Oklahoma State University Center for Health Sciences
OSU-CHS Centernet

Security Policies & Procedures

Section 17 - Business Associates and Other Contracts


Title: Business Associate Contracts Policy: SEC-17.00
Category: HIPAA Compliance Authority: 45 CFR §
HIPAA Section:
Standard: Business Associate Contracts or Other Arrangements Responsibility: Health Care Components
Effective Date: 04/20/2005
Download a printable PDF of this policy
Approved by: OSU Legal Counsel Revised: 7/1/2013

To identify the requirements that OSU will follow regarding its Business Associate Agreements.


OSU’s Business Associate Contracts and Other Agreements must have the following required elements, as applicable:  §164.314(a)(1)

The contract must provide that business associate will – §164.314(a)(2)(i)

  1. Comply with the applicable requirements of the Security Rule.   §164.314(a)(2)(i)(A)
  2. In accordance with § 164.308(b)(2), ensure that any subcontractors that create, receive, maintain, or transmit electronic protected health information on behalf of the business associate agree to comply with the applicable requirements of the Security Rule by entering into a contract or other arrangement that complies with this section on Organizational Requirements.  §164.314(a)(2)(i)(B)
  3. Report to OSU any security incident of which it becomes aware, including breaches of unsecured PHI as required by §164.410.   §164.314(a)(2)(i)(C)
  4. OSU will be in compliance with the Standard of Business Associates or Other Arrangements if it has another arrangement in place that meets the requirements of §164.504(e)(3).  §164.341(a)(2)(ii)
  5. The requirements of the above paragraphs apply to the contract or other arrangement between a business associate and a subcontractor required by §164.308(b)(4) in the same manner as such requirements apply to contracts or other arrangements between a covered entity and business associate.  §164.314(a)(2)(iii)



The HIPAA Compliance Office and the OSU Tulsa Office of Business Affairs will work together to draft a copy of a Business Associate Agreement that meets all required elements.

The BAA will be updated as needed or required by applicable law.


§160.103 Definition of Business Associate

top of page top


OSU-CHS on Facebook OSU-CHS on Twitter OSU Medicine on You Tube