What is a Business Associate Agreement (BAA)?

BAA (Business Associate Agreement) is a contract between a HIPAA-covered entity (the organization who is delivering the product), and HIPAA business associates (the organization or vendor working with the entity to store, transmit, or process PHI). It’s basically an agreement between you (the entity) and the technology and services (the business associate) you choose to power your app. The BAA is a legal contract that outlines the ways that the business associate complies with HIPAA, and responsibilities and risks that the business associate is taking on. BAAs include:
  • Services the business associate provides
  • Types of data they are interacting with

Related Terms


So You’re Building a HIPAA-compliant App

Everything You Need to Know About Developing and Scaling a HIPAA-compliant App