Agreement templates

Fill-in templates implementers use to meet their obligations. Review with counsel before use.

📄 Business Associate Agreement (template) draft

kind: baa · signer: covered-entity · with: hds

Template BAA between a Covered Entity (or upstream Business Associate) and HDS, governing HDS's handling of ePHI on the customer's behalf.

satisfies: hipaa-security.164.314(a)(1) hipaa-privacy.164.502(e)(1)

📄 Data Processing Agreement (template) draft

kind: dpa · signer: controller · with: processor

Template Data Processing Agreement (GDPR Art.28 / Swiss nLPD) between a controller building on HDS and HDS as processor, governing the processing of personal data on the controller's documented instructions.

satisfies: gdpr.Art.28 swiss-nlpd.Art.9

📄 Subcontractor Agreement (HIPAA flow-down, template) draft

kind: subcontractor · signer: business-associate · with: subcontractor

Template back-to-back agreement by which a Business Associate flows its HIPAA obligations down to a subcontractor that handles ePHI on its behalf.

satisfies: hipaa-security.164.314(a)(2)(ii)(B) hipaa-security.164.314(a)(1)

📄 Subprocessor Disclosure & Assurance (template) draft

kind: subprocessor · signer: business-associate · with: subcontractor

Template for disclosing the subprocessors used to handle ePHI and recording the assurances obtained from each — the operational companion to the subcontractor agreement.

satisfies: hipaa-security.164.314(a)(2)(ii)(B)