Stung By Yelp Reviews, Health Providers Spill Patient Secrets

from the HIPAA-HIPAA dept

Burned by negative reviews, some health providers are casting their patients' privacy aside and sharing intimate details online as they try to rebut criticism.

In the course of these arguments -- which have spilled out publicly on ratings sites like Yelp -- doctors, dentists, chiropractors and massage therapists, among others, have divulged details of patients' diagnoses, treatments and idiosyncrasies.

One Washington state dentist turned the tables on a patient who blamed him for the loss of a molar: "Due to your clenching and grinding habit, this is not the first molar tooth you have lost due to a fractured root," he wrote. "This tooth is no different."

In California, a chiropractor pushed back against a mother's claims that he misdiagnosed her daughter with scoliosis. "You brought your daughter in for the exam in early March 2014," he wrote. "The exam identified one or more of the signs I mentioned above for scoliosis. I absolutely recommended an x-ray to determine if this condition existed; this x-ray was at no additional cost to you."

And a California dentist scolded a patient who accused him of misdiagnosing her. "I looked very closely at your radiographs and it was obvious that you have cavities and gum disease that your other dentist has overlooked. ... You can live in a world of denial and simply believe what you want to hear from your other dentist or make an educated and informed decision."

Health professionals are adapting to a harsh reality in which consumers rate them on sites like Yelp, Vitals and RateMDs much as they do restaurants, hotels and spas. The vast majority of reviews are positive. But in trying to respond to negative ones, some providers appear to be violating the Health Insurance Portability and Accountability Act, the federal patient privacy law known as HIPAA. The law forbids them from disclosing any patient health information without permission.

Yelp has given ProPublica unprecedented access to its trove of public reviews -- more than 1.7 million in all -- allowing us to search them by keyword. Using a tool developed by the Department of Computer Science and Engineering at the NYU Polytechnic School of Engineering, we identified more than 3,500 one-star reviews (the lowest) in which patients mention privacy or HIPAA. In dozens of instances, responses to complaints about medical care turned into disputes over patient privacy.

The patients affected say they've been doubly injured -- first by poor service or care and then by the disclosure of information they considered private.

The shock of exposure can be effective, prompting patients to back off.

"I posted a negative review" on Yelp, a client of a California dentist wrote in 2013. "After that, she posted a response with details that included my personal dental information. … I removed my review to protect my medical privacy."

The consumer complained to the Office for Civil Rights within the U.S. Department of Health and Human Services, which enforces HIPAA. The office warned the dentist about posting personal information in response to Yelp reviews. It is currently investigating a New York dentist for divulging personal information about a patient who complained about her care, according to a letter reviewed by ProPublica.

The office couldn't say how many complaints it has received in this area because it doesn't track complaints this way. ProPublica has previously reported about the agency's historic inability to analyze its complaints and identify repeat HIPAA violators.

Deven McGraw, the office's deputy director of health information privacy, said health professionals responding to online reviews can speak generally about the way they treat patients but must have permission to discuss individual cases. Just because patients have rated their health provider publicly doesn't give their health provider permission to rate them in return.

"If the complaint is about poor patient care, they can come back and say, 'I provide all of my patients with good patient care' and 'I've been reviewed in other contexts and have good reviews,' " McGraw said. But they can't "take those accusations on individually by the patient."

McGraw pointed to a 2013 case out of California in which a hospital was fined $275,000 for disclosing information about a patient to the media without permission, allegedly in retaliation for the patient complaining to the media about the hospital.

Yelp's senior director of litigation, Aaron Schur, said most reviews of doctors and dentists aren't about the actual health care delivered but rather their office wait, the front office staff, billing procedures or bedside manner. Many health providers are careful and appropriate in responding to online reviews, encouraging patients to contact them offline or apologizing for any perceived slights. Some don't respond at all.

"There's certainly ways to respond to reviews that don't implicate HIPAA," Schur said.

In 2012, University of Utah Health Care in Salt Lake City was the first hospital system in the country to post patient reviews and comments online. The system, which had to overcome doctors' resistance to being rated, found positive comments far outnumbered negative ones.

"If you whitewash comments, if you only put those that are highly positive, the public is very savvy and will consider that to be only advertising," said Thomas Miller, chief medical officer for the University of Utah Hospitals and Clinics.

Unlike Yelp, the University of Utah does not allow comments about a doctor's medical competency, and it does not allow physicians to respond to comments.

In discussing their battles over online reviews, patients said they'd turned to ratings sites for closure and in the hope that their experiences would help others seeking care. Their providers' responses, however, left them with a lingering sense of lost trust.

Angela Grijalva brought her then 12-year-old daughter to Maximize Chiropractic in Sacramento, Calif., a couple years ago for an exam. In a one-star review on Yelp, Grijalva alleged that chiropractor Tim Nicholl led her daughter to "believe she had scoliosis and urgently needed x-rays, which could be performed at her next appointment. … My daughter cried all night and had a tough time concentrating at school."

But it turned out her daughter did not have scoliosis, Grijalva wrote. She encouraged parents to stay away from the office.

Nicholl replied on Yelp, acknowledging that Grijalva's daughter was a patient (a disclosure that is not allowed under HIPAA) and discussing the procedures he performed on her and her condition, though he said he could not disclose specifics of the diagnosis "due to privacy and patient confidentiality."

"The next day you brought your daughter back in for a verbal review of the x-rays and I informed you that the x-rays had identified some issues, but the good news was that your daughter did not have scoliosis, great news!" he recounted. "I proceeded to adjust your daughter and the adjustment went very well, as did the entire appointment; you made no mention of a 'misdiagnosis' or any other concern."

In an interview, Grijalva said Nicholl's response "violated my daughter and her privacy."

"I wouldn't want another parent, another child to go through what my daughter went through: the panic, the stress, the fear," she added.

Nicholl declined a request for comment. "It just doesn't seem like this is worth my time," he said. His practice has mixed reviews on Yelp, but more positive than negative.

A few years ago, Marisa Speed posted a review of North Valley Plastic Surgery in Phoenix after her then–3-year-old son received stitches there for a gash on his chin. "Half-way through the procedure, the doctor seemed flustered with my crying child. ...," she wrote. "At this point the doctor was more upset and he ended up throwing the instruments to the floor. I understand that dealing with kids requires extra effort, but if you don't like to do it, don't even welcome them."

An employee named Chase replied on the business's behalf: "This patient presented in an agitated and uncontrollable state. Despite our best efforts, this patient was screaming, crying, inconsolable, and a danger to both himself and to our staff. As any parent that has raised a young boy knows, they have the strength to cause harm."

Speed and her husband complained to the Office for Civil Rights. "You may wish to remove any specific information about current or former patients from your Web-blog," the Office for Civil Rights wrote in an October 2013 letter to the surgery center.

In an email, a representative of the surgery center declined to comment. "Everyone that was directly involved in the incident no longer works here. The nurse on this case left a year ago, the surgeon in the case retired last month, and the administrator left a few years ago," he wrote.

Reviews of North Valley Plastic Surgery are mixed on Yelp.

Health providers have tried a host of ways to try to combat negative reviews. Some have sued their patients, attracting a torrent of attention but scoring few, if any, legal successes. Others have begged patients to remove their complaints.

Jeffrey Segal, a one-time critic of review sites, now says doctors need to embrace them. Beginning in 2007, Segal's company, Medical Justice, crafted contracts that health providers could give to patients asking them to sign over the copyright to any reviews, which allowed providers to demand that negative ones be removed. But after a lawsuit, Medical Justice stopped recommending the contracts in 2011.

Segal said he has come to believe reviews are valuable and that providers should encourage patients who are satisfied to post positive reviews and should respond -- carefully -- to negative ones.

