Elite Dental Associates agreed to pay $10,000 in HIPAA settlements to the Office for Civil Rights (OCR) for a potential HIPAA violation for a social media post.

After a patient of Elite Dental Associates complained about the dental practice and posted a social media review, Elite Dental Associates felt the need to respond to the complaint and in turn posted the name of the patient and their medical information, along with the details of the patient’s procedure, online.

The patient ended up filing a complaint with the Office for Civil Rights (OCR); The OCR found several potential HIPAA violations and after an investigation, found that Elite Dental Associates had compromised the security/privacy of the protected health information (PHI) – in response to the reviews on social media. In addition, the OCR found that Elite Dental Associates did not have policies and procedures in place regarding disclosures of PHI or a notice of privacy practices in compliance with the HIPAA Privacy Rule.

In this case, there are two parts:

1). The fine, which is one part of the expense, and 2). Elite was required to adopt a corrective action plan. The OCR also put in place two years of oversight monitoring. The oversight process can be very unsettling because the OCR is constantly looking over your shoulder.

Any negative social media reviews or “grade” of medical practices can drive or discourage business. For a business, the tendency is to respond to the negativity to justify the actions taken, however the best action is to use social media to showcase your business in a positive light.

Social media tips to follow:

  • Never put any patient details or information on social media.
  • Keep responses generic, positive, and upbeat.
  • Have a social media policy in place.
  • Train staff on the policy.
  • Develop an approval process for social media posts.

This settlement is a good reminder for all covered entities subject to the HIPAA Privacy Rule that PHI of patients cannot be disclosed through social media. Health care providers are restricted to responding to social media posts and any other reviews in a manner that would not disclose a patient’s PHI.