Updated NEMA Business Associate Sample Contract Language (November 2004)

This updated version of the National Electrical Manufacturers Association’s (NEMA) sample HIPAA business associate agreement reflects the requirements of the final HIPAA Security Rule. NEMA originally released sample language in March 2003 for use by its member medical device manufacturers that might be business associates of hospitals. The original sample language covered the HIPAA medical privacy rule only. Changes from the March 2003 language are specifically identified in the attached document: deletions are noted by strikethroughs and additions are highlighted in yellow.

Once again, the American Hospital Association (AHA) worked closely with NEMA to ensure that the updated agreement incorporates properly the regulatory requirements of the HIPAA security rule and achieves an appropriate balance in addressing the legitimate business concerns of both hospitals and their business partners who are NEMA member organizations. NEMA expects to make no further changes to the language of the revised agreement at this time.

The AHA advises each member hospital to work with respective legal counsel to ensure that the NEMA sample agreement is appropriate for the organization's unique situation and precise business relationship needs.