BAA (Business Associate Agreement) is a contract between a HIPAA-covered entity (the organization who is delivering the product), and HIPAA business associates (the organization or vendor working with the entity to store, transmit, or process PHI). It’s basically an agreement between you (the entity) and the technology and services (the business associate) you choose to power your app.
The BAA is a legal contract that outlines the ways that the business associate complies with HIPAA, and responsibilities and risks that the business associate is taking on. BAAs include:
