factual

What does the Brightstar Care Business Associate need to do if there is a compromise of PHI?

Brightstar_Care Franchise · 2025 FDD

Answer from 2025 FDD Document

patient restrictions on the Use and Disclosure of PHI requested by Covered Entity under Section 5.3 below.

  • 4.8 Accounting of PHI Disclosures. Business Associate will document and report to Covered Entity all disclosures of PHI that are required for Covered Entity to provide an accounting under 45 C.F.R. § 164.528 and/or the Privacy Laws. If an individual contacts Business Associate directly for such an accounting, Business Associate will direct the individual to contact Covered Entity.
  • 4.9 Reporting of Violations and Security Incidents. Business Associate will promptly report to Covered Entity any impermissible use or disclosure under Privacy Laws of which it becomes aware that Compromises the security or privacy of the PHI ("Breach"). Business Associate will include in the report of Breach the following information if known or can be reasonably obtained:
    • (a) Contact information for individuals who may be impacted by the Breach;
    • (b) The date of Breach and a brief description of the circumstances surrounding the breach;
    • (c) A description of the type of information involved; and
    • (d) What Business Associate is doing to investigate the Breach and mitigate harm to individuals.

Source: Item 22 — CONTRACTS (FDD pages 117–118)

What This Means (2025 FDD)

According to Brightstar Care's 2025 Franchise Disclosure Document, if the Business Associate becomes aware of any impermissible use or disclosure of PHI (Protected Health Information) under Privacy Laws that compromises the security or privacy of the PHI, it is considered a Breach. The Business Associate must promptly report this Breach to the Covered Entity.

The report of the Breach must include specific information if known or reasonably obtainable. This includes contact information for individuals who may be impacted by the Breach, the date of the Breach, a brief description of the circumstances surrounding the breach, a description of the type of information involved, and what the Business Associate is doing to investigate the Breach and mitigate harm to individuals.

However, the Business Associate is not responsible for notifying individuals of a Breach and will not be responsible for any notification costs, unless required by law. Additionally, mitigation efforts by the Business Associate shall not require the Business Associate to pay the costs of credit monitoring or other similar credit protection services unless required by law.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Brightstar_Care 2025 FAQs Ask FDD Ninja