Support Center
Find answers here about the tools you need
Support Center
Find answers here about the tools you need
There must be a signed Business Associate Agreement (BAA) between a Covered Entity and a Business Associate.
If you are a Business Associate (as defined by the Omnibus Rule), and a Covered Entity who you are in business with sent your organization a BAA, you, as an authorized representative of your company, must sign the BAA.
In the same manner, if a Business Associate initiated a BAA with the Covered Entity, then the latter must sign the BAA.
Not sure if you are a Business Associate? Click here.
Signing a Business Associate Agreement is but the first step in terms of what you have to do. Under the Omnibus Rule, a Covered Entity must obtain assurances that a Business Associate, and any subcontractor of them that have access to the Protected Health Information (PHI), is meeting the requirements of HIPAA.
In other words, the signed BAA serves as a guarantee that the Business Associate will appropriately safeguard PHI. The BAA also serves to clarify and limit, the permissible uses and disclosures of PHI by the Business Associate.
The law requires a Business Associate Agreement.
In most cases, the lack of a Business Associate Agreement is the first indication that your IT company may be overstating their capabilities and services.
We recommend a simple test to see if they are in fact in compliance with HIPAA - have them complete our Business Associate Attestation Form _HIPAA Security_.pdf (located in EPICompliance Customer Console > Forms and Policies > HIPAA Security > PDF Forms).
This form will provide you the necessary assurances to recognize if they are following HIPAA regulations.
If this cannot be done, we recommend the following:
- Sign a HIPAA compliant agreement, or
- Cancel the contract and look for another subcontractor.
Regardless of the decision, EPI Compliance is here to support and assist you.

For questions or concerns, contact us via the following:
- Chatbox/window on your Complete Compliance Suite screen.
- Telephone: 877-560-4261
- Email: [email protected]
There must be a signed Business Associate Agreement (BAA) between a Covered Entity and a Business Associate.
If you are a Business Associate (as defined by the Omnibus Rule), and a Covered Entity who you are in business with sent your organization a BAA, you, as an authorized representative of your company, must sign the BAA.
In the same manner, if a Business Associate initiated a BAA with the Covered Entity, then the latter must sign the BAA.
Not sure if you are a Business Associate? Click here.
Signing a Business Associate Agreement is but the first step in terms of what you have to do. Under the Omnibus Rule, a Covered Entity must obtain assurances that a Business Associate, and any subcontractor of them that have access to the Protected Health Information (PHI), is meeting the requirements of HIPAA.
In other words, the signed BAA serves as a guarantee that the Business Associate will appropriately safeguard PHI. The BAA also serves to clarify and limit, the permissible uses and disclosures of PHI by the Business Associate.
The law requires a Business Associate Agreement.
In most cases, the lack of a Business Associate Agreement is the first indication that your IT company may be overstating their capabilities and services.
We recommend a simple test to see if they are in fact in compliance with HIPAA - have them complete our Business Associate Attestation Form _HIPAA Security_.pdf (located in EPICompliance Customer Console > Forms and Policies > HIPAA Security > PDF Forms).
This form will provide you the necessary assurances to recognize if they are following HIPAA regulations.
If this cannot be done, we recommend the following:
- Sign a HIPAA compliant agreement, or
- Cancel the contract and look for another subcontractor.
Regardless of the decision, EPI Compliance is here to support and assist you.

For questions or concerns, contact us via the following:
- Chatbox/window on your Complete Compliance Suite screen.
- Telephone: 877-560-4261
- Email: [email protected]
- Positive SSL Wildcard
-
© 2023 EPICompliance, LLC
6817 Southpoint Pkwy, Ste 1704
Jacksonville, FL 32216
Email: [email protected]
Call: 877-560-4261
-
© 2023 EPICompliance, LLC
6817 Southpoint Pkwy, Ste 1704
Jacksonville, FL 32216
Email: [email protected]
Call: 877-560-4261