According to the requirements of the Health Insurance Portability and Accountability Act (HIPAA), you are only required to have a Business Associate Agreement (BAA) in place with vendors or service providers who will have access to or handle Protected Health Information (PHI) on behalf of your organization.

OR