Provided by: Jennifer Kirschenbaum, Esq.
October 22, 2019
Can I respond to a Yelp review posted by a client? Seems only fair if my practice is being smeared online to defend.
Not advisable to respond, at least, not advisable for you to post more than a generic response, without detail of any patient care or otherwise. Even if a patient publicly discusses treatment or payment obligations, the treating provider is not authorized to share protected health information of any kind. This premise was recently enforced by the Office for Civil Rights ("OCR"), where a dental practice in Texas was fined $10,000 for responding to an online review, as detailed by OCR -
Dental Practice Pays $10,000 to Settle Social Media Disclosures of Patients’ Protected Health Information
Elite Dental Associates, Dallas (“Elite”) has agreed to pay $10,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Elite is a privately-owned dental practice located in Dallas, Texas, providing general, implant, and cosmetic dentistry.
On June 5, 2016, OCR received a complaint from an Elite patient alleging that Elite had responded to a social media review by disclosing the patient’s last name and details of the patient’s health condition. OCR’s investigation found that Elite had impermissibly disclosed the protected health information (PHI) of multiple patients in response to patient reviews on the Elite Yelp review page. Additionally, Elite did not have a policy and procedure regarding disclosures of PHI to ensure that its social media interactions protect the PHI of its patients or a Notice of Privacy Practices that complied with the HIPAA Privacy Rule. OCR accepted a substantially reduced settlement amount in consideration of Elite’s size, financial circumstances, and cooperation with OCR’s investigation.
“Social media is not the place for providers to discuss a patient’s care,” said OCR Director, Roger Severino. “Doctors and dentists must think carefully about patient privacy before responding to online reviews.”
In addition to the monetary settlement, Elite will undertake a corrective action plan that includes two years of monitoring by OCR for compliance with the HIPAA Rules. The resolution agreement and corrective action plan may be found at: http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/elite/index.html.