Data & Compliance
Common Paper Business Associate Agreement
A HIPAA business associate agreement cover page and standard terms, based on Common Paper's standard form. Covers the use and protection of protected health information (PHI) between a covered entity and a business associate.
35 fields
CC-BY-4.0
Common Paper
Fill this template
Claude Code
Ask Claude directly — the MCP connector handles everything:
Fill the common-paper-business-associate-agreement template for my companyCLI
npx open-agreements fill common-paper-business-associate-agreement -d values.json -o output.docxFields (35)
Parties
| Field | Type | Description |
|---|---|---|
Company Name |
string | Official company name |
Party Role |
string | Role in the agreement (Business Associate or Covered Entity) |
Terms
| Field | Type | Description |
|---|---|---|
Principal Agreement |
string | Reference to the principal agreement |
Subcontractor Role |
string | Role of subcontractors |
Free Text |
string | Free text entry |
Aggregation Restrictions |
string | Specific aggregation restrictions |
Offshoring Restrictions |
string | Specific offshoring rights or restrictions |
Breach Notification Unit |
string | Unit for breach notification period |
Breach Notification Number |
string | Numeric value for the breach notification period (e.g. 5) |
Other Changes |
string | Prose describing other changes to BAA Standard Terms |
Custom Effective Date |
string | Custom effective date (if not date of last signature) |
Maintains Designated Record Set |
boolean | Whether Provider maintains PHI in a Designated Record Set |
Subcontracting
| Field | Type | Description |
|---|---|---|
No Subcontracting |
boolean | Provider will not subcontract |
Subcontracting With Conditions |
boolean | Provider will not subcontract unless conditions are met |
Subcontract Notice Required |
boolean | Notice must be provided to Company before subcontracting |
Subcontract Permission Required |
boolean | Company explicit permission required for subcontracting |
No Offshoring |
boolean | Offshoring of PHI and/or Services is not permitted |
Offshoring With Conditions |
boolean | Offshoring not permitted unless conditions met |
De-Identification
| Field | Type | Description |
|---|---|---|
No Deidentification |
boolean | Provider will not de-identify PHI |
Deidentification With Conditions |
boolean | Provider will not de-identify PHI unless conditions met |
Deidentification Purpose |
string | Specific purpose(s) for which Provider may de-identify PHI (e.g. generating data analytics) |
Deidentify For Purpose |
boolean | De-identification for specific purposes only |
Deidentify Additional Requirements |
boolean | Additional requirements for de-identifying PHI |
No Aggregation |
boolean | Provider will not aggregate PHI |
Aggregation With Conditions |
boolean | Provider will not aggregate PHI unless conditions met |
Signature Block
| Field | Type | Description |
|---|---|---|
Provider Signatory Type |
enum | Whether the Provider signatory is an entity or individual |
Provider Signatory Name |
string | Full legal name of the Provider's signatory |
Provider Signatory Title |
string | Title/role of the Provider's signatory (entity only) |
Provider Signatory Company |
string | Company name for the Provider signatory (entity only) |
Provider Signatory Email |
string | Notice email address for the Provider |
Company Signatory Type |
enum | Whether the Company signatory is an entity or individual |
Company Signatory Name |
string | Full legal name of the Company's signatory |
Company Signatory Title |
string | Title/role of the Company's signatory (entity only) |
Company Signatory Company |
string | Company name for the Company signatory (entity only) |
Company Signatory Email |
string | Notice email address for the Company |
Browse all templates
42 free contract templates for NDAs, employment agreements, SAFEs, financing documents, and more.
View all templates →