A contract which defined how protected health information will be dealt with by the provider and how HIPAA provisions will be followed (ie: provider will do X but you need to do Y to be compliant).
https://www.hhs.gov/hipaa/for-professionals/covered-entities...