California Dental Practice Pays $23,000 Settlement For Potential HIPAA Privacy Violations Involving Yelp Posts
Monday, September 11, 2023
By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law
On December 14, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled with New Vision Dental (NVD) over a potential HIPAA Privacy violation. The California-based dental practice paid $23,000 to OCR and agreed to implement a corrective action plan after allegedly including protected health information (PHI) in its responses to reviews on Yelp.
The Complaint and Investigation.
On November 29, 2017, the Office for Civil Rights (OCR) received a complaint alleging New Vision Dental had posted responses to several unfavorable reviews by patients on Yelp and frequently disclosed confidential protected health information (PHI) in its responses. For example, in some posts, patients were allegedly identified, and NVD revealed their full names when the patient may have only chosen to use a made up name on the platform. Other information allegedly posted included detailed information about the patient’s visits, treatment, and health insurance, when that information had not been posted publicly by the patient.
The federal agency's investigation found potential violations of the HIPAA Privacy Rule, including impermissible uses and disclosures of PHI and failures to provide an adequate Notice of Privacy Practices and implement Privacy policies and procedures. “This latest enforcement action demonstrates the importance of following the law even when you are using social media. Providers cannot disclose protected health information of their patients when responding to negative online reviews. This is a clear 'NO,'” said OCR Director, Melanie Fontes Rainer in a statement.
To read more, click here for the press release from the HHS.
In addition to the settlement, NVD agreed to implement a corrective action plan (CAP) that will be monitored for two years by OCR. As part of its CAP, the dental practice agreed to develop, revise, and maintain written policies and procedures to comply with federal privacy and security standards. All workforce members will also receive training on those policies and procedures, and NVD is required to remove all social media postings that include PHI.
The resolution agreement and CAP can be viewed here.
Guidelines for Appropriate use of Social Media and Social Networking.
Health care professionals are discouraged from interacting with current or past patients on personal social networking sites, and should never, under any circumstances reveal personal information about the patient or the patient's treatment or care. Online interaction with patients should only occur when discussing the patient’s medical treatment within the physician-patient relationship and with a written, signed consent by the patient to use e-mail or other online services for such messaging. These interactions should never occur on personal social networking or social media websites.
Patient privacy must be protected at all times, especially on social media and social networking websites. Breaches in patient confidentiality could be harmful to the patient and in violation of federal privacy laws such as the Health Insurance Portability and Accountability Act of 1996 and applicable state privacy laws.
Failure to Comply With HIPAA Can Result in Both Civil and Criminal Penalties.
This penalty was the 21st financial penalty to be imposed by OCR in 2022 to resolve HIPAA violations, more than in any other year since it was given the authority to enforce HIPAA compliance. With an increase in the popularity and availability of social media platforms, also comes an increase in potential privacy violations. To read a previous blog I wrote on this, click here.
If Notified of a HIPAA Investigation or Audit, Consult an Experience Health Law Attorney Immediately.
If you receive notice that you have a HIPAA Privacy COmplaint, ares suspected of a HIPAA breach, or are the subject of a HIPAA audit, cionsult with an experienced health care attorney right away. There are many technicalities to these laws and regulations and what may initially seem like a violation may be proven to be nothing. There are many defnses that can be raised and often a complaint may be dismissed by the OCR once the correct facts are shown to it by your attorney.
Don’t Wait Until It’s Too Late, Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.
The attorneys of The Health Law Firm represent physicians, nurses, and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).
For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.
Alder, Steve. "OCR Fines California Dental Practice for PHI Disclosures on Yelp." HIPAA Journal. (December 14, 2022). Web.
McKeon, Jill. "OCR Settles Potential HIPAA Violation After Dental Practice Discloses PHI on Yelp." Health Care It News. (December 14, 2022).
Health News Weekly. "California Dental Practice Pays $23,000 to Resolve Potential HIPAA Violations Involving Social Media Posts." AHLA. (December 16, 2022). Web.
About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toll-Free: (888) 331-6620.
Current Open Positions with The Health Law Firm. The Health Law Firm always seeks qualified individuals interested in health law. Its main office is in the Orlando, Florida, area. If you are a current member of The Florida Bar or a qualified professional who is interested, please forward a cover letter and resume to: KBrant@TheHealthLawFirm.com or fax them to (407) 331-3030.
KeyWords: Health Insurance Portability and Accountability Act (HIPAA) defense, HIPAA compliance, representation for patient protected health information (PHI) violations, representation for U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) investigations, HIPAA compliance audit, HIPAA violation defense lawyer, penalties for HIPAA violation, criminal penalties for HIPAA violation, civil penalties for HIPAA violation, Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule lawyer, HIPAA Privacy Rule defense counsel, HIPAA Privacy Rule defense lawyer, HIPAA compliance attorney, HIPAA compliance defense lawyer, data security legal representation, representation for HIPAA violations, HIPAA compliance audit legal representation, legal representation for HIPAA compliance, legal counsel for penalties for HIPAA violation, HIPAA OCR complaint defense attorney, HIPAA OCR complaint legal defense representation lawyer, legal counsel for HIPAA violation complaint, legal counsel for HIPAA breach, Department of Health and Human Services (HHS) investigation defense attorney, HHS complaint investigation defense lawyer, health care license defense attorney, legal representation for Department of Health (DOH) and Board of Medicine investigations, DOH and Board of Medicine investigation defense lawyer, DOH and Board of Medicine investigation defense attorney, reviews of The Health Law Firm, The Health Law Firm attorney reviews, Office of Civil Rights (OCR) defense attorney, physician license defense attorney, medical license defense lawyer, HIPAA corrective action plan (CAP) attorney, HIPAA breach risk assessment attorney and lawyer, administrative hearing defense lawyer, defense legal representation for HIPAA investigations, HIPAA audit defense lawyer, HIPAA defense complaint lawyer, HIPAA investigation defense representation, HIPAA risk analysis lawyer, HIPAA violation defense lawyer, HIPAA/breach of confidentiality law defense attorney, legal counsel for preparing HIPAA Risk Analysis, legal defense counsel for Corrective Action Plans (CAPs), legal defense for OCR complaint investigations, legal representation to defend HIPAA violations, legal representation to defend OCR HIPAA audits, OCR investigation defense, representation for administrative hearing cases, representation for federal administrative litigation, representation for HIPAA/breach of confidentiality law suits
“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2023 The Health Law Firm. All rights reserved.
Like this blog? Add your public comments:
Items in bold indicate required information.