I am working with a small business (five people) and they have been asked to provide services to an Italian firm. I have been asked to explore what is required. The business is located in the US and is HIPAA compliant. I understand they need an EU representative. Is this accurate and can that be a person or a company? Thank you.