Distinguishing a BAA from a DUA and Protecting Both Consumer and Patient Health Data


CEU: 1

Price: $0 (Subscribers ONLY)


Title: Distinguishing a BAA from a DUA and Protecting Both Consumer and Patient Health Data


Presenter: Rachel Rose, JD, MBA

Time: 46.55 minutes



Distinguishing a business associate agreement (BAA) from a data use agreement (DUA) still perplexes those in the healthcare industry. Reviewing the historical timeline of legislative history cements that these are not new agreements under new regulations. This webinar focuses on this understanding to ensure protection of health data for both consumers and patients.



  • Discuss headline highlights and standards.
  • Understand the juxtaposition of HIPAA versus FTC.
  • Consider the cybersecurity framework.
  • Distinguish a BAA versus a DUA (including the FTC's suggestions).
  • Review compliance and conclusions.


Main Points:

  • Biden-Harris Administration Announces National Cybersecurity Strategy
  • DOJ-Jellybean Settlement
  • Emerging Trend - Data tracking and sale without patient knowledge or consent
  • How Do Pixels Work?
  • Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCA)
  • Health Breach Notification Rule Timeline
  • Who Is Under the HIPAA Legal Umbrella?
  • Legislative History
  • The HITECH Act and HR 7898
  • National Institute of Standards and Technology
  • Federal Information Processing Standards
  • General NIST Framework – CSF 1.0 (2014)
  • NIST CSF 2.0
  • The BAA
  • The Data Use Agreement
  • Federal Trade Commission Considerations




Rachel V. Rose, JD, MBA - Principal.


Ms. Rose has a unique background. Throughout her career, she has accumulated knowledge in a multitude of fields, with an emphasis on various facets of healthcare. Her experiences include:

  • working on Wall Street and at one of the "Big Four" consulting firms;
  • producing for the Chairman of the Reform and Oversight Committee on Capitol Hill;
  • interning at the Department of Health and Human Services;
  • compiling policy papers at the Royal College of Nursing in London;
  • consultative work as a top performing representative for the pharmaceutical and medical device industry;
  • clerking for the Honorable Linda R. Allan (6th Judicial Circuit, FL).

Prior to opening her law firm, she was Director of Business Development and Assistant General Counsel for a healthcare advisory company.

She is extensively published and presents on a variety of healthcare, False Claims Act and securities law topics including: cybersecurity, qui tam, physician reimbursement, ICD-10, access to care, anti-kickback and Stark laws, U.S. Supreme Court cases impacting the medical device industry, international comparative healthcare laws, and the HIPAA/the HITECH Act.

Presently, she is the immediate past-chair of the Federal Bar Association's Corporate and Associations Counsel Division (2014-2016), one of eighteen lawyers, who serves on the Federal Bar Association's Government Relations Committee. Ms. Rose has co-authored The American Bar Association's books - The ABCs of ACOs and What Are International HIPAA Considerations?, as well as being a co-editor of American Health Lawyers Association’s Enterprise Risk Management Handbook (2nd Edition). Ms. Rose is also an Affiliated Member of the Baylor College of Medicine's Center for Health Policy and Medical Ethics, where she teaches bioethics and is on the University of Houston Law School's Healthcare Law Advisory Board.



  • Bachelor of Arts- History (The Pennsylvania State University)
  • Master of Business Administration (Vanderbilt University)
  • Doctorate of Jurisprudence (Stetson University College of Law); Editor, The Journal of International Law and Aging


Honors and Awards

  • National Scribes Award
  • The William F. Blews Pro Bono Service Award
  • Federal Bar Association Fellow
  • Named to Texas Bar College
  • National Women Trial Lawyers Association - Top 25,, 2018 and 2019
  • Houstonia Magazine's Top Lawyers- Healthcare Law, 2018 and 2019


  • Texas