Business Associate Agreements: What You Need to Know

A quick guide to when a BAA is required and what it should cover.

January 31, 2026

A BAA is required anytime a vendor creates, receives, maintains, or transmits PHI.

Agreements must outline safeguards, reporting timelines, and permitted uses of PHI.

Many training platforms provide templates and guidance for compliance teams managing vendor relationships.

Recommended resources

Keep exploring the topic.

Use the related training, compliance, and documentation pages when you need the next practical step after this guide.

Related guide to deepen this topic and next compliance steps.

Related guide to deepen this topic and next compliance steps.

Related guide to deepen this topic and next compliance steps.