Skip subpage navigation
This Business Associate Agreement (BAA) language complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Breach and Enforcement Rules (HIPAA Rules). The BAA language has been updated to reflect the 2013 Health Information Technology for Economic and Clinical Health (HITECH) Act modifications to the HIPAA Rules issued by the Department of Health and Human Services. Provisions on breach response are included.
The BAA language is required after Sept. 23, 2013 when any solicitation or contract modification (or other agreement) includes functions, activities, or services involving the use and/or disclosure of protected health information. Note that the BAA language only covers HIPAA requirements. For language on other Federal privacy and information laws, please consult the applicable contracting officials.
You are leaving Health.mil
The appearance of hyperlinks does not constitute endorsement by the Department of Defense of non-U.S. Government sites or the information, products, or services contained therein. Although the Defense Health Agency may or may not use these sites as additional distribution channels for Department of Defense information, it does not exercise editorial control over all of the information that you may find at these locations. Such links are provided consistent with the stated purpose of this website.
You are leaving Health.mil
View the external links disclaimer.
Last Updated: July 11, 2023