Tips for Negotiating Business Associate Agreements with Health IT Vendors

When healthcare providers contract with health IT vendors for products and services such as an electronic health records (EHR) system, cloud hosting services, or connected devices, the vendor will most likely become the provider’s “business associate” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).¹ HIPAA requires covered entities and business associates to enter into a business associate agreement (BAA) that outlines the responsibilities of each party to ensure that patients’ protected health information (PHI) is secure.²