Common Paper Business Associate Agreement
This is a fillable cover page for the Common Paper Business Associate Agreement. The binding terms are the external Standard Terms linked below — fill the fields here, then download the Word file to execute.
Parties
| Field | Description | Default |
|---|
| Company Name | Official company name | |
| Party Role | Role in the agreement (Business Associate or Covered Entity) | |
Terms
| Field | Description | Default |
|---|
| Principal Agreement | Reference to the principal agreement | |
| Subcontractor Role | Role of subcontractors | |
| Free Text | Free text entry | |
| Aggregation Restrictions | Specific aggregation restrictions | |
| Offshoring Restrictions | Specific offshoring rights or restrictions | |
| Breach Notification Unit | Unit for breach notification period | |
| Breach Notification Number | Numeric value for the breach notification period (e.g. 5) | |
| Other Changes | Prose describing other changes to BAA Standard Terms | |
| Custom Effective Date | Custom effective date (if not date of last signature) | |
| Maintains Designated Record Set | Whether Provider maintains PHI in a Designated Record Set | |
Subcontracting
| Field | Description | Default |
|---|
| No Subcontracting | Provider will not subcontract | |
| Subcontracting With Conditions | Provider will not subcontract unless conditions are met | |
| Subcontract Notice Required | Notice must be provided to Company before subcontracting | |
| Subcontract Permission Required | Company explicit permission required for subcontracting | |
| No Offshoring | Offshoring of PHI and/or Services is not permitted | |
| Offshoring With Conditions | Offshoring not permitted unless conditions met | |
De-identification
| Field | Description | Default |
|---|
| No Deidentification | Provider will not de-identify PHI | |
| Deidentification With Conditions | Provider will not de-identify PHI unless conditions met | |
| Deidentification Purpose | Specific purpose(s) for which Provider may de-identify PHI (e.g. generating data analytics) | |
| Deidentify For Purpose | De-identification for specific purposes only | |
| Deidentify Additional Requirements | Additional requirements for de-identifying PHI | |
| No Aggregation | Provider will not aggregate PHI | |
| Aggregation With Conditions | Provider will not aggregate PHI unless conditions met | |
Signature Block
| Field | Description | Default |
|---|
| Provider Signatory Type | Whether the Provider signatory is an entity or individual | entity |
| Provider Signatory Name | Full legal name of the Provider's signatory | |
| Provider Signatory Title | Title/role of the Provider's signatory (entity only) | |
| Provider Signatory Company | Company name for the Provider signatory (entity only) | |
| Provider Signatory Email | Notice email address for the Provider | |
| Company Signatory Type | Whether the Company signatory is an entity or individual | entity |
| Company Signatory Name | Full legal name of the Company's signatory | |
| Company Signatory Title | Title/role of the Company's signatory (entity only) | |
| Company Signatory Company | Company name for the Company signatory (entity only) | |
| Company Signatory Email | Notice email address for the Company | |
This template is a drafter's starting point. It does not constitute legal advice. Workflow support only. Not legal advice.