skip to Main Content

Dental Practice Pays $10,000 fine to OCR for Disclosing PHI on Social Media

A private dental practice in Dallas, Texas, has agreed to pay $10,000 to the U.S. Department of Health and Human Services’ Office for Civil Rights to settle potential violations of the HIPAA privacy rule concerning disclosing PHI. This substantially reduced settlement was accepted in consideration of Elite’s size, financial circumstances, and cooperation with OCR’s investigation.

 “Social media is not the place for providers to discuss a patient’s care. Doctors and dentists must think carefully about patient privacy before responding to online reviews,” states Health and Human Services’ Office of Civil Rights Director Roger Severino.

The OCR alleged that it received a complaint from a patient in June, 2016 that Elite had disclosed the patient’s last name and details of the patient’s health condition on social media. The OCR investigation “found that Elite had impermissibly disclosed the protected health information (PHI) of multiple patients in response to patient reviews on the Elite Yelp review page.”

Additionally, Elite did not have a policy and procedure regarding disclosures of PHI to ensure its social media interactions protected the PHI of its patients or a Notice of Privacy Practices that complied with the HIPAA Privacy Rule.

Elite has also agreed to two years of monitoring by OCR for compliance with HIPAA as part of a corrective action plan.

Enter your info to start your free consultation today!

  • This field is for validation purposes and should be left unchanged.

Read More on the Do’s and Don’ts of responding to online reviews HERE.

Our Senior Risk Advisors are able to advise your practice with any HIPAA concern you may have; such as responding to a non-patient review of your office. In the event your practice experiences “an impermissible use of PHI” our incident response team is with you throughout the Health and Human Services’ Office of Civil Rights audit. Additionally, your practice is protected by a $250,000 data breach and cyber insurance policy.

OfficeSafe™ automatically updates the language in your HIPAA documentation to ensure your practice is using proper policies and procedures.

Back To Top