HIPAA - Sample Business Associate Agreement 2013

Updated June 2013

The Department of Health and Human Services (HHS) has posted a Sample Business Associate Agreement on the HHS Office of Civil Rights website. Under the HIPAA Final Rule (January 2013), providers are required to update existing agreements or put new agreements in place by September 2014.

The original HIPAA rule (1996) focused on ensuring providers and health plans protected patient’s health information. The Final Rule extends these requirements to include "business associates" including contractors and subcontractors.

The Final Rule also details the requirements for reporting breaches of privacy and security to HHS.

Contact:

(202) 863-2584