Watch out for these HIPAA violations in online reviews

When most physicians think of the Health Insurance Portability and Accountability Act (HIPAA), their immediate thought is a data breach. But they should also be keenly aware that they can violate the federal law simply by replying to a negative online review. 

 

Related: Cybersecurity finally becoming healthcare priority

 

Most physicians are familiar with Yelp. Besides being the leading crowd-sourced rating site for restaurants, hotels and just about anything consumers want to buy, Yelp is host to healthcare reviews.   

Some patients complain about repeated lengthy wait times to see their doctor. Others criticize their doctor for what they consider to be unnecessary and expensive diagnostic tests, or they complain about the doctor’s poor bedside manner.

Doctors often defend themselves and their practice if they receive a negative review, replying to a comment or bad rating, or carrying on a dialogue with the patient reviewer. But this interaction can potentially expose personal medical information, resulting in a HIPAA violation.

 

Further reading: Should physicians share their notes with patients? 

 

For example, a patient with painful scoliosis complains about the long wait to see a neurosurgeon for spinal surgery, and gives the doctor a one-star rating. Even if the patient discloses his diagnosis, the surgeon is in violation of HIPAA if he responds by advising the patient to get an MRI before scheduling an appointment.

Proper etiquette for responding to negative reviews

 

Stake your claim

For review sites like Yelp, doctors should start by searching the site to find out if anyone has reviewed them on an unclaimed page. They can claim it as their profile page and take control of it, or create a new page.

Internal server error