A model agreement between a covered entity subject to HIPAA's privacy, security, enforcement, and breach notification rules and its business associate, to safeguard protected health information (PHI) that is received or created on the covered entity's behalf. This Standard Document has integrated drafting notes with important explanations and drafting tips.