Californian Dental Practice Issued $23,000 Fine for Sharing PHI

New Vision Dental, a Californian dental practice, has been issued a $23,000 fine and a corrective action plan by the Office for Civil Rights (OCR) after it emerged that it publicly published Protected Health Information on the review website Yelp. 

The OCR investigated New Vision Dental, which has practices in both Glendora and South Pasadena, after it received a complaint from a concerned patient on November 29, 2017. In the complaint, it was alleged that the owner and CEO of New Vision Dental, Dr. Brandon Au, impermissibly disclosed patient PHI when writing responses to reviews of his practice on Yelp. 

In some of Dr. Au’s posts, he disclosed the identity of patients (who, in some cases, had used pseudonyms on the website), alongside details of their insurance plans or the treatment that they received. This information was not contained in the original posts. 

During their investigation, agents of the OCR visited New Vision Dental’s premises. During their visit, they confirmed that on several occasions,  Dr. Au disclosed PHI on Yelp. They also discovered that the dental practice did not have a suitable Notice of Privacy Practices, and did not have adequate policies and procedures relating to the safeguarding of PHI. These all constitute HIPAA violations.

New Vision Dental agreed to pay a settlement of $23,000 for their HIPAA violations.  The practice has also agreed to adopt a corrective action plan to address these violations. The OCR will monitor the practice for two years. 

Melanie Fontes Rainer,  the Director of the OCR, has stated: “This latest enforcement action demonstrates the importance of following the law even when you are using social media.  Providers cannot disclose [the] protected health information of their patients when responding to negative online reviews. This is a clear NO… OCR is sending a clear message to regulated entities that they must appropriately safeguard patients’ protected health information. We take complaints about potential HIPAA violations seriously, no matter how large or small the organization.”

About Elizabeth Hernandez
Elizabeth Hernandez is a reporter for ComplianceHome. Elizabeth Hernandez is a journalist with a focus on IT compliance and security. She combines her knowledge in information technology and a keen interest in cybersecurity to report on issues related to IT regulations and digital security. Elizabeth's work often touches on topics like GDPR, HIPAA, and SOC 2, exploring how these regulations affect businesses and individuals. Elizabeth emphasizes the significance compliance regulations in digital security and privacy.