HIPAA requires that a Covered Entity/Hybrid Covered Entity enter into a Business Associate Agreement (BAA) any time it will use a contractor or other non-workforce member to perform "Business Associate" services or activities on behalf of the Covered Entity. The purpose of the BAA is to protect the data and ensure that any party who performs functions/activities on behalf of the covered entity and will handle PHI in carrying out those duties adhere to certain standards to protect the data.
Subscribe to the UArizona Impact in Action newsletter to receive featured stories and event info to connect you with UArizona's research, innovation, entrepreneurial ventures, and societal impacts.