Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Medicine The Almighty Buck

Writing Google Reviews About Patients Is Actually a HIPAA Violation (theverge.com) 71

"According to The Verge, health providers writing Google reviews about patients with identifiable information is a HIPAA violation," writes Slashdot reader August Oleman. From the report: In the past few years, the phrase 'HIPAA violation' has been thrown around a lot, often incorrectly. People have cited the law, which protects patient health information, as a reason they can't be asked if they're vaccinated or get a doctor's note for an employer. But asking someone if they're vaccinated isn't actually a HIPAA violation. That's a fine and not-illegal thing for one non-doctor to ask another non-doctor. What is a HIPAA violation is what U. Phillip Igbinadolor, a dentist in North Carolina, did in September 2015, according to the Department of Health and Human Services. After a patient left an anonymous, negative Google review, he logged on and responded with his own post on the Google page, saying that the patient missed scheduled appointments. [...]

In the post, he used the patient's full name and described, in detail, the specific dental problem he was in for: "excruciating pain" from the lower left quadrant, which resulted in a referral for a root canal. That's what a HIPAA violation actually looks like. The law says that healthcare providers and insurance companies can't share identifiable, personal information without a patient's consent. In this case, the dentist (a healthcare provider) publicly shared a patient's name, medical condition, and medical history (personal information). As a result, the office was fined $50,000 (PDF).

This discussion has been archived. No new comments can be posted.

Writing Google Reviews About Patients Is Actually a HIPAA Violation

Comments Filter:
  • No shit Sherlock (Score:3, Insightful)

    by rsilvergun ( 571051 ) on Friday April 01, 2022 @09:49PM (#62409978)
    How is this even news? How can you be in any way shape or form involved in the medical industry and not know how HIPAA works? No you can't post stuff about your patience on random internet forums.
    • What do you mean 'I can't post stuff about my patience'? I'm really starting to lose my patients over this nonsense!
    • by cstacy ( 534252 ) on Friday April 01, 2022 @11:45PM (#62410142)

      How is this even news? How can you be in any way shape or form involved in the medical industry and not know how HIPAA works?

      It's news because (a) it's so blatant, and if it happened this once, it isn't the first or last time, so it helps the public be aware that it can happen (b) if you're on the receiving end of this news, because you're just J.R.Public ,it helps educate you about what HIPPA really says, and alerts you to the risk and (c) it is useful to see that HIPPA is sometimes enforced, and how that goes.

    • Re: (Score:1, Troll)

      by Narcocide ( 102829 )

      Basically they have numerous monetary and logistical incentives to play dumb about the law so they can sell our data in bulk to Google. As someone who has worked making software for these jackasses, I'm not any sort of freshly outraged by this. It has been going on for years, blatantly, and out in the open. But it's still not common knowledge amongst the public, apparently.

    • Its useful even if just to let people know how HIPPA *actually* works. (Ie its very specific about who can do what and what they can do).

      Oh and fun fact: On friday night when your doctor is having beer with his friends, he is totally violating your HIPPA privacy and telling them about that ridiculous attempt at trying to cite HIPPA as an excuse not to wear a mask in his surgery. And your lawyer is probably violating his client confidentially laughing to his friends about your rebuffed request to sue over i

  • The Specifics (Score:3, Informative)

    by Steel_viper ( 462121 ) on Friday April 01, 2022 @10:07PM (#62410012) Homepage

    --In the post, he used the patient's full name:
    This bit is PII (personally identifiable information). It's technically also PHI.

    --and described, in detail, the specific dental problem he was in for: "excruciating pain" from the lower left quadrant, which resulted in a referral for a root canal.
    This bit is PHI (protected health information)

    So yeah. Double whammy.

  • Of course posting patient details is a serious ethical and HIPPA violation. Acting with prejudice towards the (potentially) diseased, even communicable (HIV) is a violation of the ADA ... not the computer language, the Americans with Disabilties Act.

    • Prejudice, yes.

      However, current EEOC guidance says that a bona fide demand that someone be vaccinated, or show proof that they are not infected is perfectly fine.
      Sauce. [eeoc.gov]

      The ADA requires that any mandatory medical test of employees be “job related and consistent with business necessity.” Applying this standard to the current circumstances of the COVID-19 pandemic, employers may take screening steps to determine if employees entering the workplace have COVID-19 because an individual with the virus will pose a direct threat to the health of others.

    • Acting with prejudice towards the (potentially) diseased, even communicable (HIV) is a violation of the ADA

      For something like HIV, sure, because it isn't communicable to someone who's just working near you. Something like measles, though, is not a disability, and your employer can tell you to stay home.

  • The review ecosystem has become pretty useless. It hadn't so much shone a light on businesses delivering shoddy service as it has demonstrated what petty, pinheaded pissants the consumers often become when given a platform. There's no way of knowing from a review if the restaurant's gumbo is actually bad, or the reviewer asked the waitress for a date and she declined.

  • Fined? (Score:4, Insightful)

    by cloud.pt ( 3412475 ) on Saturday April 02, 2022 @08:16AM (#62410718)

    This shouldn't be a fine, it should be compensation to the patient who got their health information leaked

  • ...is that you have to be skeptical when reading online reviews of doctors. You should read them, I guess (I always do), but you have to remember that the doctor isn't allowed to give his/her side of the story.

    Here's an extreme example: I met a new patient a while back, who came in to my office requesting high doses of multiple controlled substances. A check of the pharmacy records showed me that they were getting multiple prescriptions from multiple doctors already. When I refused to give them the medic

  • It's okay for a patient to commit libel against a doctor and the doctor has no recourse?
    • by znrt ( 2424692 )

      no, how did you come to that conclusion?

      there is the same recourse as for any such offence: suing and hopefully getting it taken down and possibly a reparation. this is what any normally smart person would do if even bothered, but not the doctor in the story who went full online psycho.

      if you can't sue for libel then it's probably because it isn't libel, and unfavorable opinions are just part of the game and need to be allowed. it sucks that the doctor can't even challenge the opinion publicly online but th

Consider the postage stamp: its usefulness consists in the ability to stick to one thing till it gets there. -- Josh Billings

Working...