When is a BAA needed?
The HIPAA rules require a BAA from every vendor third-party service provideryou a Covered Entity engages with use that will use, access, or disclose could be exposed to your clients' PHI on its behalf.