Institutional Review Board (IRB)

HIPAA Compliance Forms

Business Associate Agreements

HIPPA requires a covered entity to enter into a Business associate agreement with someone hired by the entity to perform certain tasks involving PHI. In the research context that may involve telephone follow ups, database management, web hosting, etc. The Covered Entity is the entity that holds the Protected Health Information -- i.e. the entity that is disclosing the information in most cases.

If you already have an agreement it will be necessary to add the Business Associate Addendum [DOC]

If this a new agreement you must use the Business Associate Agreement [DOC]. To complete this form the services the BA is performing and for which PHI may be used are to be listed on Schedule A (alternatively, you may list them in Section 3.a and revise it accordingly). The names of the Covered Entity and the Business Associate also need to be added on the first page and the last page.

Please contact the legal department if you have further questions.

HIPAA Compliance Forms List