Business Associates
The Privacy Rule requires that a covered entity obtain satisfactory assurances from its business associates that they will appropriately safeguard the protected health information it receives, creates or has access to. The satisfactory assurances must be in writing, whether in the form of a contract or other agreement between the covered entity and the business associate.
For more information on this HIPAA regulation go to Business Associates.