The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has reached a settlement with Manasa Health Center, LLC, a New Jersey-based healthcare provider offering adult and child psychiatric services.
The settlement comes after Manasa Health Center was accused of impermissibly disclosing the protected health information of a patient in response to a negative online review. The health center has agreed to pay $30,000 to OCR and implement a corrective action plan to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
Why It Matters
This case underscores the importance of maintaining patient privacy, particularly in the digital age where online reviews and social media interactions are commonplace. Healthcare providers must adhere to HIPAA regulations, which protect patient health information from being disclosed without consent. Violations of these regulations can lead to significant penalties, as demonstrated by the settlement reached in this case.
What They're Saying
OCR Director Melanie Fontes Rainer stated, "OCR continues to receive complaints about health care providers disclosing their patients' protected health information on social media or on the internet in response to negative reviews. Simply put, this is not allowed. The HIPAA Privacy Rule expressly protects patients from this type of activity, which is a clear violation of both patient trust and the law. OCR will investigate and take action when we learn of such impermissible disclosures, no matter how large or small the organization."
In The Know
The complaint against Manasa Health Center alleged that the health care provider posted a response to a patient's negative online review that included specific information about the individual's diagnosis and treatment of their mental health condition. OCR's investigation found that Manasa Health Center had also impermissibly disclosed the protected health information of three other patients in response to their negative online reviews. Furthermore, the investigation revealed that Manasa Health Center had failed to implement HIPAA Privacy policies and procedures.
The Next Steps
As part of the settlement, Manasa Health Center will undertake a corrective action plan that will be monitored for two years by OCR to ensure compliance with the HIPAA Privacy Rule. This plan includes developing and maintaining written policies and procedures to comply with the HIPAA Privacy Rule, training all members of Manasa Health Center's workforce on these policies and procedures, issuing breach notices to all individuals whose protected health information was disclosed on any internet platform without valid authorization, and submitting a breach report to HHS.
The Bottom Line
Healthcare providers must exercise caution when engaging with online reviews. It underscores the importance of maintaining patient privacy, in line with HIPAA regulations, even in the face of criticism or negative feedback on digital platforms. Patient information must be safeguarded at all times, and the response to online reviews must be handled with utmost care to avoid any breach of confidentiality.
Go deeper:
Dean Levitt
