Once covered companies, counterparties and counterparty subcontractors have identified their mutual relationships, it is necessary to ensure that third parties protect the PHI they receive. A signed agreement certifies that the BA knows that it must manage PHI safely. The counterparty agreement ensures that there is a custody chain for PHI. A supplier of a HIPC enterprise must enter into a contract with the covered entity and a subcontractor engaged by a counterparty is also required to enter into such a contract. A subcontractor is a business partner of a counterparty and is not covered by the BA/Covered Entity contract. Before allowing access to PHI, a separate contract must be signed. The chain can be long and the further ePHI is from the covered entity, the greater the potential for breach of the HIPC counterparty agreement.