factual

Does the Dermani Medspa agreement require compliance with HIPAA regarding patient information?

Dermani_Medspa Franchise · 2025 FDD

Answer from 2025 FDD Document

ere with the operation of the Computer System in the manner we require.

  • 2.4.4. We have the right to specify in the Manual, or otherwise in writing, the information that you must collect and maintain through the Computer System and to do so at the intervals we designate. Subject to any applicable laws pertaining to the privacy of consumer, employee, and transactional information, including but not limited to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), you agree to provide us, or designated suppliers of support services that use such data to provide services to the Franchised Business, with the reports that we may reasonably request. You agree to allow us to have independent access to the information generated or stored in your Computer System. During any periods that we have independent access, we may access the Computer System as we deem appropriate (including on a continual basis), and retrieve all information concerning your Franchised Business's operation, subject to your and our compliance with HIPAA (if applicable) or other applicable law relating to confidentiality of patient records. There are no contractual limitations on our right to access your Company System for information and data.
  • 2.4.5. By execution of this Agreement, you and we agree to abide by the terms of the Business Associate Agreement regarding customers' protected health information, as provided in the Management Agreement at Exhibit J, the terms of which are hereby incorporated into and become effective with the execution of this Agreement. You agree to execute an amended Business Associate Agreement to the extent we determine such an amended agreement is necessary.
  • 2.4.6.

Source: Item 23 — RECEIPTS (FDD pages 66–311)

What This Means (2025 FDD)

According to Dermani Medspa's 2025 Franchise Disclosure Document, the franchise agreement requires compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Dermani Medspa franchisees must adhere to applicable laws, including HIPAA, concerning the privacy of consumer, employee, and transactional information. Franchisees must provide Dermani Medspa, or their designated support service suppliers, with requested reports, while remaining compliant with HIPAA. Dermani Medspa retains the right to independently access information generated or stored in the franchisee's computer system, provided that both parties comply with HIPAA or other applicable laws regarding patient record confidentiality.

The Dermani Medspa agreement includes a Business Associate Agreement, outlined in Exhibit J of the Management Agreement, which both the franchisor and franchisee must abide by regarding customers' protected health information. Franchisees also agree to execute amended Business Associate Agreements if Dermani Medspa deems it necessary.

Furthermore, the franchise agreement states that any ambiguity will be resolved to ensure compliance with HIPAA, its regulations, and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Inconsistencies between the agreement and regulations will be governed by the regulations. Dermani Medspa's confidential information includes knowledge of operating results and financial performance of Medspas and Franchised Businesses, but this is subject to compliance with HIPAA and other requirements.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Dermani_Medspa 2025 FAQs Ask FDD Ninja