A California dental practice has paid $23,000 to the U.S. Department of Health and Human Services' Office of Civil Rights to settle a potential HIPAA violation for reportedly disclosing patient-protected health information in responses to Yelp reviews.
Dr. B. Brandon Au, doing business as New Vision Dental in South Pasadena and Glendora, agreed to the payment and to implement a corrective action plan to resolve the investigation. The plan will be monitored by the agency for two years, according to an OCR press release dated December 14.
The settlement is not an admission of liability by New Vision Dental, nor does it concede that the practice violated HIPAA and is liable for civil penalties, as outlined in the resolution agreement.
On November 29, 2017, the OCR received a complaint alleging that New Vision Dental impermissibly disclosed protected health information on its Yelp business page when Au responded to various reviews.
Specifically, the complainant alleged that the practice habitually disclosed patient-protected health information when it responded to patient posts. In some cases, the practice provided full names whereas only patients' Yelp monikers were used. In addition, New Vision Dental provided detailed information about patient visits and insurance that may not have been previously mentioned in their initial reviews, according to the agreement.
During its review of the practice's Yelp page, the OCR confirmed that the practice had posted responses to reviews that compromised protected health data, which can be a HIPAA violation. The practice was notified of the investigation in August 2018.
