This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Business Associate Contract Policy

Reference: 45 CFR § 160.103
Last Updated: July 5, 2023


Goal: Identify persons or organizations that meet the requirements to become Business Associate and the procedures used to protect confidential information.

The purpose of this policy is to delineate the steps used to identify and keep track of Business Associates.


Procedure: The Security Manager will ensure that all vendors that meet the requirements of Business Associates have been identified and that proper paperwork has been completed. As part of this policy the Security Manager will:

  • Determine whether or not each contracted organization is a Business Associate (BA Matrix).
    • Update the Business Associate access List.
    • Validate all the information required by HIPAA in each of the Business Associate contracts.
  • Develop an internal process, to review and modify existing contracts.
    • Define contract control procedures by documenting processes required by all in-house contract relationship managers to complete a thorough and consistent contract review before a contract is signed or renewed.
    • Obtain internal and external legal counsel to review and approve final contracts.
    • Assign responsibility for maintenance of the database and all third-party relationships.
    • Reports renewals, terminations, and missing relationship information to the appropriate parties.
  • If required, establish new Business Associate contracts
    • Ensure that authorized staff review and approve all pending contracts.
    • As new contracts are negotiated through your organization’s contract management process, review all contract vendors for Business Associate applicability.
    • If the vendor is determined to be a Business Associate, used the approved format for Business Associates.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram