Written business associate agreements are required with:

A written business associate agreement (BAA) is specifically required with any outside company that handles electronic protected health information (PHI). This requirement is rooted in the Health Insurance Portability and Accountability Act (HIPAA) regulations, which are designed to protect patient information. When a covered entity engages the services of a business associate that will have access to or manage electronic PHI, a BAA must be established to ensure that the business associate understands their responsibilities regarding the protection of that information.

This agreement outlines the permitted uses and disclosures of the PHI by the business associate, ensuring compliance with HIPAA standards. It also establishes liability and provides the framework for how the business associate should handle PHI to maintain privacy and security.

In terms of context with other options, not every company where work is outsourced will necessarily handle PHI; they need to specifically manage electronic PHI to require a BAA. Additionally, while any outside company that handles electronic data may seem relevant, it's the focus on PHI that is critical under HIPAA. Lastly, stating that a BAA is needed with every outside company oversimplifies the requirements, as it applies only to those that deal with sensitive patient information.