A Business Associate Agreement (BAA) is a contract between a HIPAA-covered entity and a vendor that will have access to protected health information (PHI). It is necessary for HIPAA compliance to ensure that PHI is handled securely and in accordance with HIPAA regulations.