A dental practice out of Dallas, Texas has recently agreed to pay the Office for Civil Rights (OCR) $10,000 for a slip-up on one of their social media accounts.
The HHS OCR article claims, the practice responded to a social media review and disclosed a patient’s last name and details of the patient’s health condition. It was later discovered that the practice has disclosed multiple patient’s protected health information (PHI) on their Yelp review page. After investigation, it was released that the practice did not have policy and procedures or a Notice of Privacy Practice in place.
In addition to the monetary settlement, the private practice is required to adopt a corrective action plan with two years of OCR monitoring.
Are your policies and procedures actionable and in plain language allowing employees to easily understand what patient information must be kept confidential?
Are your employees regularly trained on the HIPAA Privacy Rules to ensure a clear understanding of what is considered protected health information (PHI) and how it may be used?
TAKE AWAYS:
Develop Actionable policies and procedures that clearly outline disclosures of PHI to ensure that its social media interactions protect the PHI of its patients.
Ensure employees are enrolled in HIPAA privacy training and questions about the HIPAA Privacy Rule are answered so that there isn’t any confusion.
Verify that your practice has Notice of Privacy Practices that complied with the HIPAA Privacy Rule.
Complete a Security Risk Assessment and establish a Corrective Action Plan that is easy to understand, and remediate any potential risks or vulnerabilities.
Take advantage of our free Organization Assessment to understand your immediate compliance needs!
Contact Jim Johnson at jim@livecompliance.com or at (980) 999-1585