The HHS’ Office for Civil Rights (OCR) has announced a settlement has been reached with a Californian dental practice to resolve multiple HIPAA violations that were identified during investigations of a complaint about impermissible disclosures of protected health information on the review platform Yelp.
New Vision Dental is a Californian general dental practice with offices in South Pasadena and Glendora. On November 29, 2017, OCR received a complaint alleging Dr. Brandon Au, owner and CEO of New Vision Dental, had posted responses to several reviews by patients on Yelp and frequently disclosed protected health information in the responses. In some of the posts, patients were identified and their full names were disclosed, when they had chosen to only use a moniker on the platform. Other information allegedly posted by Dr. Au included detailed information about the patients’ visits, treatment, and insurance, when that information had not been posted publicly by the patients.
The investigation into the impermissible disclosures also included an on-site visit to New Vision Dental. OCR’s investigators were able to confirm that Dr. Au had impermissibly disclosed the protected health information of patients on multiple occasions on Yelp, that the practice did not have the required content in its Notice of Privacy Practices, and had not implemented appropriate policies and procedures concerning protected health information, including the release of protected health information on social media platforms and in public places.
New Vision Dental chose to settle the case and paid a $23,000 financial penalty, has agreed to adopt a corrective action plan to address the aspects of non-compliance identified by OCR, and will be subject to monitoring by OCR for a period of two years.
“This latest enforcement action demonstrates the importance of following the law even when you are using social media. Providers cannot disclose [the] protected health information of their patients when responding to negative online reviews. This is a clear NO.,” said OCR Director, Melanie Fontes Rainer. “OCR is sending a clear message to regulated entities that they must appropriately safeguard patients’ protected health information. We take complaints about potential HIPAA violations seriously, no matter how large or small the organization.”
This is the 21st financial penalty to be imposed by OCR in 2022 to resolve HIPAA violations – more than in any other year since OCR was given the authority to enforce HIPAA compliance.
The post OCR Fines California Dental Practice for PHI Disclosures on Yelp appeared first on HIPAA Journal.