Compliance and Security
BAA Management
A Business Associate Agreement (BAA) is a contract required by HIPAA between a covered entity and any vendor that handles protected health information on its behalf. The HIPAA Basic add-on gives Vilulia organizations a built-in BAA tracking system where you can record each vendor BAA, link the signed document, track renewal dates, and monitor coverage status — all from the compliance dashboard.
What you'll learn
- What a BAA is and why HIPAA requires one
- How to add and track a vendor BAA in Vilulia
- How BAA status affects your compliance score
- How renewal reminders work
What the BAA tracker records
Each BAA record in Vilulia stores:
- Vendor name — the name of the business associate.
- BAA document — a link to the signed BAA document stored in your case or document library.
- Status — active, expired, or pending renewal.
- Expiry date — the date the BAA expires or requires renewal.
- Renewal reminders — configurable reminders sent before the expiry date.
BAA and the compliance score
BAA status is one of four domains that contribute to your HIPAA Compliance Score (each worth 25 points). Specifically, having active BAAs in place for all relevant vendors contributes positively to your score. Expired or missing BAAs reduce your score. See HIPAA Compliance Score for the full scoring breakdown.
Accessing BAA management
BAA status is displayed as a summary card on the HIPAA Compliance dashboard (Settings menu → HIPAA Compliance). The dashboard shows the count of active versus total BAAs and links to any action items. The HIPAA Basic add-on must be active to access this section.
Related articles
Can't find what you're looking for? Contact Support