The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

OCR Fines California Dental Practice for PHI Disclosures on Yelp

Posted By on Dec 14, 2022

The HHS’ Office for Civil Rights (OCR) has announced a settlement has been reached with a Californian dental practice to resolve multiple HIPAA violations that were identified during investigations of a complaint about impermissible disclosures of protected health information on the review platform Yelp.

New Vision Dental is a Californian general dental practice with offices in South Pasadena and Glendora. On November 29, 2017, OCR received a complaint alleging Dr. Brandon Au, owner and CEO of New Vision Dental, had posted responses to several reviews by patients on Yelp and frequently disclosed protected health information in the responses. In some of the posts, patients were identified and their full names were disclosed, when they had chosen to only use a moniker on the platform. Other information allegedly posted by Dr. Au included detailed information about the patients’ visits, treatment, and insurance, when that information had not been posted publicly by the patients.

The investigation into the impermissible disclosures also included an on-site visit to New Vision Dental. OCR’s investigators were able to confirm that Dr. Au had impermissibly disclosed the protected health information of patients on multiple occasions on Yelp, that the practice did not have the required content in its Notice of Privacy Practices, and had not implemented appropriate policies and procedures concerning protected health information, including the release of protected health information on social media platforms and in public places.

New Vision Dental chose to settle the case and paid a $23,000 financial penalty, has agreed to adopt a corrective action plan to address the aspects of non-compliance identified by OCR, and will be subject to monitoring by OCR for a period of two years.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

“This latest enforcement action demonstrates the importance of following the law even when you are using social media.  Providers cannot disclose [the] protected health information of their patients when responding to negative online reviews. This is a clear NO.,” said OCR Director, Melanie Fontes Rainer. “OCR is sending a clear message to regulated entities that they must appropriately safeguard patients’ protected health information. We take complaints about potential HIPAA violations seriously, no matter how large or small the organization.”

This is the 21st financial penalty to be imposed by OCR in 2022 to resolve HIPAA violations – more than in any other year since OCR was given the authority to enforce HIPAA compliance.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist