BAA (Business Associate Agreement)
ComplianceA legally binding contract between a HIPAA covered entity (like a healthcare provider) and a business associate (like a software vendor) that establishes permitted uses and disclosures of protected health information (PHI). A BAA is required before any vendor can handle PHI on behalf of a covered entity.
Related terms
Covered Entity
Under HIPAA, a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically. Covered entities must comply with all HIPAA regulations including the Privacy Rule, Security Rule, and Breach Notification Rule. Most healthcare practices using digital intake forms are covered entities.
PHI (Protected Health Information)
Any individually identifiable health information held or transmitted by a covered entity or its business associates, in any form (electronic, paper, or oral). PHI includes 18 specific identifiers such as names, dates, phone numbers, email addresses, Social Security numbers, and medical record numbers when connected to health data.
HIPAA
Health Insurance Portability and Accountability Act, a US federal law enacted in 1996 that establishes national standards for protecting sensitive patient health information. HIPAA includes the Privacy Rule (who can access PHI), the Security Rule (technical safeguards required), and the Breach Notification Rule (what to do if data is compromised). Any healthcare provider or vendor handling patient data must comply.
Discover how baa (business associate agreement) works with Formisoft
Try Formisoft free for 14 days. No credit card required—instant setup!