Dental Office Fined For Disclosing PHI Information on YELP

Responding to patient reviews on-line is a helpful yet perilous task. While Google encourages business owners to respond to reviews, be careful how you post and what you and your staff post in your on-line responses.

I suggest that you schedule periodic HIPAA meetings and refresher courses. For new employees, ensure that they are trained within a reasonable amount of time after they are hired.

Review your dental office manual to ensure that it contains a social media policy that is in HIPAA compliance.

Is it possible to commit a HIPAA violation on YELP?

The answer is yes!    HIPAA Journal reported:  “The Department of Health and Human Services’ Office for Civil Rights agreed to settle a HIPAA violation case with Elite Dental Associates over the impermissible disclosure of multiple patients’ protected health information when responding to patient reviews on the Yelp review website.”   The fine was $10,000 for their HIPAA violations after they inadvertently posted patients’ PHI while responding to the patients’ YELP comments. Read the article…

What is included in PHI? 

Here is a list of PHI information published in the HIPAA Journal.  Read more…

  1. Patient Names (Full or last name and initial)
  2. All geographical identifiers smaller than a state, except for the initial three digits of a zip code if, according to the current publicly available data from the U.S. Bureau of the Census: the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000
  3. Dates (other than year) directly related to an individual
  4. Phone Numbers
  5. Fax numbers
  6. Email addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health insurance beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers (including serial numbers and license plate numbers)
  13. Device identifiers and serial numbers;
  14. Web Uniform Resource Locators (URLs)
  15. Internet Protocol (IP) address numbers
  16. Biometric identifiers, including finger, retinal and voice prints
  17. Full face photographic images and any comparable images
  18. Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data

Not sure what to do next?   Contact Sharon Kantor Bogetz at 847-370-9131.  She is a dental practice management consultant with more than 17 years experience as a dental consultant.

Scroll to top