This Agreement may be used as a separate agreement between the Parties or may be annexed to a Service Agreement as evidence. A law firm or associate accountant needs HIPAA policies, documented procedures to support policies, hipaa risk analysis, and staff training for their management and associates, including lawyers and accountants. They must ensure that all patient records are secured in their case management or audit software. It should never send unencrypted patient information outside the company via email. It must protect its network and devices from malware and unauthorized access. Her IT support company should be HIPAA certified so she knows the rules. .