What must a Brightstar Care Business Associate do when disclosing PHI to subcontractors or third parties?
Brightstar_Care Franchise · 2025 FDDAnswer from 2025 FDD Document
Business Associate shall ensure that all representatives, subcontractors, persons and/or entities (other than entities that are merely conduits) to whom Business Associate discloses or provides the PHI execute a written Business Associate Agreement, as required under the Privacy Laws, in which such third persons and/or entities expressly agree to the same restrictions and conditions that apply to Business Associate hereunder, as applicable.
If a Business Associate Agreement is not required by the Privacy Laws, Business Associate shall obtain reasonable assurances from all persons and entities who have access to or are recipients of the PHI that: (i) the PHI will be held confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the third party; and (ii) the third party will promptly notify Business Associate of any Compromise of PHI, and Business Associate will, in turn, notify Covered Entity.
Source: Item 22 — CONTRACTS (FDD pages 117–118)
What This Means (2025 FDD)
According to Brightstar Care's 2025 Franchise Disclosure Document, when a Business Associate discloses or provides Protected Health Information (PHI) to subcontractors or third parties, they must ensure these entities execute a written Business Associate Agreement. This agreement, as required under Privacy Laws, must stipulate that these third parties adhere to the same restrictions and conditions that apply to the Business Associate. This requirement does not apply to entities that are merely conduits.
If a Business Associate Agreement is not mandated by Privacy Laws, the Business Associate must obtain reasonable assurances from anyone receiving or having access to PHI. These assurances must guarantee that the PHI will be kept confidential and used or disclosed only as legally required or for the specific purposes for which it was provided. Additionally, the third party must promptly inform the Business Associate of any compromise of PHI, which the Business Associate, in turn, must report to the Covered Entity.
This requirement ensures that PHI is protected when shared with subcontractors or third parties. Prospective Brightstar Care franchisees should understand these obligations, as failure to comply with privacy laws can result in significant penalties. Franchisees should consult with legal counsel to ensure they fully understand their obligations.