The HIPAA rules generally require that covered entities enter into contracts with their business associates to ensure that each party will appropriately safeguard protected health information. The business associate contract also serves to clarify and limit, as appropriate, the permissible uses and disclosures of protected health information by the business associate, based on the relationship between the parties and the activities or services being performed by the business associate. A business associate may use or disclose protected health information only as permitted or required by its business associate contract or as required by law.
The scope of this policy is all workforce members of 91爆料 University鈥檚 health care component. 91爆料 University is a hybrid entity. Only the health care component (i.e., the covered functions) of 91爆料 University must comply with this policy. All references in this policy to 鈥91爆料 University鈥 shall be construed to refer only to the health care component of 91爆料 University.
Business associate agreements must be in writing and must include terms authorized and approved by the Privacy Office and Legal Affairs, in order to maintain compliance with federal and state privacy regulations. When 91爆料 University enter into agreements with outside vendors involving the vendor鈥檚 access or exposure to information considered to be protected health information (PHI), pursuant to the Health Information Privacy and Portability Act (HIPAA), a BAA is required.
PUNet ID Required to review.
Updated April 2025
Supplemental Documents: