A dental practice in Dallas, Texas has agreed to pay a $10,000 fine to the Department of Health and Human Services’s Office for Civil Rights after it was found to have potentially violated the Health Insurance Portability and Accountability Act (HIPAA) by allegedly sharing protected health information on the practice’s Yelp! page.
In responding to patients’ reviews on Yelp!, Elite Dental Associates allegedly disclosed such information as patients’ last names, details of treatment plans, insurance information, and the costs of procedures.
Additionally, the practice did not have any policies and procedures related to making sure that its social media interactions did not disclose protected health information (PHI) of its patients or a Notice of Privacy Practices, which is required under HIPAA.
While not admitting any wrongdoing, the practice agreed to pay the $10,000 fine and be subjected to a corrective action plan that includes two years of monitoring by the HHS’s OCR.
“Social media is not the place for providers to discuss a patient’s care,” said Roger Severino, OCR’s Director, in a statement. “Doctors and dentists must think carefully about patient privacy before responding to online reviews.”
Given its size, financial situation, and cooperation with the investigation, HHS said it accepted a “substantially reduced settlement” in this case.