Writing Google Reviews About Patients Is Actually a HIPAA Violation

"According to The Verge, health providers writing Google reviews about patients with identifiable information is a HIPAA violation," writes Slashdot reader August Oleman. From the report: In the past few years, the phrase 'HIPAA violation' has been thrown around a lot, often incorrectly. People have cited the law, which protects patient health information, as a reason they can't be asked if they're vaccinated or get a doctor's note for an employer. But asking someone if they're vaccinated isn't actually a HIPAA violation. That's a fine and not-illegal thing for one non-doctor to ask another non-doctor. What is a HIPAA violation is what U. Phillip Igbinadolor, a dentist in North Carolina, did in September 2015, according to the Department of Health and Human Services. After a patient left an anonymous, negative Google review, he logged on and responded with his own post on the Google page, saying that the patient missed scheduled appointments. [...] In the post, he used the patient's full name and described, in detail, the specific dental problem he was in for: "excruciating pain" from the lower left quadrant, which resulted in a referral for a root canal. That's what a HIPAA violation actually looks like. The law says that healthcare providers and insurance companies can't share identifiable, personal information without a patient's consent. In this case, the dentist (a healthcare provider) publicly shared a patient's name, medical condition, and medical history (personal information). As a result, the office was fined $50,000 (PDF).

Read more of this story at Slashdot.