HIPAA Business Associate Agreements

In order for Washington University to continue to comply with HIPAA regulations, we must ensure that new Business Associate Agreements (BAA) are completed with all trading partners and vendors with which Protected Health Information (PHI) is shared.

The new BAA has been developed in order to comply with the Health Information Technology for Economic and Clinical Health Act (HITECH Act) that established mandatory breach reporting requirements for HIPAA-covered entities and their business associates and made other changes to HIPAA that affect covered entities and business associates.

You will notice that the question about whether or not PHI will be shared with the selected vendor is again being asked on AIS and Marketplace documents. That question requires an answer as you create purchase documents. A “YES” answer will be the prompt for Resource Management to send the new BAA to the vendor.

Download the Business Associate Agreement (PDF format):

Business Associate Agreement

Contact Purchasing Services with any questions:

Lisa Owens

Greg Parrott

Business Associate​ Agreement

We have created a list of the suppliers to whom Purchasing Services has sent a HIPAA Business Associate Agreement (BAA) or with whom another department has obtained a signed BAA. Refer to the “Status” column for details on each supplier.

View HIPAA Business Associate Suppliers