Under what circumstances does the Degree Wellness agreement exclude individually identifiable health information from being considered PHI?

According to Degree Wellness's 2025 Franchise Disclosure Document, individually identifiable health information regarding a person who has been deceased for more than fifty (50) years is excluded from being considered Protected Health Information (PHI). PHI is defined as any information, whether oral or recorded, that relates to an individual's past, present, or future physical or mental condition, the provision of healthcare, or payment for healthcare, and that identifies the individual or could reasonably be used to identify them. This definition aligns with the Privacy Rule under HIPAA regulations.

For a Degree Wellness franchisee, this means that while they must adhere to strict privacy and security protocols for all current and recent patient data, information pertaining to individuals deceased for over 50 years does not fall under these regulations. This distinction is important for managing data storage and compliance efforts, as it clarifies the scope of information that requires protection under HIPAA and related agreements.

It is important to note that this exclusion is very specific. All other individually identifiable health information, including electronic protected health information (ePHI), is considered PHI and must be handled according to HIPAA regulations and the terms of the Business Associate Agreement. Degree Wellness franchisees must ensure their practices and systems are fully compliant with these regulations to protect patient privacy and avoid potential legal or financial repercussions.