Data & Compliance

Common Paper Business Associate Agreement

A HIPAA business associate agreement cover page and standard terms, based on Common Paper's standard form. Covers the use and protection of protected health information (PHI) between a covered entity and a business associate.

35 fields CC-BY-4.0 Common Paper

Try this template in an AI workflow

Claude Code or another coding agent

Start with the setup guide for Claude Code, Gemini CLI, and local package execution. The install page will keep the handoff tied to this template.

Learn how to fill this template

CLI

npx open-agreements fill common-paper-business-associate-agreement -d values.json -o output.docx

Fields (35)

Parties

Field	Type	Description
Company Name `company_name`	string	Official company name
Party Role `party_role`	string	Role in the agreement (Business Associate or Covered Entity)

Terms

Field	Type	Description
Principal Agreement `principal_agreement`	string	Reference to the principal agreement
Subcontractor Role `subcontractor_role`	string	Role of subcontractors
Free Text `free_text`	string	Free text entry
Aggregation Restrictions `aggregation_restrictions`	string	Specific aggregation restrictions
Offshoring Restrictions `offshoring_restrictions`	string	Specific offshoring rights or restrictions
Breach Notification Unit `breach_notification_unit`	string	Unit for breach notification period
Breach Notification Number `breach_notification_number`	string	Numeric value for the breach notification period (e.g. 5)
Other Changes `other_changes`	string	Prose describing other changes to BAA Standard Terms
Custom Effective Date `custom_effective_date`	string	Custom effective date (if not date of last signature)
Maintains Designated Record Set `maintains_designated_record_set`	boolean	Whether Provider maintains PHI in a Designated Record Set

Subcontracting

Field	Type	Description
No Subcontracting `no_subcontracting`	boolean	Provider will not subcontract
Subcontracting With Conditions `subcontracting_with_conditions`	boolean	Provider will not subcontract unless conditions are met
Subcontract Notice Required `subcontract_notice_required`	boolean	Notice must be provided to Company before subcontracting
Subcontract Permission Required `subcontract_permission_required`	boolean	Company explicit permission required for subcontracting
No Offshoring `no_offshoring`	boolean	Offshoring of PHI and/or Services is not permitted
Offshoring With Conditions `offshoring_with_conditions`	boolean	Offshoring not permitted unless conditions met

De-Identification

Field	Type	Description
No Deidentification `no_deidentification`	boolean	Provider will not de-identify PHI
Deidentification With Conditions `deidentification_with_conditions`	boolean	Provider will not de-identify PHI unless conditions met
Deidentification Purpose `deidentification_purpose`	string	Specific purpose(s) for which Provider may de-identify PHI (e.g. generating data analytics)
Deidentify For Purpose `deidentify_for_purpose`	boolean	De-identification for specific purposes only
Deidentify Additional Requirements `deidentify_additional_requirements`	boolean	Additional requirements for de-identifying PHI
No Aggregation `no_aggregation`	boolean	Provider will not aggregate PHI
Aggregation With Conditions `aggregation_with_conditions`	boolean	Provider will not aggregate PHI unless conditions met

Signature Block

Field	Type	Description
Provider Signatory Type `provider_signatory_type`	enum	Whether the Provider signatory is an entity or individual
Provider Signatory Name `provider_signatory_name`	string	Full legal name of the Provider's signatory
Provider Signatory Title `provider_signatory_title`	string	Title/role of the Provider's signatory (entity only)
Provider Signatory Company `provider_signatory_company`	string	Company name for the Provider signatory (entity only)
Provider Signatory Email `provider_signatory_email`	string	Notice email address for the Provider
Company Signatory Type `company_signatory_type`	enum	Whether the Company signatory is an entity or individual
Company Signatory Name `company_signatory_name`	string	Full legal name of the Company's signatory
Company Signatory Title `company_signatory_title`	string	Title/role of the Company's signatory (entity only)
Company Signatory Company `company_signatory_company`	string	Company name for the Company signatory (entity only)
Company Signatory Email `company_signatory_email`	string	Notice email address for the Company

Use this template with Claude Code or another coding agent

Start with setup instructions, then run this template in your own workflow.

Learn how to fill this template Need a managed workflow instead?

Workflow support only. Not legal advice.

View Template

Source maintained by Common Paper

View on Common Paper

CC-BY-4.0

Fields 35

Source Common Paper

This template is a drafter's starting point. It does not constitute legal advice. Have qualified counsel review before execution.

Browse all templates

44 free contract templates for NDAs, employment agreements, SAFEs, financing documents, and more.

View all templates →

AI Agent Extensions

Enterprise

By Category

Company

Learning

Support