There are franchises in countless industries: food service, home repair, business services, entertainment and recreation, personal care services, and health care. Yes, health care franchises. Health care franchises include concepts that provide health, nursing, physical therapy, dental, urgent care, massage, chiropractic, and rehabilitation services. And, franchises that offer and sell health care devices and products such as hearing aids and prescription eye glasses and contacts. It does not stop there.
Being part of the health care industry carries special privacy and security considerations. Every business is concerned about privacy and security, but entities working in the health care industry, are held to a higher standard. At the federal level, there is the HIPAA privacy and security and at the state level there are numerous health care privacy and security laws. HIPAA is the federal law that covers health care privacy and security. The mandates of HIPAA can be robust and a concern for everyone in the health care industry.
As with laws that directly affect the franchise business operations, the franchisors may take the position, it is the responsibility of the franchisee to comply. Yes, as part of the franchise disclosure document or FDD, the franchisor is required to disclose laws that affect the franchise business operations in Item 1. And, the franchisor may provide an overview of HIPAA during the initial training. But, at the end of day, the fall back is the provision in the franchise agreement that says: “It is the franchisee’s sole obligation and responsibility to operate the Franchise Business in compliance with any and all applicable laws.”
Wait, no so fast. HIPAA ALERT: IF YOUR FRANCHISEES ARE COVERED BY HIPAA, FRANCHISOR MAY BE OBLIGATED TO CONFORM TO HIPAA STANDARDS.
If the franchisor views patient information for consultation with the franchisees,completes audits or consumer satisfaction surveys, or has access patient information- the franchisor may be considered a business associate and thereby obligating the franchisor to comply with HIPAA mandates.
What does HIPAA compliance require? HIPAA compliance requires the:
• Signing of business associate agreements
• Developing of privacy policies and procedures
• Developing of security policies and procedure
• Training of staff and workforce members
• Providing of notification to patient and the Department of Health and Human Services in event of breach
The ideology of franchising is built-on uniformity; the use of a single brand name and the uniformity of one operating system that transcends varying demographic and geographic territories. The innate uniformity of franchising beckons for the development of franchise system-wide HIPAA safeguards and HIPAA compliance. Does not make sense if franchisors and franchisees alike use the same mode and means of communication, the same mode and means of storing information, and access information that system-wide HIPAA policies and procedures are developed uniformly to safeguard these means and modes of communication, storage, access, and disclosure of information.
For more information about HIPAA and health care privacy and security, sign up for our HIPAA newsletter at: http://eepurl.com/IB1kH