Dental practice pays $10K to settle disclosures of patients’ PHI on social media

October 10, 2019

A private dental practice in Dallas, Texas, has agreed to pay $10,000 to the U.S. Department of Health and Human Services’ Office for Civil Rights to settle potential violations of the HIPAA privacy rule.

The HHS reported last week that the OCR completed its investigation of a complaint by a patient who alleged that Elite Dental Associates, Dallas, disclosed on social media the patient’s last name and the details of the patient’s health condition.

“OCR’s investigation found that Elite had impermissibly disclosed the protected health information (PHI) of multiple patients in response to patient reviews on the Elite Yelp review page,” the HHS stated in the news release.

In addition to paying the $10,000 settlement, Elite agreed to two years of monitoring by OCR for compliance with HIPAA as part of a corrective action plan.

“Doctors and dentists must think carefully about patient privacy before responding to online reviews,” OCR Director Roger Severino said.

The HIPAA privacy rule defines and limits the situations in which a HIPAA-covered entity may use or disclose patients’ protected health information. Written patient authorization is required for any use or disclosure that is not permitted or required by HIPAA or state law.

The CDA Practice Support resource “Uses and Disclosures of Patient Health Information” (login required) reviews the HIPAA privacy rule and other federal and state laws that protect PHI.

Find HIPAA-related resources in the CDA Practice Support resource library.


Was this resource helpful?