Data & Compliance
Common Paper Business Associate Agreement
A HIPAA business associate agreement cover page and standard terms, based on Common Paper's standard form. Covers the use and protection of protected health information (PHI) between a covered entity and a business associate.
35 fields
CC-BY-4.0
Common Paper
Try this template in an AI workflow
Claude Code or another coding agent
Start with the setup guide for Claude Code, Gemini CLI, and local package execution. The install page will keep the handoff tied to this template.
Learn how to fill this templateCLI
npx open-agreements fill common-paper-business-associate-agreement -d values.json -o output.docxFields (35)
Parties
| Field | Type | Description |
|---|---|---|
Company Name |
string | Official company name |
Party Role |
string | Role in the agreement (Business Associate or Covered Entity) |
Terms
| Field | Type | Description |
|---|---|---|
Principal Agreement |
string | Reference to the principal agreement |
Subcontractor Role |
string | Role of subcontractors |
Free Text |
string | Free text entry |
Aggregation Restrictions |
string | Specific aggregation restrictions |
Offshoring Restrictions |
string | Specific offshoring rights or restrictions |
Breach Notification Unit |
string | Unit for breach notification period |
Breach Notification Number |
string | Numeric value for the breach notification period (e.g. 5) |
Other Changes |
string | Prose describing other changes to BAA Standard Terms |
Custom Effective Date |
string | Custom effective date (if not date of last signature) |
Maintains Designated Record Set |
boolean | Whether Provider maintains PHI in a Designated Record Set |
Subcontracting
| Field | Type | Description |
|---|---|---|
No Subcontracting |
boolean | Provider will not subcontract |
Subcontracting With Conditions |
boolean | Provider will not subcontract unless conditions are met |
Subcontract Notice Required |
boolean | Notice must be provided to Company before subcontracting |
Subcontract Permission Required |
boolean | Company explicit permission required for subcontracting |
No Offshoring |
boolean | Offshoring of PHI and/or Services is not permitted |
Offshoring With Conditions |
boolean | Offshoring not permitted unless conditions met |
De-Identification
| Field | Type | Description |
|---|---|---|
No Deidentification |
boolean | Provider will not de-identify PHI |
Deidentification With Conditions |
boolean | Provider will not de-identify PHI unless conditions met |
Deidentification Purpose |
string | Specific purpose(s) for which Provider may de-identify PHI (e.g. generating data analytics) |
Deidentify For Purpose |
boolean | De-identification for specific purposes only |
Deidentify Additional Requirements |
boolean | Additional requirements for de-identifying PHI |
No Aggregation |
boolean | Provider will not aggregate PHI |
Aggregation With Conditions |
boolean | Provider will not aggregate PHI unless conditions met |
Signature Block
| Field | Type | Description |
|---|---|---|
Provider Signatory Type |
enum | Whether the Provider signatory is an entity or individual |
Provider Signatory Name |
string | Full legal name of the Provider's signatory |
Provider Signatory Title |
string | Title/role of the Provider's signatory (entity only) |
Provider Signatory Company |
string | Company name for the Provider signatory (entity only) |
Provider Signatory Email |
string | Notice email address for the Provider |
Company Signatory Type |
enum | Whether the Company signatory is an entity or individual |
Company Signatory Name |
string | Full legal name of the Company's signatory |
Company Signatory Title |
string | Title/role of the Company's signatory (entity only) |
Company Signatory Company |
string | Company name for the Company signatory (entity only) |
Company Signatory Email |
string | Notice email address for the Company |
Browse all templates
44 free contract templates for NDAs, employment agreements, SAFEs, financing documents, and more.
View all templates →