Writing Google reviews about patients is actually a HIPAA violation

Up to now few years, the phrase “HIPAA violation” has been thrown round loads, usually incorrectly. Folks have cited the regulation, which protects affected person well being data, as a motive they will’t be requested in the event that they’re vaccinated or get a health care provider’s observe for an employer.

However asking somebody in the event that they’re vaccinated isn’t truly a HIPAA violation. That’s a wonderful and not-illegal factor for one non-doctor to ask one other non-doctor. What is a HIPAA violation is what U. Phillip Igbinadolor, a dentist in North Carolina, did in September 2015, in keeping with the Division of Well being and Human Companies. After a affected person left an nameless, damaging Google evaluate, he logged on and responded along with his personal submit on the Google web page, saying that the affected person missed scheduled appointments. “Does he deserve any score as a affected person? Not even one star,” Igbinadolor wrote, in keeping with the discover of proposed willpower outlining the violation. (For the curious, the redacted HIPAA-violating Google submit is on web page 3.)

Within the submit, he used the affected person’s full title and described, intimately, the particular dental downside he was in for: “excruciating ache” from the decrease left quadrant, which resulted in a referral for a root canal.

That’s what a HIPAA violation truly appears to be like like. The regulation says that healthcare suppliers and insurance coverage firms can’t share identifiable, private data with no affected person’s consent. On this case, the dentist (a healthcare supplier) publicly shared a affected person’s title, medical situation, and medical historical past (private data). Because of this, the workplace was fined $50,000.

This isn’t an unusual incidence: a 2016 ProPublica investigation discovered that docs repeatedly embody particulars about sufferers’ well being in response to damaging Yelp opinions. And in 2019, one other dentist was fined $10,000 for placing the knowledge of a number of sufferers on Yelp.

The Workplace for Civil Rights on the Division of Well being and Human Companies, which enforces HIPAA, requested to see Igbinadolor’s workplace’s inner insurance policies and procedures round private well being data and social media. As of fall 2020, the workplace hadn’t supplied something. The workplace ought to most likely implement one simple coverage to maintain one thing like this from taking place once more: even when a affected person is annoying, by no means submit.