Up to now few years, the phrase “HIPAA violation” has been thrown round quite a bit, usually incorrectly. Folks have cited the regulation, which protects affected person well being data, as a cause they will’t be requested in the event that they’re vaccinated or get a physician’s word for an employer.
However asking somebody in the event that they’re vaccinated isn’t truly a HIPAA violation. That’s a advantageous and not-illegal factor for one non-doctor to ask one other non-doctor. What is a HIPAA violation is what U. Phillip Igbinadolor, a dentist in North Carolina, did in September 2015, in accordance with the Division of Well being and Human Providers. After a affected person left an nameless, destructive Google evaluation, he logged on and responded together with his personal submit on the Google web page, saying that the affected person missed scheduled appointments. “Does he deserve any score as a affected person? Not even one star,” Igbinadolor wrote, in accordance with the discover of proposed willpower outlining the violation. (For the curious, the redacted HIPAA-violating Google submit is on web page 3.)
Within the submit, he used the affected person’s full title and described, intimately, the precise dental drawback he was in for: “excruciating ache” from the decrease left quadrant, which resulted in a referral for a root canal.
That’s what a HIPAA violation truly seems like. The regulation says that healthcare suppliers and insurance coverage corporations can’t share identifiable, private data with no affected person’s consent. On this case, the dentist (a healthcare supplier) publicly shared a affected person’s title, medical situation, and medical historical past (private data). Consequently, the workplace was fined $50,000.
This isn’t an unusual prevalence: a 2016 ProPublica investigation discovered that medical doctors often embody particulars about sufferers’ well being in response to destructive Yelp opinions. And in 2019, one other dentist was fined $10,000 for placing the knowledge of a number of sufferers on Yelp.
The Workplace for Civil Rights on the Division of Well being and Human Providers, which enforces HIPAA, requested to see Igbinadolor’s workplace’s inner insurance policies and procedures round private well being data and social media. As of fall 2020, the workplace hadn’t supplied something. The workplace ought to most likely implement one simple coverage to maintain one thing like this from occurring once more: even when a affected person is annoying, by no means submit.