Social Media

Basic HIPAA Requirements
Abyde News, Best Practices, HIPAA

HIPAA Basics You Can’t Skip (Even If You’ve ‘Always Done It This Way’)

January 15, 2026 No comments yet

January 15, 2026 As your practice shakes off the post-holiday haze, it’s time to go back to basics. Before picking up the pace, it’s worth slowing down to look at the foundations. While your practice might have routine procedures, it’s time to double-check if they’re even compliant.   The Training Refresh Staff must complete HIPAA training when joining your practice, but that’s not all. HIPAA requires annual training and updates after policy changes or breaches, and whenever staff review is needed. Long story short, your practice needs a lot of training. When in doubt, provide staff training to ensure they are comfortable and confident in handling Protected Health Information (PHI).   Titles Matter Even in a small practice, it’s required to assign a HIPAA Compliance Officer (HCO). We know that ‘wearing many hats’ is the reality of a small team, but designating a clear leader for compliance provides a vital anchor. It ensures your staff knows exactly who to turn to for guidance. If the OCR ever comes knocking, they require a single point of contact to streamline the investigation. Social Media Savviness We hate to break it to you, but your Gen Z receptionist could make your practice viral for all the wrong reasons. Social media can be beneficial for sharing your practice to a larger audience, but your staff needs to handle it very carefully. While it might be fun to partake in the latest TikTok trend, make sure that any PHI cannot be seen in the clips, and do not include a patient in any content unless there is explicit consent to do so. Having a media consent form is key in these situations. Keep it General Alongside social media, Google reviews can be a great way to show you’re listening, but HIPAA changes what you can say. Even if the review is favorable, you cannot identify whether the patient has been in your practice or not. Even if the review details a specific experience at your practice, it’s their choice to disclose this information, and your job, under HIPAA, is not to confirm it. For instance, a good public review would be: Thanks for the kind words! If you have additional feedback, please call us at xxx-xxx-xxxx. If you get a negative review, keep your response brief and offline. First, check for spam or rule violations and report if necessary. Otherwise, don’t clarify details or if they’re a patient. A good response: Thank you for your feedback. We’d like to learn more. Please contact us at xxx-xxx-xxxx. Practices can, and have been, fined for improper Google review responses, so your team must remain calm and neutral online. Lock it Down While it might feel easier for your practice to use a single, shared email to log in and access everything, it’s much safer (and wiser) for every team member to have their own login with role-based permissions. Individual accounts create accountability, keep information organized, and enable the implementation of role-based access. Not everyone in your practice needs access to the same information, and they shouldn’t have it. For example, your receptionist likely doesn’t need access to X-rays or clinical notes, but they do need access to scheduling software. When permissions align with the job, you reduce the risk of accidental exposure and keep sensitive data limited to those who genuinely need it. Individual logins make off-boarding easy. When someone leaves, remove their access immediately without disrupting the team or requiring a shared password change. This small shift greatly boosts compliance and protects patient information. Change Habits Today It’s easy to let compliance fall to the bottom of the to-do list when you’ve “always done it this way”. Thankfully, intelligent software can streamline these requirements for you. With the right platform, you can ensure training is handled correctly, that dynamic policies and procedures are properly formatted for your team, and that you have access to a team of compliance experts when navigating difficult compliance questions. Take the next step: schedule a compliance consultation with our team. We’ll show you exactly how to meet HIPAA requirements, simplify your processes, and protect your practice with confidence. Contact us today to get started.

Cadia Healthcare HIPAA Fine
Abyde News, Fines, HIPAA

From Success Stories to HIPAA Violations: Cadia Healthcare’s $182K Lesson

October 6, 2025 No comments yet

October 6, 2025   Remember: sometimes, it’s not your story to tell.  While your practice might be excited to share the positive results of quality patient care, it’s your patients’ right to share their stories. Patients’ medical histories and treatment plans are considered Protected Health Information (PHI), and it’s your practice’s responsibility to safeguard all sensitive patient data.  Cadia Healthcare Facilities is the latest rehabilitation organization caught in the Office for Civil Rights’ (OCR) crosshairs after improperly disclosing patient health stories online. Notified by a patient complaint, the OCR investigated the organization and settled the violation with a $182,000 fine and a two-year Corrective Action Plan (CAP). A major financial and reputational hit, paired with thorough government monitoring, is a lesson learned for the organization.  The 20th fine of the year teaches healthcare practices the importance of HIPAA-compliant marketing, website management, and patient consent.    What Happened?  The rehabilitation organization implemented a Success Story section on its site, with 150 patients’ stories publicly highlighted on the page. This page had extensive PHI, including a patient’s name, image, conditions, treatment, and recovery plans.  While Cadia Healthcare Facilities utilized the website with good intentions, these Success Stories quickly turned into HIPAA horrors. The reason why? Missing HIPAA authorization forms for all 150 featured patients. Then, a patient contacted the OCR with concerns about their image being used without permission on the Cadia Healthcare Facilities website. That’s when the OCR discovered the rehabilitation organization’s noncompliant website and impermissible disclosures.  In addition to the fine and government monitoring, the organization must notify all impacted patients that their information was breached on its site, per the Breach Notification Rule.   Share Online Compliantly Posting your practice’s accomplishments online might be exciting, but your practice must handle it carefully.  Your practice must obtain a HIPAA authorization form before publicly sharing patients’ PHI. This includes before-and-after photos, testimonials, and, in this case, success stories. The forms must be written and specific, and patients can withdraw permission at any time.  Your practice’s online presence is likely a new patient’s first impression, so it’s essential to maintain and update your webpage. However, having more likes and views should never outweigh your commitment to compliance and patient protection. Are you confident your staff understands how HIPAA compliance extends to social media and other forms of marketing? With smart software, your practice can easily train and provide staff with the required documents for HIPAA-compliant social media use. The right compliance solution will empower your staff to handle HIPAA compliance with ease, allowing them to build an online presence while keeping patient data safe.  To learn more about HIPAA compliance for your practice, meet with a compliance expert today. 

HIPAA marketing compliance
Abyde News, Best Practices, HIPAA

Likes Without Liability: HIPAA-Safe Ways to Connect with Patients Online

October 1, 2025 No comments yet

October 1, 2025   Doing a TikTok with a patient might make your practice go viral for all the wrong reasons.  In a world of social media, email marketing, and overall digital communication, connecting with your patients online is a no-brainer.  However, the moment you step into the world of patient engagement, you run straight into red tape, the Health Insurance Portability and Accountability Act (HIPAA) regulations. While a photo of a patient might not seem like a big deal, your practice needs to safeguard patient data, or Protected Health Information (PHI). Typical forms of PHI include a patient’s name, image, Social Security Number, and health records.  The internet provides numerous ways to connect and market to patients; your practice must do this carefully, securely, and compliantly.    Social Media Landmines The very nature of social media sites like TikTok, Instagram, and Facebook encourages quick, personal sharing of content. These all directly conflict with the strict privacy requirements HIPAA upholds.  The good news is, your practice can post with patients if the proper steps are followed to ensure HIPAA marketing compliance.  First, your patient must sign a media consent form if their image is posted. This includes testimonials as well. Even if a patient had a great experience with your practice and wants to share, this documentation must be completed. This form must be specific and written, allowing the patient to withdraw permission easily. A verbal agreement isn’t going to cut it.  PHI also can’t be shared when responding to Google or Yelp reviews. And yes, acknowledging that a patient attended your practice is considered PHI. Keep all responses brief and respectful. If a patient had a bad experience at your practice, try to take it offline and provide a secure channel to continue communication.  Remember that HIPAA violations are not limited to your official practice accounts. Any of your practice’s staff is bound to HIPAA legislation. So, train and ensure staff know their responsibilities to keep PHI secure. No selfies at work!    Safeguarding your Inbox Chances are, you’re sending emails every day in your practice. Let’s make sure your practice is sending emails compliantly. First up: encryption. Patient emails are considered PHI, so ensure all the necessary technical safeguards are in place to protect your inbox. After double-checking that the right patient receives an email, keep it simple and send only the minimum necessary information. A quick appointment reminder doesn’t need someone’s full health record attached. Next, consent matters. Your patients might be fine getting reminders or lab results by email, but that doesn’t mean they want marketing messages about specials at another location. Respecting their preferences keeps their information safe and your practice out of trouble. Make sure your practice documents this consent, and like media consent forms, allow your patients to change their permissions at any time.   Posting with Peace of Mind This is just a quick roadmap for using marketing tools  and HIPAA marketing compliance in your practice, but if done correctly, social media and email can be powerful ways to connect with your patients. Staying compliant isn’t just about following rules; it helps build trust with your patients, which is far more valuable than any number of Instagram followers.  While your IT provider can always offer guidance on technical safeguards, understanding these basics is essential for keeping your practice and patient information safe.  Smart, practical solutions can make HIPAA compliance easier for your practice.  Connect with a compliance expert today to take the guesswork out of compliance.

Common Dermatology HIPAA Fines
Abyde News, Best Practices, HIPAA

Protecting Every Layer: HIPAA Essentials for Your Dermatology Practice

July 1, 2025 No comments yet

July 1, 2025   HIPAA violations are not skin-deep.  Dermatology practices, like all healthcare practices, are subject to HIPAA legislation. Common HIPAA violations erode reputation and patient trust, potentially costing your practice significant legal fees and fines.  Dermatology practices have unique data, like photos of skin ailments and reports of skin biopsies, which must be securely handled.  Sharing a picture of an abnormal mole without proper documentation, even if it looks harmless, is a HIPAA violation. Why? This is because the image includes identifiable health information about your patient.  The good news? Frequent HIPAA pitfalls can easily be prevented with the proper safeguards and education. Being aware and implementing the right proactive safeguards secures your practice.    Social Media 101  Before-and-after patient photos can be a powerful marketing tool on social media, but mishandling them could attract unwanted attention from the Office for Civil Rights (OCR).  It’s totally normal to be proud of the great results you achieve for your patients. However, if you plan to share how your treatment helped a patient publicly, you must have that patient sign a media consent form. This form explicitly grants permission to share their healthcare procedures or results online. Beyond that, your practice must have a well-defined multimedia policy outlining how social media is handled. This ensures your entire staff is equipped and aware of their responsibilities regarding sharing information online, keeping everyone compliant, and protecting patient privacy. It’s also important to regulate your dermatology staff’s communication with patients on social media. While a patient may leave a positive review about how a chemical peel treatment made them look younger, you cannot confirm or deny whether that patient visited your practice. If you want to use a favorable review in your social media marketing, make sure the patient has signed the media consent form. Even a negative review can lead to a HIPAA violation if you’re not careful. While it’s tempting to defend your practice publicly, the cost of a violation far exceeds the initial frustration. For instance, one practice faced a $10,000 fine for disclosing Protected Health Information (PHI) on Yelp. The right move would have been to move the conversation offline and communicate with the patient privately through a secure channel.   Staying Ahead: Security Risk Analysis One of the most common fines is missing a vital piece of proactive compliance. The Security Risk Analysis (SRA) is a thorough assessment of all the safeguards your practice has in place to secure PHI. The minimum annual SRA must be completed before and after a HIPAA breach, showcasing your practice is aware of vulnerabilities and documenting how they are addressed.  This isn’t an isolated issue; it’s a widespread compliance gap, with only 14% of healthcare practices able to produce a compliant SRA during random audits. The recent case of a dermatology organization that faced an investigation after a substantial ransomware breach. The incomplete SRA discovered during the investigation led to a hefty $250,000 fine for the practice. It’s a common misconception that fines are solely a consequence of ransomware attacks. However, the true underlying reason for a fine is the failure to implement appropriate preventative safeguards. While ransomware attacks and cybercrimes can certainly occur despite even the most robust safeguards, a practice’s preventative and reactive response and ability to mitigate risk swiftly determine whether a fine is levied.   Improper Paper Trails The entire lifecycle of PHI, from generation to deletion, needs to be handled securely. This includes properly shredding and disposing of records. Any image of a patient’s skin, old samples, etc., must be disposed of securely. First, records need to be kept for at least six years, but once disposed of, they cannot be traced to patients and must be destroyed entirely. Simply putting records in the trash isn’t going to cut it. In fact, Business Associates can handle data destruction for your practice.  A dermatology practice was fined for improper disposal. Empty specimen containers, with PHI on the label, such as patient names, dates of birth, and more, were thrown in unsecured trash. After discovering that this disposal was typical for the dermatology organization for years, the practice was fined over $300,000.    How to Avoid Common Dermatology HIPAA Violations The right HIPAA compliance program can avoid these common missteps. Proactive compliance, including thorough training and a maintained SRA, is key to the success of your dermatology practice.  While handling your practice’s compliance program might feel overwhelming, compliance solutions can streamline this process.  Intelligent software can easily pinpoint and address common violations in a centralized compliance hub. By maintaining control and proactively addressing compliance gaps, your practice can achieve peace of mind. Meet with a compliance expert today to learn more about simplifying HIPAA compliance for your dermatology practice. 

HIPAA Compliant Marketing
Best Practices, HIPAA

Can You Post That?: The Secret to HIPAA Compliant Marketing

April 30, 2024 Comments Off on Can You Post That?: The Secret to HIPAA Compliant Marketing

April 30, 2024 Going viral in healthcare has a much more serious meaning than in marketing. Marketing in healthcare is essential. You want more people to know about your practice.  Like everything, the internet has revolutionized how patients look for a healthcare provider.  The internet is most people’s first introduction to your practice, with 75% of prospective patients first searching online for a healthcare provider.  Marketing and healthcare might seem like oil and water, especially when you throw HIPAA in the mix, but we promise you can do both, just with some rules.  Ready to take your patient engagement to the next level? Here are some tips and tricks when it comes to marketing your practice and being HIPAA compliant.  Tracking Tips One of the most common forms of marketing is online tracking tools.  Have you ever searched for something online and seen an ad on another website? For example, while falling down the rabbit hole of watching cat videos, you go to another site. Suddenly, BAM! Cat toy ads on every other site. While we aren’t complaining about seeing more cute cats, this isn’t a coincidence. It’s just tracking tools at play.  Almost every site you visit is trackable, with 90% of sites online having at least one tracking script installed.  Online tracking tools have been in recent healthcare compliance news, with the OCR releasing new HIPAA-compliant guidance.  Online tracking tiptoes into non-compliant territory, but installing software on suitable sites can be beneficial.  First, when working with a marketing company and installing this tracking software, ensure a Business Associate Agreement (BAA) is signed. A BAA outlines the responsibilities of each party, in this case, your practice and a marketing company, when handling Protected Health Information (PHI). These agreements ensure that both parties are on the same page, are liable, and know the importance of protecting patient data.  First, HIPAA does not apply to unauthenticated public sites like your practice’s homepage. Once patients are logging in, that’s when HIPAA comes into play. The information tracked must be the minimum necessary, and overall, can’t relate to the past, present, or future health, health care, or payment for health care.  Following the proper protocols helps avoid fines and keeps your practice running smoothly. Back in January, the NewYork-Presbyterian Hospital was fined $300,000 due to improper tracking practices.  Social Media Guru We’re not expecting you to become TikTok famous, but social media can be helpful in your practice. 74% of people online use social media, and nearly half have used it to learn more about a doctor or health professional for their care.  A social media page can be like a welcoming front door for patients. So, if you’re using it, make sure it’s HIPAA-compliant and shines a light on your fantastic practice!  When posting on social media, ensure PHI or patients who still need to sign a media consent form are visible.  While we know you might be excited about a patient’s new smile before and after braces, without consent, you might not be so happy with the fines. In Abyde’s software, we feature a media consent form, helping to keep your practice complaint.  Raving Reviews  Now, we’ve all read Google reviews. Whether it be the new Mexican restaurant up the street or your new general practitioner, we rely on others’ experiences when making a decision. Over 70% of patients trust Google reviews when searching for a new healthcare provider.  When responding to reviews, it’s essential to follow the simple rule: less is more. You can reply to reviews; make sure that identifiable information about a patient isn’t shared. For instance, even if it’s a lovely review, sharing a patient’s treatment online is unnecessary.  It’s essential to keep your cool when responding to these messages.  If it is a negative review, take it offline! Offer secure forms of contact for a patient, addressing their needs in a HIPAA-compliant manner. We’ve seen the repercussions of a Google review HIPAA violation. Manasa Health Center LLC was fined $30,000 for sharing PHI online in response to negative reviews. Even if the negative reviews were hurtful, we’re safe to say it probably wasn’t worth that much!  What’s Next?  We all know social media can be a game-changer for your practice, boosting patient numbers and engagement. But with great power comes great responsibility.  That’s where Abyde swoops in – streamlining compliance for your practice. Abyde simplifies compliance, and with features like the intuitive Security Risk Analysis, you’ll have all the tips and tools you need to ensure you’re compliant. So, get back to posting (safely)!  To learn more about compliance for your practice, schedule an educational consultation with one of our experts today! 

