Home Contacts Site Map
Business Associates
Up UB HIPAA overview UB declarations Researchers Faculty-Students Business Associates HIPAA Training


Business Associates

Business Associates are entities which perform services for HIPAA Covered Entities that involve the use or disclosure of Protected Health Information.  Covered Entities are required by law to enter into agreements known as Business Associate Contracts (aka Business Associate Agreements), or BACs/BAAs.

HIPAA makes specific exceptions for research, and in general a BAC is not required to conduct research activities (see guidance here).

At UB, authority to negotiate and execute Business Associate Contracts is limited as follows depending on which entity is executing the agreement:


SUNY (State of New York): Brian Murphy, Director, UB Office of HIPAA Compliance


RF (Research Foundation): RF Sponsored Programs designee


UBFA (UB Foundation Activities): Edward Schneider, Executive Director UBF

In addition, the need for a Business Associate Contract must first be verified by the UB Director of HIPAA Compliance.  If you are being asked to enter into a Business Associate Contract, please bring it to the attention of the UB Director of HIPAA compliance for review and implementation assistance.  In general, Business Associates Agreements are not appropriate for the activities UB engages in, but there are some exceptions.

In 2009 the rules of the game changed significantly for Business Associates as new law extended portions of HIPAA that used to apply only to Covered Entities to Business Associates, as well as the significant penalties that used to apply only to Business Associates, came into effect.  You can read more about the impact of the HITECH act on Business Associates here.  In July of 2009 UB circulated a memo designed to identify any Business Associate Contracts that may have been executed without the knowledge of the HIPAA compliance office.

This material is designed for internal University at Buffalo use only and is copyrighted.  Information and documents available on this site may be freely copied and used with appropriate attribution to the University at Buffalo.  None of the information on these pages should be construed as legal advice or expert opinion with respect to how any particular function or entity engages in work to come into compliance with HIPAA.
Last updated: July 28, 2009.  Privacy Policy
Hit Counter