1. Upon IRB approval, department/research PI completes the University’s HIPAA BAA Template and HIPAA BAA Summary Sheet Template.
  2. Form is submitted for review and approval via​.
  3. When approved, signed BAA is returned and research project may begin.
  4. Copies of signed BAA need to be kept by both parties.
  5. Subsequent BAAs signed by subcontractors must be kept by contracted parties.


See HIPAA BAA Decision Tree

HIPAA Contacts


HIPAA Privacy Official
Lori Hopper

Interim HIPAA Security Officer:
Laura Morris

Signatory Official:
Alison Lakin