Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HIPAA » HIPAA Agreement

HIPAA Agreement

A HIPAA Business Associate Agreement is a contract between a HIPAA-covered entity (like a healthcare provider) and a business or individual that helps with certain functions involving PHI. It’s essentially a written arrangement that outlines how the PHI is used.

HIPAA requires covered entities to work with business associates who demonstrate the prowess to protect PHI. This must be validated using a contract or an agreement.

Also, the Health and Human Services (HHS) can audit business associates and subcontractors for HIPAA compliance, not just the covered entities. All three levels (covered entities, business associates, and subcontractors) must have a Business Associate Agreement (BAA) to meet HIPAA requirements.

What’s included in the agreement?

The Business Associate/Subcontractor Agreement must spell out several important details, as per HHS guidelines:

  • It describes how PHI can be used by the business associate/subcontractor
  • It ensures that the business associate/subcontractor will only misuse or share PHI within what the contract allows or requires by law
  • It mandates safeguards to prevent improper PHI use or sharing

Once these relationships are identified, you must ensure that third parties safeguard the PHI they handle. A signed agreement documents that the business associate understands and commits to handling PHI securely.

Additional reading

cybersecurity budget

Where Should You Focus Your (Limited) Cybersecurity Budget?

Large organizations with over 10,000 employees often maintain 100+ security tools for various use cases. Yet, despite this arsenal, even the most well-established companies continue to fall victim to cyberattacks. On the other hand, smaller businesses, with an average of 11 security tools, according to Frost & Sullivan, often need an in-house IT team to…
CISO tools

CISO Essentials: The Top 5 Tools You Can’t-Miss

The cost of cybercrime is expected to soar by 15% every year, reaching a whopping $10.5 trillion annually by 2025. The real concern now isn’t if a cyberattack will happen but when it will strike. So, how can you protect your organization from this looming threat as a CISO (Chief Information Security Officer)? The key…
risk management framework

Risk Management Framework (RMF): Key Components and Best Practices

“Risk Management lets you appreciate the risk while you let someone else shoulder all the worry.” – Anthony T. Hincks Risk is a natural part of business and any projects you undertake. Whether it’s day-to-day operations or financial choices, risk is always present. But there’s a smart way to handle it: a Risk Management Framework….

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.