Term used in HIPAA security Notice of Proposed Rulemaking (NPRM) for a pattern of agreements that extend protection of health care data. Each covered entity that shares health care data with another entity requires that that entity provide protections comparable with those provided by the covered entity, and that that entity, in turn, requires that any other entities with which it shares the data satisfy the same requirements.