SampleBusinessAssociateAgreement
Sendable draft language for legal review
Use this sample as a starting point with your legal team. Final terms are governed by the fully executed countersigned BAA.
BlueHive Sample Business Associate Agreement Template
This page provides BlueHive's sample BAA template language for customer legal review. The final executable agreement may include account-specific fields such as legal entity names, notice addresses, effective date, and limited negotiated redlines.
This sample is provided for information and planning only and is not legal advice. A countersigned agreement governs in all cases.
Parties, Effective Date, and Definitions
This Business Associate Agreement ("BAA") is entered between the Covered Entity (or Business Associate customer) and BlueHive Health, LLC ("Business Associate"), effective as of the date stated in the signature block. Capitalized terms have the meanings set forth in HIPAA, including Breach, Disclosure, Individual, PHI, Security Incident, and Unsecured PHI.
Permitted Uses and Disclosures
Business Associate may use and disclose PHI only as necessary to perform services for Covered Entity, as required by law, and as otherwise permitted in this BAA. Business Associate will not use or further disclose PHI in any manner that would violate HIPAA if done by Covered Entity, except as expressly permitted for proper management and administration where allowed by law.
Safeguards
Business Associate will implement appropriate administrative, physical, and technical safeguards, including Security Rule safeguards for electronic PHI, to protect against impermissible use or disclosure of PHI.
Reporting and Breach Notification
Business Associate will report to Covered Entity any use or disclosure of PHI not provided for by this BAA, any Security Incident of which it becomes aware, and any Breach of Unsecured PHI as required by HIPAA and the signed agreement timeline.
Subcontractors
Business Associate will ensure that subcontractors that create, receive, maintain, or transmit PHI on its behalf agree in writing to substantially the same restrictions and conditions that apply to Business Associate with respect to PHI.
Access, Amendment, and Accounting Support
To the extent required by HIPAA and requested by Covered Entity, Business Associate will make PHI available for access requests, provide information for amendment requests, and maintain disclosures information needed to support accounting obligations.
Availability of Records to Regulators
Business Associate will make internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary of HHS for purposes of determining HIPAA compliance, as required by law.
Term, Termination, and PHI Return/Destruction
This BAA remains in effect while Business Associate processes PHI on behalf of Covered Entity. Upon termination, Business Associate will return or destroy PHI where feasible. If return/destruction is infeasible, Business Associate will extend BAA protections to retained PHI and limit further uses and disclosures to permitted retention purposes.
Priority and Conflicts
With respect to PHI only, this BAA controls over conflicting terms in other agreements between the parties.
Signature Block
- Covered Entity / Customer
- Legal name, signer name, title, signature, date
- Business Associate (BlueHive Health, LLC)
- Legal name, signer name, title, signature, date
Questions About Our Policies?
Our team is here to help. Reach out if you have questions about our privacy practices, terms of use, or platform agreements.