"For doctors who get bent out of shape to get rid of negative reviews, it's a denominator problem," he said. "If they only have three reviews and two are negative, the denominator is the problem. ... If you can figure out a way to cultivate reviews from hundreds of patients rather than a few patients, the problem is solved."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter. Reposted from ProPublica via its CC-BY-NC-ND license.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    dogwitch (profile), 1 Jun 2016 @ 12:57pm

    still wrong to do

    even if your mad. this was wrong on every level.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2016 @ 1:06pm

    If you look at the Maximize Chiropractic case, it doesn't seem that what the business posted impacted privacy any more than what the parent had already posted. Are we really going to say it's a violation of privacy for a doctor to confirm what's already been posted? Are we really going to claim that when someone posts "I went to this chiropractor" for the whole world to see, and the chiropractor says "yes, that's true", the chiropractor is violating that person's privacy? That's ridiculous.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2016 @ 1:23pm

      Re:

      Are we really going to claim that when someone posts "I went to this chiropractor" for the whole world to see, and the chiropractor says "yes, that's true", the chiropractor is violating that person's privacy? That's ridiculous.
      How would the chiropractor know whether it was really the patient that posted it? I could easily post under someone else's name to try to find out whether they're a patient.

      reply to this | link to this | view in chronology ]

    • icon
      SirWired (profile), 1 Jun 2016 @ 1:29pm

      There's a reason you can't confirm treatment

      You cannot confirm that a patient was/was not treated by a specific practice (much less discuss what treatments were provided) because you have no way of knowing that the person that posted the review was the patient (or parent.)

      For instance: I want to know if so-and-so has been treated by a particular psychiatrist because I'm a creepy stalker or paparazzi, but there are several docs in the same building. I post a review posing as the patient and say something strongly negative, yet not libelous. Doc responds by saying "Yes, we saw you, but that is not how I remember our interaction." Boom! Now you know the patient is under the care of a shrink. Or maybe it's an OB/GYN. Or a cancer specialist. Or an AIDS doc. Or a fertility clinic.

      reply to this | link to this | view in chronology ]

    • icon
      Keroberos (profile), 1 Jun 2016 @ 1:48pm

      Re:

      Yes we are going to say that it is a violation of privacy. Healthcare providers are bound by law to protect patient privacy regardless of what the patient reveals. This is as it should be. A patient's privacy is their own concern--if they want to reveal something, this is their right. This does not--and should not--give healthcare providers permission to do the same.

      This is just a basic customer service issue, if a patient was dissatisfied with the service enough to post online about it--no amount of rebuttal is going to fix it. Either ignore it and move on or apologize that the patient had a bad experience. anything else is pointless and makes you look childish.

      reply to this | link to this | view in chronology ]

      • identicon
        Andy, 1 Jun 2016 @ 8:03pm

        Re: Re:

        So the doctors should just accept that there are people spreading complete lies about them on review sites. Nonsense a doctor has the right to correct someone if they instigated a public debate and a review is a debate if the person it is attacking believes it is nothing but a lie, or should doctors have a special court to sue those that try to abuse the power of reviews to belittle there practice.

        Come on if someone posts there details online than the doctor has the full right to say that the person is not being honest and point out where they are lying.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 1 Jun 2016 @ 8:44pm

          Re: Re: Re:

          Since many of the doctors, dentists and other health professionals are highly trained quacks, any lies that are being spread about them come from their professional societies. They have less concern for patient well-being than getting a premium fee from the patient for just looking at them.

          It has taken years to find an adequate family physician (in point of fact, probably the best I have come across in many years) that when he moved from the former practice to his own in another township, we followed him there. Not only us but most of the patients that he had been treating followed him there.

          His former colleagues are a bunch of arrogant relatively incompetent physicians (certainly the owners of the practice have only one concern - to make the biggest profit they can). They expect to be treated as superior citizens, far above socially the cretins that they treat.

          So, any lies being spread generally won't be coming from the patients of said health professionals, but from the health professionals themselves.

          It is an unfortunate fact of reality that most health professionals and law professionals are worth less than the paper on which their degrees are printed.

          reply to this | link to this | view in chronology ]

        • icon
          Keroberos (profile), 2 Jun 2016 @ 6:41am

          Re: Re: Re:

          Nope. A customer service review is by its very nature subjective, and is correct in the point of view of the customer giving it. A review site is an inappropriate venue to engage in a dispute with a dissatisfied customer, regardless of the merits (or lack thereof) of the complaint. The only good outcome you can get by engaging in these reviews is by apologizing, reiterating your desire to provide good service, and leaving it at that.

