OCR Pursues Impermissible PHI Disclosures After Negative Reviews

June 13, 2023
New Jersey psychiatry practice pays $30,000 to settle complaint about disclosure of protected health information in online review

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) continues to receive and respond to complaints about healthcare providers disclosing their patients’ protected health information on social media or on the internet in response to negative reviews.

OCR recently announced a settlement with New Jersey-based Manasa Health Center LLC, which provides adult and child psychiatric services. The settlement resolves a complaint received by OCR in April 2020, alleging that Manasa Health Center impermissibly disclosed the protected health information of a patient when the entity posted a response to the patient’s negative online review.

Following an OCR investigation, potential violations of the HIPAA Privacy Rule include impermissible disclosures of patient protected health information in response to negative online reviews, and failure to implement policies and procedures with respect to protected health information. Manasa Health Center paid $30,000 to OCR and agreed to implement a corrective action plan to resolve these potential violations.

“The HIPAA Privacy Rule expressly protects patients from this type of activity, which is a clear violation of both patient trust and the law. OCR will investigate and take action when we learn of such impermissible disclosures, no matter how large or small the organization, said OCR Director Melanie Fontes Rainer, in a statement.

OCR opened an investigation in response to a complaint by a patient alleging that Manasa Health Center posted a response to the patient’s negative online review that included specific information regarding the individual’s diagnosis and treatment of their mental health condition. In addition to the patient who filed the complaint, OCR’s investigation found that Manasa Health Center impermissibly disclosed the protected health information of three other patients in response to their negative online reviews. OCR’s investigation also found that Manasa Health Center failed to implement HIPAA Privacy policies and procedures.

In addition to the monetary settlement, Manasa Health Center will undertake a corrective action plan that will be monitored for two years by OCR to ensure compliance with the HIPAA Privacy Rule. The corrective action plan includes the following steps:

  • Develop, maintain, and revise its written policies and procedures to comply with the HIPAA Privacy Rule,
  • Train all members of Manasa Health Center’s workforce, including owners and managers, on the organization’s policies and procedures to comply with the HIPAA Privacy and Security Rules,
  • Within 30 calendar days of the agreement, Manasa Health Center shall issue breach notices to all individuals, or their personal representatives, whose protected health information is disclosed on any internet platform without a valid authorization, and
  • Within 30 calendar days of the agreement, Manasa Health Center shall submit a breach report to HHS concerning individuals whose protected health information is disclosed on any internet platform without a valid authorization.

Sponsored Recommendations

AI-Driven Healthcare: Empowering Nurses, Clinicians, and Care Teams for Smarter, More Efficient Care

Explore how AI-first ThinkAndor® is transforming nursing workflows and patient care at Sentara, improving outcomes, reducing readmissions, and enhancing care transitions in this...

The Future of Storage: The Complexities and Implications in Healthcare

Join us on January 23rd to explore the future of data storage in healthcare and learn how strategic IT decisions today can shape agility and competitiveness for tomorrow.

IT Healthcare Report: Technology Insights for a Transformative Future

Explore the latest healthcare IT trends, challenges, and opportunities in AI, patient care, and security. Gain actionable insights to navigate the industry's transformation.

How to Build Trust in AI: The Data Leaders’ Playbook

This eBook strives to provide data leaders like you with a comprehensive understanding of the urgent need to deliver high-quality data to your business. It also reviews key strategies...