factual

For Degree Wellness, what are the permitted uses of PHI by the Business Associate?

Degree_Wellness Franchise · 2025 FDD

Answer from 2025 FDD Document

164, Subparts A and C, as amended by the HITECH Act and as may otherwise be amended from time to time.

  • (n) "Unsecured PHI" shall mean PHI that is not secured through the use of a technology or methodology specified by the Secretary in guidance or as otherwise defined in 45 C.F.R. § 164.402.
  1. Scope of Agreement. This Agreement applies to the PHI of Covered Entity to which Business Associate may be exposed as a result of the services that Business Associate will provide to Covered Entity pursuant to the Services Agreement. Business Associate shall abide by HIPAA, the HIPAA Regulations and the HITECH Act with respect to PHI of Covered Entity, as outlined below.

3. Obligations and Activities of Business Associate*.*

  • (a) Permitted Uses. Except as otherwise limited in this Agreement, Business Associate may use PHI (i) for the proper Administrative and administration of Business Associate, (ii) to carry out the legal responsibilities of Business Associate, or (iii) for Data Aggregation purposes for the Health Care Operations of Covered Entity. Business Associate shall not use PHI in any manner that would constitute a violation of the Privacy Rule or the HITECH Act if so used by Covered Entity. Business Associate agrees to limit its use of PHI to the minimum amount necessary to accomplish the intended purpose of the use.
  • (b) Permitted Disclosures. Business Associate may disclose PHI (i) for the proper Administrative and administration of Business Associate, (ii) to carry out the legal responsibilities of Business Associate, (iii) as Required By Law, or (iv) for Data Aggregation purposes for the Health Care Operations of Covered Entity. Business Associate shall not disclose PHI in any manner that would constitute a violation of the Privacy Rule or the HITECH Act if so disclosed by Covered Entity. In addition, if Business Associate discloses PHI to a third party, Business Associate must obtain, prior to making any such disclosure, (i) satisfactory written assurances from such third party that the PHI will be held as confidential as provided pursuant to this Agreement and only disclosed as Required By Law or for the purposes for which it was disclosed to such third party, and (ii) a written agreement from such third party to immediately notify Business Associate of any breaches of confidentiality of the PHI, to the extent such third party has obtained knowledge of such breach. Business Associate agrees to limit its disclosure of PHI to the minimum amount necessary to accomplish the intended purpose of the disclosure.
  • (c) Prohibited Uses and Disclosures. Business Associate shall not use or disclose PHI for fundraising or marketing purposes. In accordance with 45 C.F.R.

Source: Item 23 — Receipts (FDD pages 66–257)

What This Means (2025 FDD)

According to Degree Wellness's 2025 Franchise Disclosure Document, the Business Associate (which would be the franchisee) has specific permissions and limitations regarding the use of Protected Health Information (PHI). The Business Associate may use PHI for the proper administration of their business, to fulfill their legal responsibilities, or for data aggregation purposes related to the health care operations of the Covered Entity. However, these uses are limited by the agreement. Degree Wellness requires that the Business Associate limit the use of PHI to the minimum amount necessary to achieve the intended purpose.

Degree Wellness also outlines permitted disclosures of PHI. The Business Associate can disclose PHI for their own administration, to meet legal requirements, as required by law, or for data aggregation related to the Covered Entity's health care operations. If the Business Associate discloses PHI to a third party, they must first obtain written assurances that the third party will maintain the confidentiality of the information and only disclose it as legally required or for the specific purpose for which it was disclosed. The third party must also agree to immediately notify the Business Associate of any confidentiality breaches. The Business Associate must also limit the disclosure of PHI to the minimum amount necessary.

Degree Wellness places strict prohibitions on certain uses and disclosures of PHI. The Business Associate is not allowed to use or disclose PHI for fundraising or marketing purposes. Additionally, if a patient has requested a special restriction and has paid out-of-pocket for a healthcare item or service, the Business Associate cannot disclose PHI to a health plan for payment or healthcare operations purposes. The Business Associate is also prohibited from selling PHI. These restrictions ensure compliance with privacy regulations and protect patient information.

Overall, the Degree Wellness franchise agreement carefully balances the need for the Business Associate to use and disclose PHI for legitimate business purposes with the imperative to protect patient privacy and comply with applicable laws and regulations. Franchisees must adhere to these guidelines to avoid potential legal and financial repercussions.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Degree_Wellness 2025 FAQs Ask FDD Ninja