How does Brightstar Care's Business Associate limit the receipt, use, and disclosure of PHI?

According to Brightstar Care's 2025 Franchise Disclosure Document, the Business Associate is obligated to limit the receipt, use, and disclosure of Protected Health Information (PHI) to the minimum necessary, as mandated by Privacy Laws. This means the Business Associate must determine the amount of PHI needed to perform services and then make reasonable efforts to restrict access, use, and disclosure to only what is essential.

To ensure PHI is protected, the Business Associate must implement and maintain appropriate administrative, physical, and technical safeguards. These safeguards are designed to prevent unauthorized access, use, or disclosure of PHI, and to protect the confidentiality, integrity, security, and availability of this information. The Business Associate must also ensure compliance with all applicable Privacy Laws and the terms outlined in their agreement with Brightstar Care.

Furthermore, the Business Associate is required to comply with any patient restrictions on the use and disclosure of PHI requested by Brightstar Care. They must also document and report all disclosures of PHI necessary for Brightstar Care to provide an accounting under relevant regulations. If an individual directly requests an accounting from the Business Associate, they are instructed to redirect the individual to Brightstar Care. These measures collectively ensure that PHI is handled responsibly and in accordance with legal and contractual obligations.