HIPAA Privacy & Security Compliance Gets Real
The federal Office for Civil Rights recently announced a $10,000 settlement against a small dental practice in Texas for failing to maintain the privacy of patients on social media when responding to an online review of the practice.
“Social media is not the place for providers to discuss a patient’s care,”
said OCR Director, Roger Severino.
“Doctors and dentists must think carefully about patient privacy before
responding to online reviews.”
The OSMA has often heard from practices about the frustration of seeing an online complaint and feeling helpless to respond. Our suggestions have always been to take patient care discussions offline and having an internal policy to reach out privately to patients to discuss concerns and resolutions of complaints. As noted in by OCR, HIPAA privacy rules apply and practices should have HIPAA compliant policies and procedures related to disclosure of patient protected health information (PHI) in all situations.