          If the review is from a lying troll, do you really think the doctor would or could fix anything by arguing about it?

          reply to this | link to this | view in chronology ]

    • icon
      amoshias (profile), 1 Jun 2016 @ 1:48pm

      Re:

      I'm sorry, why is that ridiculous? Because I don't see it.

      The simple fact is, it's MY medical information. *I* am allowed to share it if I want. *YOU* - the person I entrust it to, because as a society we WANT people to trust their doctors so the doctors can do their jobs - are *NOT* allowed to, except to the minimum extent necessary for you to do the job I'm paying you to do. Simple, straightforward rule.

      I wish this rule were in place in other areas of my life. My internet data, my cellular location data, etc, etc - IT'S NOT YOUR DATA. I let you use it because in order to [have cell service, use the internet] I have no choice.

      The idea that you want to WEAKEN this minimal protection - that you seem to think that just because I hurt a doctor's feelings he should be able to share something of mine... I honestly don't know how that makes sense to you. But here's the simplest angle possible - when you go to the doctor, do you really want to have to think about everything you're saying and not saying - to give the doctor the minimal information possible, maybe missing something important, because you don't want the doctor to be able to tell people in the future?

      No. Of course not. That makes no sense. So the rule is, doctors keep their mouths shut, no matter what, even if someone hurts their feelings. Making that rule more complicated just doesn't make any sense. Don't believe me? Well, if you scroll up a bit, there's a whole article about a bunch of doctors who couldn't even follow that really, really simple rule...

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Jun 2016 @ 2:31pm

        Re: Re:

        > So the rule is, doctors keep their mouths shut, no matter what, even if someone hurts their feelings.

        > The simple fact is, it's MY medical information.

        And from the article...

        In a one-star review on Yelp, Grijalva alleged that chiropractor Tim Nicholl led her daughter to "believe she had scoliosis and urgently needed x-rays, which could be performed at her next appointment. ..."

        But it turned out her daughter did not have scoliosis, Grijalva wrote. ...

        "The next day you brought your daughter back in for a verbal review of the x-rays and I informed you that the x-rays had identified some issues, but the good news was that your daughter did not have scoliosis, great news!" [Nicholl] recounted.


        To this extent,
        1) the mother publicly claimed the doctor-patient connection
        2) ... and specifics of the diagnosis and treatment.

        At this point in the conversation, that medical data is no longer private. It may be yours, but you've given the world permission to discuss it.

        What you're really asking for here, with your "my medical information is private" line, is the opportunity to defame someone (or, perhaps, praise them) without offering them a rebuttal.

        Having said that, the preceding argument ("You have no way of knowing that the poster was the patient") is more relevant, but the premise there too is false. Doctors, too, have telephones and email access. They also have sufficient information to inquire.

        The trick is, doing so, and rebutting in a fashion that does not expose MORE information.

        reply to this | link to this | view in chronology ]

        • icon
          SirWired (profile), 1 Jun 2016 @ 2:38pm

          Re: Re: Re:

          SOMEBODY claimed the doctor-patient connection and volunteered some treatment details. That's STILL not any sort of authentication that somebody authorized to do so is doing the posting.

          Without a signed specific release from the patient (as in, not some generic document generated during the initial check-in paperwork), HIPAA specifically prohibits acknowledging anything. Period.

          reply to this | link to this | view in chronology ]

          • icon
            JoeCool (profile), 1 Jun 2016 @ 4:21pm

            Re: Re: Re: Re:

            In that case, the review should be pulled from the site until the poster proves they actually went to the doctor and received service of some sort. You can't have it both ways - either the post can't be confirmed, in which case it's libel, or it's confirmed, in which case privacy is lost in return for the negative review.

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 1 Jun 2016 @ 4:25pm

            Re: Re: Re: Re:

            SOMEBODY claimed the doctor-patient connection and volunteered some treatment details. That's STILL not any sort of authentication that somebody authorized to do so is doing the posting.


            A lot of people made that point. But the only people who could have known these details were the doctor, and the person claiming to be the patient. Unless the patient told a third party who then posted the details publicly, in which case privacy is out the window anyway.

            You're also talking about a hypothetical. In this PARTICULAR case, the doctor was NOT wrong about the identity of the poster. This is like arresting a bartender because he didn't card a 29 year old - you can say he should have been more careful, but in the end he was right.

