“I’ve always enjoyed poor health.”
— Taylor Caldwell
Top Story
After a California dental practice has a complaint brought against them for the disclosure of protected health information on the platform Yelp, HHS’ Office for Civil Rights (OCR) has recently announced that a settlement has been reached.
What Exactly Happened
The Californian general dental practice New Vision Dental in South Pasadena and Glendora had a complaint filed against them. Allegedly Dr. Brandon Au, owner and CEO of New Vision Dental posted responses to multiple reviews on Yelp. These responses disclosed PHI, some responses contained patients’ full names, the patients visit, treatment, and insurance information. None of the patients had previously posted this information on the platform. The complaint was filed on November 29, 2017.
The Investigation
The investigation included an on-site visit to New Vision Dental. The OCR was able to confirm that Dr. Au had disclosed protected patient health information on Yelp on multiple occasions. The practice also did not have the required content in its Notice of Privacy Practices and did not have the proper protocol in place concerning PHI in their policies and procedures. This included disclosing information on social media sites.
The Outcome
New Vision Dental decided to settle the case paying $23,000 in penalties. They also have agreed to adopt the proper action plan to address the aspects of non-compliance. The OCR will be monitoring them for two years as well. Melanie Fontes, the director of the OCR stated, “This latest enforcement action demonstrates the importance of following the law even when you are using social media. Providers cannot disclose [the] protected health information of their patients when responding to negative online reviews. This is a clear NO.,” “OCR is sending a clear message to regulated entities that they must appropriately safeguard patients’ protected health information. We take complaints about potential HIPAA violations seriously, no matter how large or small the organization.”
More penalties have been imposed by the OCR to resolve HIPAA violations in 2022 than any other year. This settlement marks the 21st financial penalty. Now that the OCR has the authority to enforce HIPAA compliance, they are taking the task very seriously, and it has shown.
Diamond of the Week
Dr. Jeanne Marrazzo 💎
Dr. Jeanne Marrazzo was just named the new director of the National Institute of Allergy and Infectious diseases after Dr. Fauci retired. Dr. Marrazzo use to be the Director of the Division of Infectious Diseases at the University of Alabama at Birmingham. She brings a wealth of knowledge and experience. To read more about her stepping into her new role this Fall click here.
Who’s the WOAT
Maternal Care Desert 😡
In the past five years about 300 childbirth units have closed in hospitals. Now about 5.6 million women in the US do not have access to childbirth and obstetrician care! 30% of the US is now considered a maternal desert. To read more about the findings click here.
Who Knew
The misconception: Some people mistakenly believe that HIPAA requires healthcare providers to keep medical records under lock and key, quite literally.
According to this misconception, healthcare providers are expected to store physical copies of medical records in massive, bank-like vaults to ensure maximum security and privacy.
In this imaginative scenario, the thought is that the physical records are only accessible after a series of intricate security measures, including fingerprint scans, voice recognition, and elaborate combinations. The misconception exaggerates the security requirements of HIPAA, painting a picture of extreme measures to protect patient information.
In reality, while HIPAA does require appropriate safeguards for the protection of patient information, it focuses more on digital security and electronic protected health information (ePHI) than on locking up physical records. The safeguards include measures like encryption, access controls, audit logs, and staff training to prevent unauthorized access and protect patient privacy.
While the humorous image of healthcare providers securing physical medical records in high-security vaults adds a whimsical touch to the misconceptions about HIPAA, it’s important to note that HIPAA’s actual requirements center on comprehensive data security strategies and responsible handling of patient information in various formats.
A Round of Applause For…
Cedar County Iowa 👏
Cedar County Iowa has continued to keep privacy and security as a top priority by renewing the contract for the 6th consecutive year!
Sources:
- Alder, Steve. “OCR Fines California Dental Practice for PHI Disclosures on Yelp.” The HIPAA Journal, 14 Dec. 2022, www.hipaajournal.com/ocr-fines-california-dental-practice-for-phi-disclosures-on-yelp/. Accessed 22 Mar. 2023.
- Think You’re Compliant? Find Out!
- Carosh Compliance Solutions, 10769 Broadway #106, Crown Point, IN, 46307