ProPublica, a public interest investigative newsroom, recently identified more than 3,500 one-star medical reviews on Yelp in which patients complained about privacy issues. ProPublica determined that “in dozens of instances, responses to complaints about medical care turned into disputes over patient privacy.” For example, ProPublica noted consumers giving providers negative reviews on Yelp and providers responding with details about the “patients’ diagnoses, treatments and idiosyncrasies.”
As more and more patients use online review platforms to select their providers, many providers are paying close attention to reviews. However, providers need to balance their business concerns with their Health Insurance Portability and Accountability Act (HIPAA) compliance obligations when responding to negative reviews. “Health professionals are adapting to a harsh reality in which consumers rate them on sites like Yelp, Vitals and RateMDs much as they do restaurants, hotels and spas. The vast majority of reviews are positive. But in trying to respond to negative ones, some providers appear to be violating [HIPAA],” ProPublica reported.
Legal issues that providers should be aware of when responding to online criticism include:
The U.S. Department of Health and Human Services Office of Civil Rights enforces HIPAA and may impose significant fines for each violation. Providers also need to be mindful of state privacy laws that often apply to a broader category of health information and have additional restrictions on permissible uses and disclosures of PHI without a patient authorization.
Originally, this post was an alert sent to the American Health Lawyers Association’s (AHLA) Health and Information Technology Practice Group Members. It appears here with permission. For more information, visit AHLA’s website.