H140 – Business Associate Agreement

Responsible Office: Institutional Compliance Office

Last Review: 04/01/2021

Next Review: 04/01/2024

Contact: Melanie Burlison, Privacy Officer

Phone: 901.448.8030

Email: institutional.compliance@uthsc.edu

Related Policies: FI0160 – HIPAA Re-designation and General Policy


The purpose of this Agreement is to satisfy the obligations of UTHSC and Contractors under HIPAA, and to ensure the integrity, confidentiality, privacy and security of UTHSC’s PHI.


Under the Privacy Rules, PHI cannot be disclosed to business associates without having in place a written contract that includes specific privacy protections. Business Associate Agreements (BAA) are critical to safeguarding PHI when used or disclosed by service providers such as third party administrators, benefit consultants and attorneys – not otherwise covered by the privacy rules. UTHSC has developed a standard Business Associate Agreement that should be used in any newly established business associate relationship, new contracts or any contracts with existing relationships that are being renewed.

BAA Agreement

See HIPAA Procedure H141 BAA – UTHSC Standard Agreement.

H140 – Business Associate Agreement
Version: 1 // Effective: 04/01/2021
PDF icon Downloadable PDF

Related Forms:

Related Policies: