Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HIPAA » HIPAA Agreement

HIPAA Agreement

A HIPAA Business Associate Agreement is a contract between a HIPAA-covered entity (like a healthcare provider) and a business or individual that helps with certain functions involving PHI. It’s essentially a written arrangement that outlines how the PHI is used.

HIPAA requires covered entities to work with business associates who demonstrate the prowess to protect PHI. This must be validated using a contract or an agreement.

Also, the Health and Human Services (HHS) can audit business associates and subcontractors for HIPAA compliance, not just the covered entities. All three levels (covered entities, business associates, and subcontractors) must have a Business Associate Agreement (BAA) to meet HIPAA requirements.

What’s included in the agreement?

The Business Associate/Subcontractor Agreement must spell out several important details, as per HHS guidelines:

  • It describes how PHI can be used by the business associate/subcontractor
  • It ensures that the business associate/subcontractor will only misuse or share PHI within what the contract allows or requires by law
  • It mandates safeguards to prevent improper PHI use or sharing

Once these relationships are identified, you must ensure that third parties safeguard the PHI they handle. A signed agreement documents that the business associate understands and commits to handling PHI securely.

Additional reading

Blogs PCI DSS

PCI DSS Compliance: Complete Guide

As a founder of a business that processes online transactions, PCI compliance is mandatory, irrespective of the size and type of your organization. Compliance must be maintained year-round and validated annually, as required by credit card companies and outlined in network agreements. The PCI Standards Council (SSC) develops and maintains these standards to secure payment…
risk matrix with impact score
Blogs Risk Management

Enterprise Risk Management: Frameworks, Implementation, Cost

Every business choice you make has some inherent risk to it—some very small, such as setting your password policy right, while others are much bigger, like entering a new market. Just think about it—what if the supplier doesn’t deliver? Or what if the compliance requirements in a new geography are vastly different from what you…
HIPAA Certification Cost [Updated 2024 + Free Checklist]
Blogs HIPAA

HIPAA Certification Cost [Updated 2025 + Free Checklist]

The most common HIPAA budgeting mistakes include underestimating the costs of certification, overlooking the need and costs of ongoing compliance and not updating budgets regularly. This in turn poses a challenge for founders to balance HIPAA certification costs with other business priorities. From preliminary prep work to audit expenses and post-audit maintenance, the costs can…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales