This Business Associate Agreement (BAA) is a contract used to define roles, rights, and obligations concerning the handling of protected health information (PHI) between a covered entity and an external service provider (Business Associate) in compliance with HIPAA. It is beneficial in ensuring the protection and proper handling of PHI by third-party entities. The document consists of a Cover Page for entering specific terms and the Common Paper BAA Standard Terms. It provides guidelines on executing agreements, safeguarding PHI, and outlines obligations and allowable actions for Business Associates. It includes subcontracting, offshoring, de-identification, aggregation limits, breach notifications, and compliance with covered entity obligations. This BAA can be used to legally enforce privacy standards when PHI is shared between a healthcare provider and its vendors or service providers.