Skip main navigation

Military Health System

Clear Your Browser Cache

This website has recently undergone changes. Users finding unexpected concerns may care to clear their browser's cache to ensure a seamless experience.

Skip subpage navigation

HIPAA-Compliant Business Associate Agreement (BAA) for the MHS

This Business Associate Agreement (BAA) language complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Breach and Enforcement Rules (HIPAA Rules). The BAA language has been updated to reflect the 2013 Health Information Technology for Economic and Clinical Health (HITECH) Act modifications to the HIPAA Rules issued by the Department of Health and Human Services. Provisions on breach response are included. 

The BAA language is required after Sept. 23, 2013 when any solicitation or contract modification (or other agreement) includes functions, activities, or services involving the use and/or disclosure of protected health information. Note that the BAA language only covers HIPAA requirements. For language on other Federal privacy and information laws, please consult the applicable contracting officials.

Last Updated: July 11, 2023
Follow us on Instagram Follow us on LinkedIn Follow us on Facebook Follow us on X Follow us on YouTube Sign up on GovDelivery