Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HIPAA » HIPAA Agreement

HIPAA Agreement

A HIPAA Business Associate Agreement is a contract between a HIPAA-covered entity (like a healthcare provider) and a business or individual that helps with certain functions involving PHI. It’s essentially a written arrangement that outlines how the PHI is used.

HIPAA requires covered entities to work with business associates who demonstrate the prowess to protect PHI. This must be validated using a contract or an agreement.

Also, the Health and Human Services (HHS) can audit business associates and subcontractors for HIPAA compliance, not just the covered entities. All three levels (covered entities, business associates, and subcontractors) must have a Business Associate Agreement (BAA) to meet HIPAA requirements.

What’s included in the agreement?

The Business Associate/Subcontractor Agreement must spell out several important details, as per HHS guidelines:

  • It describes how PHI can be used by the business associate/subcontractor
  • It ensures that the business associate/subcontractor will only misuse or share PHI within what the contract allows or requires by law
  • It mandates safeguards to prevent improper PHI use or sharing

Once these relationships are identified, you must ensure that third parties safeguard the PHI they handle. A signed agreement documents that the business associate understands and commits to handling PHI securely.

Additional reading

cloud incident response
Blogs Cloud compliance

Effective Cloud Incident Response: How to tackle and solve common challenges?

At the recent Bsides Las Vegas security conference, Roei Sherman, Field CTO at Mitiga, and Adi Belinkov, Director of IT and Security at Mitiga, delivered a sobering message to security professionals: “Attacking cloud instances is significantly easier, and defending them is much more challenging compared to on-premise networks.” The absence of a clearly defined perimeter…
How to Prepare a PCI DSS Report
Blogs PCI DSS

How to Prepare a PCI DSS Report (All You Need to Know)

If you accept debit or credit cards, you must achieve and maintain PCI Security Standards Council compliance. Any service provider that has the potential to affect the payment security of card transactions is also subject to Payment Card Industry Data Security Standard (PCI DSS). The PCI report is a cornerstone of this effort, providing an…
Depiction of a cybersecurity report
Blogs

Complete Guide to Cybersecurity Reports with Examples

How nice would your cybersecurity program drive predictable outcomes and preempt threats that matter most to the business, pinpoint areas that need attention, align stakeholders, win customer trust, and inform organization-wide security strategy? Well, that is precisely what cybersecurity reports help you establish.  Cybersecurity reports are more than hygiene documents—they are fundamental pieces of information…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales