Governance & Risk Management , Healthcare , HIPAA/HITECH

Psychiatry Practice Fined for Posting PHI Online

HHS Settlement Is Latest Involving Negative Social Media Responses
Psychiatry Practice Fined for Posting PHI Online
Image: Shutterstock

Federal regulators fined a New Jersey psychiatric care provider after it disclosed patient information online in response to negative online reviews.

See Also: 6 Healthcare Industry Prescriptions | Curing Your Contact Center Data Security Epidemic

Manasa Health Center will pay $30,000 and implement a corrective action plan to settle potential HIPAA violations, the Department of Health and Human Services disclosed Monday in a settlement reached with practice owner Dr. Nidagalle Gowda.

The settlement resolves an April 2020 complaint alleging that Manasa disclosed specific information regarding a patient's diagnosis and treatment of a mental health condition while responding to the individual's online review.

HHS OCR said its investigation found three additional disclosures of patient information. Manasa is not admitting guilt of violating HIPAA under the terms of the settlement.

It nonetheless will implement a corrective action plan that includes revising its privacy practices and procedures and submitting those to the agency for approval.

Once HHS approves the practice's HIPAA privacy policies and procedures, Manasa must distribute them to its workforce and provide staff with related training.

The practice must also issue breach notices to all individuals whose PHI was disclosed "on Google Reviews or any other internet platform without a valid authorization."

The settlement is the second in six months involving a medical practice posting online protected health information in response to bad reviews. In mid-December, federal investigators found Vision Dental, a practice located in the eastern exurbs of greater Los Angeles, had responded to criticism on Yelp by revealing the protected health information of patients (see: Dental Practice Hit With HIPAA Fine for Posting PHI on Yelp).

The HHS Office of Civil Rights "continues to receive complaints about healthcare providers disclosing their patients' protected health information on social media or on the internet in response to negative reviews. Simply put, this is not allowed," said office Director Melanie Fontes Rainer in a statement.

HHS OCR has previously issued HIPAA penalties in at least two similar cases involving healthcare entities posting patient PHI, including names and health conditions, on social media sites, including Yelp, in response to negative reviews.

Manasa Health Center did not immediately respond to Information Security Media Group's request for comment.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.