A recent settlement highlights the importance of entities subject to the Health Insurance Portability and Accountability Act (HIPAA) engaging in appropriate communications regarding their patients’ protected health information (PHI) – especially when it comes to social media.
Elite Dental Associates (Elite), a dental practice in Dallas, Texas, received a bad review on Elite’s Yelp® page by one of its patients. Elite responded to her post and included the patient’s last name and details of her health condition. The patient filed a complaint with the Office for Civil Rights (OCR) alleging Elite had violated HIPAA by disclosing her protected health information (PHI) on social media.
The OCR investigated her complaint and confirmed an impermissible disclosure of PHI had occurred, along with other instances Elite had disclosed patients’ PHI in response to their reviews on the Yelp® page. Moreover, the investigation found Elite had failed to implement policies and procedures to protect patients’ PHI during social media interactions or maintain a HIPAA-compliant Notice of Privacy Practices. The OCR recently agreed to a settlement with Elite, which includes a HIPAA violation fine of $10,000 and a corrective action plan (CAP) for Elite to follow.
HIPAA-covered entities need to be cautious when interacting with patients through social media and ensure they understand their obligations under the HIPAA Privacy Rule. Learn how to navigate the countless obligations imposed by HIPAA with ComplianceDashboard.
The information and content contained in this blog post are for general informational purposes only, and does not, and is not intended to, constitute legal advice.