Avoid fines for online HIPAA violations
Yelp, Google, Facebook and other social media sites provide community members the opportunity to review businesses from coffee shops, to hotels and even health care providers. While it is widely known that reviews are not always representative of the services provided, these online reviews may have an impact on your business.
At the beginning of October, Elite Dental Associates in Dallas agreed to pay a $10,000 fine for sharing health information in response to a negative review on Yelp. A patient expressed her displeasure with Elite Dental’s services. Elite Dental responded to her review, disclosing the patient’s name, details of her treatment plan, insurance and cost information.
This fine is a reminder that health care providers must be careful when responding to an online review because of the protected nature of the patient’s information. HIPAA prohibits the disclosure of protected health information in this way unless the health care provider has a signed authorization from the patient allowing the disclosure. This rule applies even if the patient has disclosed their own health information.
What can you do? You can and should respond to every review but do so in a way that does not disclose anything about the patient, including the patient’s name. A simple response is often best and demonstrates to others that you care about the patient’s experience and privacy.
For example, “We apologize that you had an experience that did not meet your expectations. Privacy laws prohibit us from sharing any information on this review, but we would love to discuss your concerns. Please reach out to us. Thank you for giving us the opportunity to improve.”
As a best practice, small businesses should monitor reviews and respond when appropriate, but make sure your response won’t cost you more than a lost customer.
For additional questions, contact Beaumont Health’s Privacy Officer, Kelly Partin at 947-522-3069 or firstname.lastname@example.org.