(a) counterparties may only use or disclose protected health information in accordance with 45 CFR 164.502 (1) (ii) and 164.308 (b) (2), where applicable, ensure that all subcontractors who produce, receive, maintain or transmit protected health information on behalf of the counterparty accept the same restrictions, conditions and requirements as apply to the counterparty with respect to such information; Whenever a healthcare provider or healthcare provider hires a contractor who processes protected health information as part of their allocated work, both parties must sign a BAA. Some of them have adopted a “Better Safe than-Sorry” approach to address their definition problems and have entered into agreements with all the companies with which they have business relationships, whether they were necessary or not. Recent studies funded by the California Healthcare Foundation have shown that many companies have refused to unnecessarily enter into agreements with other covered companies and have also entered into agreements with providers who did not have access to PHI and would probably never do so. In one case, a covered company required its landscaper to sign a DE LIPPA counterparty agreement. In the simplest, a Business Association Agreement (BAA) is a legal contract between a healthcare provider and a person or organization that, as part of its services, obtains, transfers or stores protected health information (Phi) as part of its services. Whether you prefer to call it a business associate agreement or, like HIPAA, call it a business associate agreement, in one way or another, they are a critical component of a company`s efforts to be HIPAA compliant. Below, we`ve gathered the basic components and definitions of a HIPAA business agreement template that you can browse. Remember that BAs are legally binding agreements, so it`s best to have a designated security officer, attorney, or HIPAA compliance solution to help you navigate through these contracts. The direct staff of this organization is not required to sign a BAA, as they are part of your organization and are not themselves considered a business partner. . .