Maintaining Healthcare Compliance in 2023

Navigating a potential HIPAA minefield when responding via social media

PRACTICE PAYS $23k FOR DISCLOSING PHI IN YELP REVIEW

On one level or another we all utilize social media. Whether it is looking at menu items from a new restaurant, or reading reviews from Yelp or Google we all probably spend more time than we would like to admit using these social platforms.

With that said, I’d like to share with you a cautionary tale from 2017 where a general dentist in California learned the hard way not to be aggressive in one’s own defense on social media (Yelp in particular).

While there wasn’t one particular response to a Yelp review that landed the South Pasadena dentist in hot water, it was a pattern that was reported on that did.

Basically, in the defense of the practice’s “good name,” the physician oftentimes responded to reviews with comments containing appointment times, treatments, insurance carrier information and full names (when that information had not already been disclosed by his clients in the reviews).

I’m not sure why this dentist thought this was okay, or there existed an environment in which this was acceptable, but once the OCR was notified; an investigation occurred…

During the subsequent investigation, the OCR confirmed that impermissible disclosures occurred on multiple occasions. Additionally, the investigation revealed that the office’s HIPAA documentation was severely lacking the required content (Notice of Privacy Practices, Release of PHI, and Social Media Consent).

Even an effective HIPAA compliance program only goes so far:

In the end the practice owner/dentist settled the case for a $23k financial penalty, OCR monitoring for two years, and must adopt corrective actions immediately. HIPAA Privacy, Security is no joke, and to see a situation like this where the most basic sense of healthcare compliance was cast aside is staggering.

I wish I could say this isn’t a common occurrence. I just don’t know what it is about social media that drives the urge to respond to every “less than 4-star” review. Social media review sites, like Yelp, are a HIPAA landmine for any practice. Had the dentist participated in Health Care Compliance Training or really any effective HIPAA compliance program this situation could have been avoided entirely.

Now for a little advice… Before you post a response on social media, please think twice. You could be saving yourself and your practice a good deal of time and money should things go awry. Honestly, HIPAA compliance can become even more challenging when questionable decisions are made from this social media angle. I’d strongly suggest anyone who deals in any form of dental compliance to contract HIPAA Privacy and Security compliance services.

Source Link: OCR Fines California Dental Practice for PHI Disclosures on Yelp