HIPAA

Josef Kamara, CPA, CISSP, CISA · Updated May 2, 2026 · 1 minute read

BAA

Business Associate Agreement, a HIPAA-mandated contract between a covered entity and any vendor that handles PHI. Without a signed BAA, sharing PHI with a third party constitutes a HIPAA violation regardless of actual data handling practices.

From the library

The full analysis on BAA.

The article is where the term meets the practitioner. Read how this concept actually shows up in audit, in remediation, and in the boardroom.

Read the analysis →
The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.