In a recent resolution agreement, the US Department of Health and Human Services Office for Civil Rights (OCR) alleged that Elite Dental Associates (Elite), a dental practice in Dallas, Texas, impermissibly disclosed patients' protected health information (PHI) by responding to patient reviews on the social media site Yelp. As part of its investigation, OCR also asserted that Elite did not have (1) the appropriate policies and procedures in place regarding disclosures of PHI on social media; or (2) a Notice of Privacy Practice form that complied with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
As a result, Elite agreed to pay $10,000 to OCR and adopt a corrective action plan to settle potential violations of HIPAA. OCR characterized this settlement amount as "substantially reduced" in light of Elite's size, financial circumstances and cooperation. The corrective action plan includes two years of monitoring by OCR for HIPAA compliance purposes. The OCR Press Release regarding this settlement is available here.
With the ever-increasing proliferation of social media platforms into all aspects of our lives, health care organizations are paying even closer attention to ensuring that their HIPAA compliance policies, procedures and training materials appropriately address disclosures of PHI through social media. Our recent webinar, "HIPAA Privacy in the Age of Social Media," offers a practical guide to dealing with HIPAA privacy issues connected to the prevalence of social media. The webinar is available here.