In order for Washington University to continue to comply with HIPAA regulations, we must ensure that new Business Associate Agreements (BAA) are completed with all trading partners and vendors with which Protected Health Information (PHI) is shared.

The new BAA has been developed in order to comply with the Health Information Technology for Economic and Clinical Health Act (HITECH Act) established mandatory breach reporting requirements for HIPAA-covered entities and their business associates and made other changes to HIPAA that affect covered entities and business associates.

You will notice that the question about whether or not PHI will be shared with the selected vendor is again being asked on Workday and Marketplace documents. The question you will see is as follows, “You have chosen a Patient-Specific Spend Category, please determine if a Business Associate Agreement is necessary for this supplier and transaction. By clicking submit, you are validating that this transaction does NOT contain PHI and have validated with your HIPAA Compliance Liaison that this vendor doesn’t require a BAA”. That question requires an answer as you create purchase documents.

Download the Business Associate Agreement (PDF format):

Business Associate Agreement

Contact Purchasing Services with any questions:

Lisa Owens

Greg Parrott

Business Associate​ Agreement Suppliers

We have created a list of the suppliers to whom Purchasing Services has sent a HIPAA Business Associate Agreement (BAA) or with whom another department has obtained a signed BAA. Refer to the “Status” column for details on each supplier.