If you need to be HIPPA compliant then you need a BAA.

HIPAA requires that you have a signed agreement with any contractor who is considered a business associate. The agreement lists obligations and responsibilities of both organizations pertaining to the protection and use of the protected health information. Each entity covered by HIPAA is required to have such a contract for each organization they do business with that falls under the definition of business associate. 

For more information about Business Associate Agreements please visit the U.S. Department of Health & Human Services website here.

Did this answer your question?