Definition
A Business Associate Agreement (BAA) is a contract HIPAA requires whenever a covered entity shares protected health information with a vendor — a 'business associate'. It binds the vendor to safeguard PHI, restrict its use, report breaches, and meet the Security Rule.
Any software that stores or processes ABA documentation containing PHI should be covered by a BAA before it is used with real client data.