HEALTHCARE BUSINESS ASSOCIATE AGREEMENT CHECKLIST: HIPAA COMPLIANCE Created by ChecklistGuro (https://checklistguro.com) --- BUSINESS ASSOCIATE IDENTIFICATION & SCOPE --- [ ] Business Associate Legal Name [ ] Business Associate Contact Person [ ] Business Associate Contact Phone Number [ ] Business Associate Type (e.g., Data Storage, Billing) (Data Storage, Billing Services, IT Support, Other) [ ] Detailed Description of Services Provided [ ] Agreement Start Date [ ] Business Associate Primary Location --- PERMITTED USES AND DISCLOSURES --- [ ] Purpose of Disclosure (Treatment, Payment, Healthcare Operations, Public Health Activities, Research, Other (Specify)) [ ] Detailed Description of Permitted Use [ ] Recipient of Disclosure (Patient, Healthcare Provider, Insurance Company, Government Agency, Other (Specify)) [ ] Justification for Specific Disclosure (If applicable) [ ] Requires Patient Authorization? (Yes, No) [ ] Authorization Expiration Date (If applicable) --- DATA SECURITY AND BREACH NOTIFICATION --- [ ] Encryption Method Used (AES-256, RSA, Other (Specify)) [ ] Data Encryption Key Rotation Frequency (Days) [ ] Description of Data Access Controls [ ] Breach Notification Timeline Adherence (Yes, No, N/A) [ ] Last Security Risk Assessment Date [ ] Security Training Topics Covered (Phishing Awareness, Data Encryption, Access Control, Malware Prevention) --- SUBCONTRACTOR AGREEMENTS --- [ ] Does the Business Associate have written agreements with subcontractors? (Yes, No, Unknown) [ ] Upload a copy of the Business Associate's standard subcontractor agreement (if available). [ ] Do the subcontractor agreements include HIPAA compliance clauses? (Yes, No, N/A) [ ] Describe the key HIPAA compliance requirements outlined in the subcontractor agreements. [ ] Does the Business Associate require subcontractors to undergo HIPAA training? (Yes, No, Unknown) [ ] Number of Subcontractors Requiring HIPAA Compliance Review --- HIPAA TRAINING AND COMPLIANCE --- [ ] Initial Training Completion Date [ ] Last Refresher Training Completion Date [ ] Training Format (e.g., Online, In-Person) (Online, In-Person, Hybrid) [ ] Topics Covered in Training (Select all that apply) (HIPAA Privacy Rule, HIPAA Security Rule, Breach Notification Rule, Business Associate Agreements, PHI Handling Procedures) [ ] Number of Employees Trained [ ] Signature Acknowledging Training Completion --- TERM AND TERMINATION --- [ ] Agreement Start Date [ ] Agreement Termination Date (if known) [ ] Termination Notice Period (in days) [ ] Termination Reason (if applicable) [ ] Termination Method (Written Notice, Certified Mail, Electronic Delivery) [ ] Business Associate Representative Signature [ ] Healthcare Organization Representative Signature --- BUSINESS ASSOCIATE RESPONSIBILITIES --- [ ] Description of Services Provided [ ] Confirmation of HIPAA Training Completion (Yes, No) [ ] Number of Employees with Access to PHI [ ] Specific Security Measures Implemented (Encryption, Firewalls, Access Controls, Data Backup, Physical Security) [ ] Last Security Risk Assessment Date [ ] Business Associate Representative Signature --- AGREEMENT UPDATES & REVIEW --- [ ] Last Review Date [ ] Summary of Review Changes [ ] Review Cycle Frequency (Months) [ ] Compliance Updates Considered (HIPAA Updates, State Law Updates, Industry Best Practices) [ ] Next Scheduled Review Date [ ] Reviewer Signature --- END OF TEMPLATE --- Transform this text into a digital, automated, and trackable mobile app! Visit: https://checklistguro.com/templates/healthcare/healthcare-business-associate-agreement-checklist-hipaa-compliance (Click "Install Template" to launch your digital inspection tool immediately)