In the Degree Wellness Business Associate Agreement, what is the 'Services Agreement' and how does it relate to the disclosure of Protected Health Information?
Degree_Wellness Franchise · 2025 FDDAnswer from 2025 FDD Document
WHEREAS, Business Associate has been engaged to provide certain services to Covered Entity pursuant to a separate agreement (the "Services Agreement"), and, in connection with those services, Covered Entity may need to disclose to Business Associate, or Business Associate may need to create on Covered Entity's behalf, certain Protected Health Information (as defined below) that is subject to protection under the Health Insurance Portability and Accountability Act of 1996, Public Law 104- 191 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 ("HITECH Act"), and regulations promulgated thereunder by the U.S. Department of Health and Human Services to implement certain privacy and security provisions of HIPAA (the "HIPAA Regulations"), codified at 45 C.F.R. Parts 160 and 164; and
WHEREAS, pursuant to the HIPAA Regulations, all business associates (as defined at 45 C.F.R. § 160.103), including Business Associate, of Covered Entity, as a condition of doing business with Covered Entity, must agree in writing to certain mandatory provisions regarding the privacy and security of PHI.
Source: Item 23 — Receipts (FDD pages 66–257)
What This Means (2025 FDD)
According to Degree Wellness's 2025 Franchise Disclosure Document, the Business Associate Agreement is related to a 'Services Agreement' where the Business Associate provides services to a Covered Entity. In connection with these services, the Covered Entity may disclose Protected Health Information (PHI) to the Business Associate, or the Business Associate may create PHI on the Covered Entity's behalf. This information is subject to protection under HIPAA, the HITECH Act, and related regulations.
The Services Agreement is the foundation upon which the Business Associate Agreement is built. It outlines the specific services that the Degree Wellness franchisee (as the Business Associate) will provide. Because these services may involve handling PHI, the Business Associate Agreement ensures that the franchisee complies with HIPAA regulations to protect the privacy and security of this information.
The Business Associate Agreement mandates that the Degree Wellness franchisee agrees in writing to specific provisions regarding the privacy and security of PHI as a condition of doing business with the Covered Entity. This includes using appropriate safeguards to prevent unauthorized use or disclosure of PHI, implementing administrative, physical, and technical safeguards to protect electronic PHI, and reporting any unauthorized uses or disclosures and security incidents to the Covered Entity. The franchisee must also limit PHI disclosure to the minimum amount necessary and refrain from using PHI for fundraising or marketing purposes.