Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HIPAA » HIPAA Agreement

HIPAA Agreement

A HIPAA Business Associate Agreement is a contract between a HIPAA-covered entity (like a healthcare provider) and a business or individual that helps with certain functions involving PHI. It’s essentially a written arrangement that outlines how the PHI is used.

HIPAA requires covered entities to work with business associates who demonstrate the prowess to protect PHI. This must be validated using a contract or an agreement.

Also, the Health and Human Services (HHS) can audit business associates and subcontractors for HIPAA compliance, not just the covered entities. All three levels (covered entities, business associates, and subcontractors) must have a Business Associate Agreement (BAA) to meet HIPAA requirements.

What’s included in the agreement?

The Business Associate/Subcontractor Agreement must spell out several important details, as per HHS guidelines:

  • It describes how PHI can be used by the business associate/subcontractor
  • It ensures that the business associate/subcontractor will only misuse or share PHI within what the contract allows or requires by law
  • It mandates safeguards to prevent improper PHI use or sharing

Once these relationships are identified, you must ensure that third parties safeguard the PHI they handle. A signed agreement documents that the business associate understands and commits to handling PHI securely.

Additional reading

what is gdpr article 30

What is GDPR Article 30?

Does your organization fall under the purview of Article 30 of GDPR? Do you find it difficult to interpret the jargon? Are you still looking for a step-by-step guide to help you understand Article 30 of GDPR compliance?  In this article, we have detailed everything you need to know about Article 30 to help with…

How to perform a Cloud Security Assessment?

While 39% of organizations experienced a cloud data breach the previous year, 75% continued to host more than 40% of sensitive data on the cloud. As a CISO, you are always at the forefront of the battle between hosting data on the cloud and safeguarding data. The cloud has become the foundation of modern IT…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.