            Without a signed specific release from the patient (as in, not some generic document generated during the initial check-in paperwork), HIPAA specifically prohibits acknowledging anything. Period.


            To the extent that is true, HIPAA is a stupid law. Of course, in reality it isn't as strict as that.

            reply to this | link to this | view in chronology ]

      • identicon
        Andy, 1 Jun 2016 @ 8:13pm

        Re: Re:

        It is not about hurting there feelings these people that are blatantly lying about there experience or the treatment they got are actively going online in an attempt to prevent others from doing business with that doctor, yes there are many cases of doctors doing wrong but when a doctor can show he did nothing wrong and the person is lying then i feel he should , and no it is not only your data that data is sold to many and many use it to contact you for various reasons.

        This seriously undermines doctors and dentists and other professionals and opens them up to ridicule for not other treason than most Americans are so uneducated they cannot understand what someone says even if that person explains like he is talking to a five year old.

        reply to this | link to this | view in chronology ]

        • icon
          Whatever (profile), 1 Jun 2016 @ 8:36pm

          Re: Re: Re:

          You have hit the magic sort of logical knot that Techdirt usually addressed in a simple manner:

          "suck it up, it's the internet".

          There seems to be an odd belief that these sorts of websites are a one way system, that the public can write almost anything, and the people on the other end just have to suck it up. Moreover, comments posted "anonymously" (with a nickname, example) would be difficult to take action about, as the site owners could easily claim their section 230 immunity and also refuse the divulge information in regards to the poster. It's the perfect legal fortress from which people can post lies and falsehoods about a doctor or dentist, without much fear of reprisal.

          Nobody seems to have a problem with this. Yes there are bad doctors and bad dentists - but there are also bad patients.

          I personally think that once someone posts public information about their treatment, they have pretty much given up the right to privacy on the subject, especially if they are making allegations of wrongdoing or poor care. At that point, the doctor / dentist should be free to answer and post any or all information in order to clear their name in the public forum.

          If the griping patient doesn't like it, they can file a lawsuit - but they need to remember that ALL of their posts would be part of the discussion, and a lawsuit would be an admission that those statements were theirs. Perhaps the doctors are just trying to bait people into the open so they can sue them into the ground.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 2 Jun 2016 @ 6:01pm

            Re: Re: Re: Re:

            There seems to be an odd belief that these sorts of websites are a one way system, that the public can write almost anything, and the people on the other end just have to suck it up

            It's the perfect legal fortress from which people can post lies and falsehoods

            Funny you should say that...

            reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 1 Jun 2016 @ 8:48pm

          Re: Re: Re:

          If doctors and dentists were actually competent enough they would be able to explain to their patients what is happening to them. If some can do it then (with their extensive training, all of them should be able to do so). many deserve the ridicule they get, no less than any other profession.

          Many doctors can show they did nothing wrong because they actually did NOTHING instead of actually doing something effective.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 2 Jun 2016 @ 12:07am

            Re: Re: Re: Re:

            You are making the mistaken assumption that people can always be convinced of the truth by persuasive arguments. In many of these cases, the problem is not the professional approach to their patients, but rather the patients mistaken beliefs about what happened to them.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 2 Jun 2016 @ 3:07am

              Re: Re: Re: Re: Re:

              Sorry, the problem is with the professionals and their approach to patients. I have observed enough interactions (including as a patient) to recognise that many of these so-called professionals are simply incapable of interacting with any measure of respect and consideration with their patients.

              When you do find a professional who does interact with respect and consideration, it is stands out extraordinarily.

              Most specialists I have had anything to do with have be real prigs as have been many of the doctors I have had to deal with over the years. They commonly exhibit a high degree of arrogance towards their patients and treat their patients as idiots and lower life-forms.

              At one point I was so sick of the arrogance I was ready to punch out the next specialist who treated my wife with any sort of disrespect. The next specialist (who unfortunately died some years ago) answered any questions I raised as if my wife had asked them, didn't respond to me or even looked at me. I was the appendage and my wife (who he was treating) was the important one. His attitude was so striking that I still talk about it to people today about how good he was and this occurred 20 years ago. His focus was always on the patient and he did every thing possible to explain what was happening and what the required treatments were as well as all the consequences. You don't get many who are like that. This particular specialist was one of the top two (if not the top) in the world at the time.

