In 2013 as part of the Omnibus Rule, the United States government began to require all Business Associates to follow HIPAA guidelines. A Business Associate (BA) is any company that works with healthcare providers and has access to patient data, even if that access is indirect.
A Business Associate Agreement (BAA) is the required document between the medical provider, known as a Covered Entity (CE) and the Business Associate (BA).