Yelp Reviews lead to HIPAA Fines for a Dental Practice
by Hoala Greevy Founder CEO of Paubox
This week a dental practice in Dallas, Texas agreed to pay a $10,000 fine to the U.S. Department of Health and Human Services (HHS) for violations of the HIPAA Privacy Rule.
Here’s how it happened.
Responding to Yelp Reviews
On 5 June 2016, a complaint was filed with HHS from a patient at Elite Dental Associates. The patient’s basis for the complaint was that Elite had responded to the patient’s online Yelp review and revealed their name and health condition.
In other words, someone at Elite Dental publicly posted the patient’s protected health information (PHI) online.
As we can see by the dates involved, this complaint kicked off a 39 month investigation by HHS into Elite Dental. One can imagine the investigation incurred an additional $10,000 (or more) in legal and consulting fees.
Lack of Policies and Procedures
During the investigation, it was also discovered that Elite Dental did not have the following Policies and Procedures in place:
- Disclosures of Protected Health Information (PHI)
- Privacy Practices that comply with the HIPAA Privacy Rule
HIPAA Fines and Corrective Action Plan
At the conclusion of the investigation, HHS accepted a greatly reduced settlement (i.e., HIPAA fine) in consideration of Elite’s size, financial condition, and cooperation with their investigation.
In addition to the settlement, Elite will undergo a Corrective Action Plan that includes two years of monitoring by HHS for compliance with the HIPAA Rules.
Read more: HHS press release
Roger Severino of HHS had the following comments regarding this HIPAA fine:
“Social media is not the place for providers to discuss a patient’s care. Doctors and dentists must think carefully about patient privacy before responding to online reviews.”
Elite Dental Associates
Elite Dental Associates is a dental practice in Dallas, Texas. They provide general, implant, and cosmetic dentistry.
Their Yelp page is here.