A Business Associate Agreement is the contractual piece that lets a vendor handle PHI on your behalf. Accountable can generate, send, and track BAAs — with built-in e-signature so you don't need a separate signing tool.
Creating a BAA
From any vendor profile, click + New BAA. You have two options:
- Send your BAA template — Accountable's standard BAA, reviewed by HIPAA counsel, pre-filled with your organization's details. You can customize the template if you have specific legal requirements.
- Upload the vendor's BAA — If the vendor provides their own BAA (common with major platforms like AWS, Google, Microsoft), upload the signed copy here for tracking. You can mark it as signed with the effective date.
E-signature built in
When you send your BAA template, Accountable handles the signature process directly — no DocuSign or other signing tool required. The vendor receives the agreement and can sign electronically in their browser with either a typed or drawn signature. Both parties' signatures are captured and stored.
You'll need to set a company signatory (the person who signs on behalf of your organization) with a saved signature before sending.
Tracking signatures
The Agreements dashboard (under People & Training) shows every BAA's status — pending signature, signed, or needing attention.
Storing existing BAAs
If you already have signed BAAs from other systems, upload them under each vendor profile and record the effective dates. Accountable tracks them alongside agreements generated in the platform.
Other agreement types
Beyond BAAs, Accountable supports other agreement types like NDAs and Confidentiality Agreements — useful for contractors and business relationships that need formal documentation.
What auditors look for
- A BAA on file for every vendor with PHI access
- Signatures from both parties
- Effective dates that pre-date the data sharing
- Required HIPAA clauses (use, disclosure, safeguards, subcontractor flow-down, breach notification, return/destruction)