Peer-influenced content. Sources you trust. No registration required. This is HCN.

Medical Professionals Reference (MPR)Responding to Patient Online Reviews Could Be Risky for Providers

Are your health practice’s online interactions risking costly HIPAA violations?

As health practices increasingly engage with patients on social media and online platforms, understanding and complying with the HIPAA Privacy Rule is crucial. Any breaches, even inadvertent ones, can result in significant fines and corrective action.

Key Points:

  • A mental health practice in New Jersey was fined $30,000 by the Office of Civil Rights (OCR) of the Department of Health and Human Services (HHS) for HIPAA Privacy Rule violations.
  • The violations involved impermissibly disclosing patient information in response to negative online reviews.
  • The OCR investigation found 4 such instances, and revealed the center’s failure to implement HIPAA Privacy policies and procedures.
  • The agreement with OCR mandates the center to implement a corrective action plan, which includes staff training and privacy policy development, revision, and maintenance.
  • The center is required to issue breach notices to affected patients and submit a breach report to HHS.

Additional Points:

  • The breaches possibly resulted from staff members, such as office managers or receptionists, responding to online reviews without understanding HIPAA regulations.
  • Other medical and dental practices have been fined for similar breaches.
  • The HIPAA Privacy Rule protects individually identifiable health information and requires patient consent for disclosure.


  • Practices should carefully manage their online responses to patient reviews and ensure all staff are trained in HIPAA regulations to prevent violations.

HCN Latest Posts

“OCR continues to receive complaints about health care providers disclosing their patients’ protected health information on social media or on the internet in response to negative reviews. Simply put, this is not allowed.”

Melanie Fontes Rainer
OCR Director

The Healthcare Communications Network is owned and operated by IQVIA Inc.

Click below to leave this site and continue to IQVIA’s Privacy Choices form