What standards must the Business Associate follow when de-identifying PHI for Dermani Medspa?
Dermani_Medspa Franchise · 2025 FDDAnswer from 2025 FDD Document
- e. De-Identification. Business Associate may use PHI to create information that is deidentified. Any such de-identification by Business Associate will be done in compliance with 45 C.F.R. § 164.514(b). Covered Entity agrees that de-identified information may be used and disclosed on Business Associate's own behalf. Covered Entity agrees that any de-identified information is and will remain the sole property of Business Associate and, due to the regulatory treatment of de-identified information, is no longer PHI and not subject to this Agreement or the Regulations.
Source: Item 23 — RECEIPTS (FDD pages 66–311)
What This Means (2025 FDD)
According to Dermani Medspa's 2025 Franchise Disclosure Document, a Business Associate may use Protected Health Information (PHI) to create de-identified information. When de-identifying PHI, the Business Associate must comply with the standards set forth in 45 C.F.R. § 164.514(b). Dermani Medspa agrees that this de-identified information can be used and disclosed on the Business Associate's own behalf.
Dermani Medspa specifies that any de-identified information is and will remain the sole property of the Business Associate. Due to regulations regarding de-identified information, it is no longer considered PHI and is not subject to the agreement or regulations governing PHI.
This means a Dermani Medspa franchisee should understand the specific requirements for de-identifying patient health information to ensure compliance with HIPAA regulations. The franchisee should also recognize that once the information is properly de-identified, it becomes the property of the Business Associate, allowing them to use it for their own purposes.