In 2009, Congress passed the Health Information Technology for Economic and Clinical Health (HITECH) Act1, which makes counterparties of classified companies directly responsible for meeting certain requirements of hipC rules. In accordance with the HITECH Act, the HHS Office for Civil Rights (OCR) adopted a final rule in 2013 to amend the data protection, security, alerting, and enforcement rules of the HIPTE.2 The final rule identifies, among other things, the provisions of the HIPAA rules that apply directly to counterparties and are directly responsible.3 Counterparties` functions and activities include: processing or management of complaints; data analysis, processing or management; verification of use; quality assurance; settlement of accounts; performance management; practice management; and reassessment. the counterparty services are: legal; actuarial; accounting; counselling; data aggregation; management; from an administrative point of view; accreditation; and financially. See the definition of “counterparty” in 45 CFR 160.103. Contracts between counterparties and subcontractors are subject to the same requirements. . . .