CME 
JOBS 
OUTBREAKS 
PEER-TO-PEER 
QUIZZES & QUESTIONS 
MEDTECH Are your health practice’s online interactions risking costly HIPAA violations?
As health practices increasingly engage with patients on social media and online platforms, understanding and complying with the HIPAA Privacy Rule is crucial. Any breaches, even inadvertent ones, can result in significant fines and corrective action.
Key Points:
- A mental health practice in New Jersey was fined $30,000 by the Office of Civil Rights (OCR) of the Department of Health and Human Services (HHS) for HIPAA Privacy Rule violations.
- The violations involved impermissibly disclosing patient information in response to negative online reviews.
- The OCR investigation found 4 such instances, and revealed the center’s failure to implement HIPAA Privacy policies and procedures.
- The agreement with OCR mandates the center to implement a corrective action plan, which includes staff training and privacy policy development, revision, and maintenance.
- The center is required to issue breach notices to affected patients and submit a breach report to HHS.
Additional Points:
- The breaches possibly resulted from staff members, such as office managers or receptionists, responding to online reviews without understanding HIPAA regulations.
- Other medical and dental practices have been fined for similar breaches.
- The HIPAA Privacy Rule protects individually identifiable health information and requires patient consent for disclosure.
Conclusion:
- Practices should carefully manage their online responses to patient reviews and ensure all staff are trained in HIPAA regulations to prevent violations.
HCN Latest Posts
- First Cases of HIV Transmitted Through Cosmetic Needles Identified: CDC
- Nutritional Support for Moderate-to-Late–Preterm Infants — A Randomized Trial
- Inducing Labor with Drug Vaginally Shows Benefits in Study
- Breakfast Cereals Scrutinized for Pesticide That May Harm Reproduction
“OCR continues to receive complaints about health care providers disclosing their patients’ protected health information on social media or on the internet in response to negative reviews. Simply put, this is not allowed.”
Melanie Fontes Rainer
OCR Director
