legal research, and data-driven insights—all in one place.

Experience Lexis+