              Professionals of all stripes generally treat women as lower life-forms for starters and treat anyone not in their area of expertise as idiots. It annoyed me so much that, in my own professional career, I have endeavoured to treat everyone equally and with respect. Not that I have always succeeded but I certainly keep it mind.

              Convincing people of the "truth" of any matter is never guaranteed. Particularly, if the person in question is a subject matter expert and can't see past their own limited set of knowledge. Though, it does happen and there can be some very surprising results come out of it. Desalination plant engineers are one such group, you can teach a young dog new tricks.

              reply to this | link to this | view in chronology ]

          • identicon
            Dr. Killdare, 2 Jun 2016 @ 9:23am

            Re: Re: Re: Re:prognosis poor

            "Many doctors can show they did nothing wrong because they actually did NOTHING instead of actually doing something effective."

            I'm sorry for your loss, now get over it.

            reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Jun 2016 @ 7:30am

      Re:

      HIPPA would say YES

      reply to this | link to this | view in chronology ]

  • identicon
    Jason, 1 Jun 2016 @ 1:30pm

    Are we really going to claim that when someone posts "I went to this chiropractor" for the whole world to see, and the chiropractor says "yes, that's true", the chiropractor is violating that person's privacy?
    Basically, yes. The article says it plainly:
    Nicholl replied on Yelp, acknowledging that Grijalva's daughter was a patient (a disclosure that is not allowed under HIPAA)...(emphasis mine)
    It doesn't matter if it's merely confirming something the patient has already revealed, the doctor isn't allowed to do that.

    reply to this | link to this | view in chronology ]

    • identicon
      TripMN, 1 Jun 2016 @ 1:46pm

      Re:

      This is good security in general... not confirming or denying information from an untrusted source.

      I build websites for a living and one of the major security vulnerabilities that a lot of sites have is 'user listing'. A major vector for this is sites who on incorrect login give different responses depending on if the username is in the system (and the password doesn't match) or not. If given the time to iterate possibilities, I can tell you who all the users of that company are. Its even more useful if email address are used as usernames.

      reply to this | link to this | view in chronology ]

    • icon
      Violynne (profile), 1 Jun 2016 @ 2:06pm

      Re:

      Basically, yes. The article says it plainly:
      If you read it again, that's not what it says.

      An acknowledgement of information released by a patient is not a HIPAA violation.

      Had the provider made this acknowledgement without prior patient statement, then yes, a violation did occur.

      I'd need to see the Yelp review in question before I can make the actual determination.

      It's unfortunate that HIPAA was another law rushed without regarding the consequences. The changes of the past few years has made it more and more difficult to speak about anything regarding patient data outside of a hermetically sealed, padded, sound-proof room and it's getting atrocious.

      I'm all for protecting one's privacy, but an email address is not a privacy violation, yet it's one of the key words tagged for "privacy info" in a growing list of absurdity.

      Providers should take extreme care to mention any information that may be patient related and stick to using generic replies.

      I also feel patients should be forced to waive their rights if they make these same privacy-ending remarks on any site to which the provider shares.

      What's good for the goose...

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Jun 2016 @ 4:02pm

        Re: Re:

        Problem is, they have no idea if it's the patient or not. Therefore it's a HIPPA violation.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Jun 2016 @ 12:37pm

        Re: Re:

        Agreed thatwith out the original yelp review and the response, there's just not enough information, but in this case, the it sounds like the system actually worked as intended:

        "The consumer complained to the Office for Civil Rights within the U.S. Department of Health and Human Services, which enforces HIPAA. The office warned the dentist about posting personal information in response to Yelp reviews."

