You guys need to use topics other than health care outsourcing to cover this issue. Don't know what you're missing, but third party Business Associates (outsourcers) are specifically excluded from privacy liability under HIPAA, whether they're in Des Moines or in Bangalore. With an emphasis on "specifically excluded."