Responsible Office: Institutional Compliance Office
Last Review: 04/01/2021
Next Review: 04/01/2024
Contact: Melanie Burlison, Privacy Officer
Related Policies: FI0160 – HIPAA Re-designation and General Policy
The purpose of this Agreement is to satisfy the obligations of UTHSC and Contractors under HIPAA, and to ensure the integrity, confidentiality, privacy and security of UTHSC’s PHI.
Under the Privacy Rules, PHI cannot be disclosed to business associates without having in place a written contract that includes specific privacy protections. Business Associate Agreements (BAA) are critical to safeguarding PHI when used or disclosed by service providers such as third party administrators, benefit consultants and attorneys – not otherwise covered by the privacy rules. UTHSC has developed a standard Business Associate Agreement that should be used in any newly established business associate relationship, new contracts or any contracts with existing relationships that are being renewed.
See HIPAA Procedure H141 BAA – UTHSC Standard Agreement.