Writing Google reviews about patients is actually a HIPAA violation

[ad_1]

In the past few years, the phrase “HIPAA violation” has been thrown around a lot, often incorrectly. People have cited the law, which protects patient health information, as a reason they can’t be asked if they’re vaccinated or get a doctor’s note for an employer.

But asking someone if they’re vaccinated isn’t actually a HIPAA violation. That’s a fine and not-illegal thing for one non-doctor to ask another non-doctor. What is a HIPAA violation is what U. Phillip Igbinadolor, a dentist in North Carolina, did in September 2015, according to the Department of Health and Human Services. After a patient left an anonymous, negative Google review, he logged on and responded with his own post on the Google page, saying that the patient missed scheduled appointments. “Does he deserve any rating as a patient? Not even one star,” Igbinadolor wrote, according to the notice of proposed determination outlining the violation. (For the curious, the redacted HIPAA-violating Google post is on page 3.)

In the post, he used the patient’s full name and described, in detail, the specific dental problem he was in for: “excruciating pain” from the lower left quadrant, which resulted in a referral for a root canal.

That’s what a HIPAA violation actually looks like. The law says that healthcare providers and insurance companies can’t share identifiable, personal information without a patient’s consent. In this case, the dentist (a healthcare provider) publicly shared a patient’s name, medical condition, and medical history (personal information). As a result, the office was fined $50,000.

This isn’t an uncommon occurrence: a 2016 ProPublica investigation found that doctors regularly include details about patients’ health in response to negative Yelp reviews. And in 2019, another dentist was fined $10,000 for putting the information of multiple patients on Yelp.

The Office for Civil Rights at the Department of Health and Human Services, which enforces HIPAA, asked to see Igbinadolor’s office’s internal policies and procedures around personal health information and social media. As of fall 2020, the office hadn’t provided anything. The office should probably implement one easy policy to keep something like this from happening again: even if a patient is annoying, never post.

[ad_2]

Source link

Related articles

Xbox Series X consoles are available for Best Buy’s Totaltech members

The Xbox Series X is sometimes a little easier to buy than Sony’s PlayStation 5, but that doesn’t mean it’s a simple endeavor. The good news is that Best Buy has...

Our Flag Means Death creator David Jenkins fancies a fine narrative fabric

For many people, Our Flag Means Death was an unexpected history lesson about the adventures of Stede Bonnet, the real 18th-century pirate who loved the high seas almost as much as...

How to change your default browser in Windows 11

If you’ve updated your PC from Windows 10 to Windows 11, you may have noticed that when you click on a link for a website, a PDF document, or a variety...

Fortnite’s Zero Build mode is bringing people back to the game

Fortnite’s latest season kicked off a big shakeup: developer Epic Games removed building, perhaps the game’s most iconic feature, from the core battle royale modes. It was a risky move that...

What Elon Musk’s Twitter ‘free speech’ promises miss

Thursday morning, Elon Musk offered to buy Twitter to save free speech. “I invested in Twitter as I believe in its potential to be the platform for free speech around the...

Latest articles