Yelp reviews lead to HIPAA fines for a dental practice

This week a dental practice in Dallas, Texas agreed to pay a $10,000 fine to the U.S. Department of Health and Human Services ( HHS) for violations of the HIPAA Privacy Rule. Here's how it happened.

Responding to Yelp Reviews

On 5 June 2016, a complaint was filed with HHS from a patient at Elite Dental Associates. The patient's basis for the complaint was that Elite had responded to the patient's online Yelp review and revealed their name and health condition. In other words, someone at Elite Dental publicly posted the patient's protected health information (PHI) online. If you are a reader of this blog, you'll know that it's a HIPAA violation for a Covered Entity to post someone's PHI on a social media platform. As we can see by the dates involved, this complaint kicked off a 39 month investigation by HHS into Elite Dental. One can imagine the investigation incurred an additional $10,000 (or more) in legal and consulting fees.

Lack of Policies and Procedures

• Disclosures of Protected Health Information (PHI)
• Privacy Practices that comply with the HIPAA Privacy Rule

HIPAA Fines and Corrective Action Plan

At the conclusion of the investigation, HHS accepted a greatly reduced settlement (i.e., HIPAA fine) in consideration of Elite’s size, financial condition, and cooperation with their investigation. In addition to the settlement, Elite will undergo a corrective action plan that includes two years of monitoring by HHS for compliance with the HIPAA Rules. Read more: HHS press release

Conclusion

Roger Severino of HHS had the following comments regarding this HIPAA fine: “Social media is not the place for providers to discuss a patient’s care. Doctors and dentists must think carefully about patient privacy before responding to online reviews.”

Elite Dental Associates

Elite Dental Associates is a dental practice in Dallas, Texas. They provide general, implant, and cosmetic dentistry. Their Yelp page is here.