BAA

A Business Associate Agreement is the mandatory contract between a Covered Entity and its Business Associate to handle PHI under HIPAA. Sets BA safeguards, limits uses/disclosures, and mandates incident reporting.