Yelp postings leads to an OCR fine for posting PHI and violating HIPAA!

HealthCareInfoSecurity.com reported “Federal regulators slapped a California dental practice with a $23,000 fine and corrective action plan after its owner responded to negative Yelp reviews by posting patient data online.”  The December 14, 2022 article entitled “Dental Practice Hit With HIPAA Fine for Posting PHI on Yelp” (https://tinyurl.com/2p9b4acn) included these comments:

Federal investigators found that New Vision Dental, a practice located in the eastern exurbs of greater Los Angeles, responded to criticism by revealing the protected health information of patients.

A complaint submitted in 2017 to the Office of Civil Rights within the Department of Health and Human Services said the practice "habitually" responded to criticism by posting the real names of Yelpers submitting reviews under monikers as well as "detailed information about patient visits and insurance."

In addition to paying a $23,000 fine, New Vision Dental must remove any social media postings made since 2014 that include patient data and issue breach notices to affected individuals.

I’m sure no one is surprised, but of course this is the only dental practice sanctioned for this behavior since “In 2019, OCR settled a case with Texas-based Elite Dental Associates of Dallas for $10,000 after a patient complained that the practice had responded by sharing real name information and details of the patient's health condition (see: HHS Gives Dental Practice Posting PHI on Yelp a Bad Review https://tinyurl.com/2p92pap2).”