Business Associate Agreement (BAA) Template

Last updated: Written by: Eric Wang

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“Agreement”) is entered into by and between:

[Covered Entity Name], located at [Covered Entity Address] ("Covered Entity"),
and
[ScribeAI Inc.], a HIPAA-compliant AI transcription service provider, with principal offices at [Your Business Address] ("Business Associate").

This Agreement is effective as of [Date] (“Effective Date”).

1. Purpose

This Agreement is entered into to ensure that Business Associate will comply with the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”), with respect to Protected Health Information (“PHI”).

2. Definitions

  • Protected Health Information (PHI): Individually identifiable health information, as defined in 45 CFR §160.103.
  • Security Rule: The HIPAA Security Standards, 45 CFR Part 164 Subpart C.
  • Privacy Rule: The HIPAA Privacy Standards, 45 CFR Part 164 Subpart E.

3. Obligations of Business Associate

Business Associate agrees to:

  • Use and disclose PHI only as permitted under this Agreement or required by law.
  • Implement appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI.
  • Report to Covered Entity any security incident or breach of PHI without unreasonable delay and no later than 10 business days.
  • Ensure that any subcontractors or agents who receive PHI agree to the same restrictions and conditions.
  • Make PHI available to individuals as required under 45 CFR §164.524.
  • Make its internal practices and documentation available to the Secretary of HHS for compliance audits.
  • Return or securely destroy all PHI at termination of the Agreement, if feasible.

4. Permitted Uses and Disclosures

Business Associate may use or disclose PHI:

  • To perform services described in the underlying agreement between the parties.
  • As required by law.
  • For the proper management and administration of the Business Associate, provided that such disclosures are legally permissible.

5. Term and Termination

  • Term: This Agreement shall be effective on the Effective Date and shall remain in effect until terminated by either party.
  • Termination for Cause: Either party may terminate this Agreement if the other party breaches a material term and fails to cure the breach within 30 days.
  • Upon termination, Business Associate will return or destroy all PHI. If destruction is infeasible, Business Associate will continue to protect the PHI.

6. Miscellaneous

  • This Agreement is governed by HIPAA, HITECH, and applicable U.S. federal law.
  • This Agreement supersedes all prior understandings relating to HIPAA compliance between the parties.
  • This Agreement may be executed in counterparts and transmitted electronically.

IN WITNESS WHEREOF, the parties have executed this Agreement as of the Effective Date.

Covered Entity
By: __________________________
Name:
Title:
Date:

Business Associate (ScribeAI Inc.)
By: __________________________
Name:
Title:
Date: