There is no doubt that social media has its benefits, especially for medical practices that have come to use it for marketing and advertising.  However, risks are lurking.  On October 2, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) entered into a $10,000 settlement with a dental practice (the “Practice”) for disclosing protected health information of a patient when responding to a review on a Yelp page.

In this matter, a patient complained to OCR that the Practice impermissibly disclosed the patient’s name and details about his/her condition on Yelp.  Upon its investigation, OCR found that the Practice: (1) impermissibly disclosed the protected health information (“PHI”) of multiple patients in response to patient reviews; (2) did not have any policies or procedures regarding disclosures of PHI to ensure that any social media interactions protected the PHI of its patients; and (3) had a noncompliant Notice of Privacy Practices.  In addition to the settlement amount, the Practice also entered into a Resolution Agreement with OCR whereby the Practice has to, among other requirements, develop and maintain policies and procedures, revise its Notice of Privacy Practices, and apply and document sanctions for workforce members who fail to comply with such policies and procedures.

Interestingly, OCR noted that it drastically reduced the settlement amount due to the Practice’s size.  However, it is clear from the settlement and corresponding press release that providers of all types and sizes should be on high alert for this type of violation.  Specifically, OCR’s director, Roger Severino, stated the following: “Social media is not the place for providers to discuss a patient’s care . . . [d]octors and dentists must think carefully about patient privacy before responding to online reviews.”

As a result of this enforcement action, covered entities of all sizes should re-examine their policies and procedures to ensure they are clear that providers are not to disclose any PHI on a social media website, even if prompted by a patient complaint.  This advice extends not only to Yelp, but also to any social media page linked with the covered entity (e.g. Instagram, Facebook, Twitter etc.).  If you have any questions, or need assistance with policy and procedure drafting or review, please contact Stephanie S. Sobkowiak at 203.772.7782 or ssobkowiak@murthalaw.com or Daniel J. Kagan, at 203.772.7726 or dkagan@murthalaw.com.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Daniel J. Kagan Daniel J. Kagan

Dan Kagan is an Associate in the Health Care, Long Term Care and Privacy and Cybersecurity Groups. He represents hospitals, physicians, nursing homes, assisted living communities, CCRCs and other health care clients with a wide range of regulatory, compliance, risk management, transactional and…

Dan Kagan is an Associate in the Health Care, Long Term Care and Privacy and Cybersecurity Groups. He represents hospitals, physicians, nursing homes, assisted living communities, CCRCs and other health care clients with a wide range of regulatory, compliance, risk management, transactional and reimbursement issues.

With regard to Privacy and Cybersecurity, Dan has experience drafting privacy policies and notices, website terms of use, written information security plans and incident response plans.  Dan counsels clients on compliance issues related to state, federal and international privacy laws including the General Data Protection Regulation (GDPR).  Dan also has experience representing both health care and non-health care clients that have suffered data breaches and assists such clients with breach response and applicable reporting obligations.  Dan writes extensively on privacy and cybersecurity issues and is a co-editor of Murtha’s Privacy and Cybersecurity Perspectives blog.

As a member of the Health Care and Long Term Care groups, Dan has experience representing clients with HIPAA compliance, Stark and anti-kickback analyses, purchase and sale transactions, reviewing and drafting contracts, certificate of need requirements, rate appeals, Medicare and Medicaid audits, medical staff and credentialing matters, licensing and change of ownership proceedings.

Prior to joining Murtha Cullina, Dan clerked for the Honorable Lubbie Harper, Jr. and the Honorable Joseph H. Pellegrino of the Connecticut Appellate Court.

Dan received his J.D. with honors from the University of Connecticut School of Law where he was a Notes and Comments Editor for the Connecticut Insurance Law Journal. He earned his Bachelor of Arts in Economics from McGill University.