HIPAA - Resources - Updated NEMA Business Associate Sample Contract Language


Updated NEMA Business Associate Sample Contract Language (November 2004)

This updated version of the National Electrical Manufacturers Association’s (NEMA) sample HIPAA business associate agreement reflects the requirements of the final HIPAA Security Rule. NEMA originally released sample language in March 2003 for use by its member medical device manufacturers that might be business associates of hospitals. The original sample language covered the HIPAA medical privacy rule only. Changes from the March 2003 language are specifically identified in the attached document: deletions are noted by strikethroughs and additions are highlighted in yellow.

Once again, the American Hospital Association (AHA) worked closely with NEMA to ensure that the updated agreement incorporates properly the regulatory requirements of the HIPAA security rule and achieves an appropriate balance in addressing the legitimate business concerns of both hospitals and their business partners who are NEMA member organizations. NEMA expects to make no further changes to the language of the revised agreement at this time.

The AHA advises each member hospital to work with respective legal counsel to ensure that the NEMA sample agreement is appropriate for the organization's unique situation and precise business relationship needs.


Related Resources

Legal Documents
Memorandum Opinion This case is now before the Court for a third ti
Amicus Brief
The AHA and Federation of American Hospitals amicus brief urging the National Labor Relations Board (NLRB) to consider hospital electronic communication…
AHA letter to the House expressing support of H.R. 6082, the Overdose Prevention and Patient Safety (OPPS) Act, which would align 42 CFR Part 2 with the Health…
AHA letter to Representatives Greg Walden, and Frank Pallone expressing support for The Limited Repeal of the IMD Exclusion for Adult Medicaid Beneficiaries…
AHA reiterates support for legislation to align 42 CFR Part 2 with HIPAA.
Introduction Hospitals and health systems are responsible for protecting the privacy and confidentiality of their patients and patient in