        A possible breach of PHI (HIPAA Violation) was reported to OCR, who investigated, (apparently) determined that a breach occurred, and subsequently instituted a sanction proportional to the severity of the breach - in this case, a minor reprimand with no (reported) financial penalty.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2016 @ 1:30pm

    Great.....i trust them less today then i did yesterday

    Well done privacy advocates, nice to know you mean it, and are not flapping your lips around

    (Im implying you are infact flapping your big fat lips around)

    If you cant safeguard our privacies both morally with conviction, and technically, then what fucking right do you have to ask it of us in a world of legal, LEGAL for christ sake, mass surveillance


    Actually, PERCIEVED legality, accustomed legality, retroactive legality i.e. illegal, MY verdict, Mr dictator

    The only thing being represented today are companies and money......and maybe that elmo from off that sesami street......im kidding offcourse, money's not been legally declared a person yet

    reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 1 Jun 2016 @ 1:50pm

    Grammar nitpicking

    ProPublica has previously reported about the agency's historic inability to analyze its complaints and identify repeat HIPAA violators.

    Historic: history-making. One for the record books.
    Historical: having to do with past data, such as a track record.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2016 @ 2:04pm

    I'm no expert on the law but isn't disclosing the medical records of patients a violation of HIPAA?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Jun 2016 @ 12:53pm

      Re:

      It's only a breach under HIPAA, if the provider in question is a Covered Entity or the Business Associate of a Covered Entity as defined by HIPAA (and expanded by HITECH) _and_ the disclosure doesn't fall within one of the many authorized disclosures defined in the statute.

      Also, not every doctor/medical practitioner in the US is a covered entity under HIPAA. Case in point: team doctor's in the NFL generally aren't covered entities, which is why the team is able to discuss $QB's latest torn ACL without OCR getting involved every week.

      So, if you give your kids medical records to the scout leader, and they post them online, it's not illegal for them to do so under HIPAA/HITECH. It _might_ be illegal under a variety of state/local statues, and it would definitely be a dick move for them to do so, but it wouldn't be a HIPAA violation.

      reply to this | link to this | view in chronology ]

  • identicon
    Andy, 1 Jun 2016 @ 7:58pm

    What the F$%£

    You want to complain but do not want to allow the doctors to rebut your lies online well too bad i support the doctors .dentists in this 100%

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2016 @ 8:52pm

      Re: What the F$%£

      Since it is extremely difficult to actually take action against any doctor for incompetency, then it should be possible to lambaste them appropriately in all sorts of arena's.

      They are so status hungry that they should have a dose of reality on a regular basis.

      If he or she is competent then they will have support from their patients, but of they are not, then future patients should be warned appropriately.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2016 @ 11:12pm

      Re: What the F$%£

      Honestly if a doctor is sufficiently competent and reasonable it wouldn't be too hard to rebut the claims.

      For reference, look up the case of Stacy Makhnevich. After she chose to harass her patients with no-criticism contracts and got called out for it, she tucked her tail between her legs and ran like hell.

      I'll take the occasional slander against a doctor or dentist, which can be easily disproved if they're worth their salt, over letting an incompetent chucklefuck anywhere near my body.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Jun 2016 @ 1:19am

      Re: What the F$%£

      Yes, except as has been pointed out numerous times, it's illegal for healthcare professionals to rebut claims in the way you want. So one last time, tough shit what you want, it's the law.

      reply to this | link to this | view in chronology ]

    • icon
      crade (profile), 2 Jun 2016 @ 12:28pm

      Re: What the F$%£

      I agree, so much for being being allowed to respond to criticism. You are muzzled from refuting lies told about you and your business.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 Jun 2016 @ 3:57pm

        Re: Re: What the F$%£

        You are free to file a defamation suit. Or free to say anything that doesn't include federally protected health information. So yeah if you don't like the law, go buy a congressmen to rewrite for you.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Jun 2016 @ 5:05am

    Re: "but must have permission to discuss individual cases"

    Of course that doesn't apply to ISP's who sniff their customers content when they are surfing on WebMD and Wikipedia. They can sell that to advertisers all they want. Why should doctors be any different? (rhetorical question)

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Jun 2016 @ 12:57pm

      Re: Re: "but must have permission to discuss individual cases"

      Your ISP isn't a Covered Entity under HIPPA. Neither is Wikipedia. And while I'd have to confirm it, I'd bet WebMD isn't a covered entity either.

      So yes, that information is pretty much fair game, from a HIPAA perspective.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.