The Truth is Powerful
United States: Rebutting Negative Online Reviews Can Land Healthcare Providers In HIPAA Hot Water
As part of a society that seems unabashedly eager to disclose personal information online, health care providers must remember that the disclosure of protected health information (PHI) remains very much proscribed. Pursuant to the Health Insurance Portability and Accountability Act Privacy Rule (HIPAA Privacy Rule), a covered entity is generally prohibited from disclosing PHI. The HIPAA Privacy Rule also imposes certain administrative requirements on covered entities that include, but are not limited to, designating a privacy official who is responsible for developing and implementing policies and procedures for the covered entity; training employees on those policies and procedures; and employing appropriate administrative, technical and physical safeguards to protect PHI.
The Office of Civil Rights (OCR) the agency which enforces the HIPAA Privacy Rule recently provided a pointed reminder about these standards to a dental provider who impermissibly disclosed PHI online and thereafter refused to cooperate with OCR’s requests for policies and procedures relating to protecting PHI. OCR began investigating the dental provider after receiving a complaint that the dental provider impermissibly disclosed PHI in responding to an anonymous negative online review. The dental provider’s response stated:
It’s so fascinating to see [patient’s full name] make unsubstantiated accusations when he only came […]