Free HIPAA Vendor & BAA Management Templates
Vendors that touch ePHI need signed assurances, and their subcontractors do too. These templates cover business associate agreements and the downstream chain.
Read the Vendor & BAA Management guide →
This Policy establishes how [Organization], as a Business Associate, detects and reports breaches of unsecured PHI to the affected covered entity, without unreasonable delay and within the required timeframe, with the…
- Business Associate Agreement (BAA)reference
This is a contract between a Covered Entity (or a Business Associate) and its Business Associate.
This Policy establishes the obligations [Organization] accepts as a Business Associate (BA) when it creates, receives, maintains, or transmits protected health information (PHI) on behalf of a covered entity or anothe…
Repeatable, auditable steps for a Business Associate to keep PHI use and disclosure within its BAAs, enforce minimum necessary, respond to HHS and individual-rights requests, and handle PHI correctly at the end of a r…
This is the downstream BAA between a Business Associate and its Subcontractor.
This Policy establishes how [Organization], as a Business Associate, engages and oversees subcontractors that create, receive, maintain, or transmit protected health information (PHI) on its behalf, so that the protec…
Repeatable, auditable steps for engaging, binding, overseeing, and off-boarding subcontractors that handle PHI on [Organization]'s behalf, so protections flow down unbroken.
This Policy establishes how [Organization] selects, contracts with, and oversees the third-party vendors and service providers it relies on, and, where those vendors create, receive, maintain, or transmit protected he…
To provide repeatable, auditable steps for onboarding a vendor (due diligence and risk rating), determining whether a Business Associate Agreement (BAA) is required and executing it, recording the relationship in a ve…
9 templates in Vendor & BAA Management. Browse all 51 →