HIPAA Compliant Social Media
Best Practices, HIPAA

Social Media & HIPAA: Compliant Social Media Tips for Your Practice

February 15, 2024 Comments Off on Social Media & HIPAA: Compliant Social Media Tips for Your Practice

February 15, 2024 Picture this: you’re a doctor, feeling proud after helping a patient overcome a challenge. You snap a selfie with them, post it on your clinic’s Instagram, and bam! Instant HIPAA violation. We’ve seen how social media is about more than just staying connected with friends and family. It’s become a powerful tool for reaching new audiences and having meaningful interactions with other users. If used correctly, social media can be an awesome tool to educate and share the resources your practice provides easily to patients.  However, it is important to use social media wisely and know how crucial it is to protect patient information. Social media can be a slippery slope to HIPAA violations if misused. That’s why we’re here today to share with you the best tips and practices for your social media.  The Less Information, The Better Double Check Before Posting Have Media Consent Forms Signed While your journey to be famous online might not be as easy as cute cat videos, by prioritizing HIPAA compliance on social media, you can confidently utilize technology to engage with audiences without compromising their privacy. Social media can be complicated, but compliance doesn’t have to be with Abyde. Abyde offers a thorough security risk analysis that dives into not only social media use but all facets of your practice. Abyde also has interactive training, policies and procedures, forms, and more, for your practice to utilize. To learn more about simplifying compliance for your practice, email us at info@abyde.com and schedule a demo here.

Google Reviews HIPAA Fine
Fines, HIPAA

New Jersey Doctor Fined $30k for Breaching HIPAA in Responses to Negative Google Reviews

June 5, 2023 Comments Off on New Jersey Doctor Fined $30k for Breaching HIPAA in Responses to Negative Google Reviews

June 5, 2023 The U.S. Department of Health and Human Services (HHS) launched an investigation into Manasa Health Center LLC’s (Mansa) compliance with the The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and notified them about it on November 18, 2020. Manasa is a psychiatric practice based in Kendall Park, New Jersey. As a covered entity under HIPAA, Manasa is required to comply with these rules. The investigation uncovered certain conduct, referred to as “Covered Conduct,” which includes the illegal disclosure of four patients’ protected health information (PHI) in response to negative reviews on Google. Additionally, Manasa was found to have failed to implement policies and procedures regarding PHI that comply with the standards and requirements of the Privacy and Breach Notification Rules. Manasa has agreed to pay HHS a resolution amount of $30,000. The payment will be made on the effective date of the agreement, following written instructions provided by HHS. Manasa has also committed to complying with a Corrective Action Plan (CAP) that serves as a roadmap for Manasa to rectify its non-HIPAA-compliant practices. The CAP put in place includes implementation of compliance policies and procedures, employee trainings, breach notifications, reports. Abyde’s HIPAA Compliance Software Solution can help healthcare providers effortlessly assess risks, implement necessary policies and procedures, and receive continuous support to maintain compliance with HIPAA regulations. If you have staff that has a bad case of keyboard-itis, make sure they are trained on what NOT to type out on the internet!  By utilizing Abyde, healthcare providers can rest assured that they are meeting the requirements of the Privacy, Security, and Breach Notification Rules. This proactive approach to compliance helps them avoid the potential consequences of non-compliance, such as costly settlements like the one experienced by Manasa Health Center.

HIPAA vs Online Reviews
Best Practices, HIPAA

HIPAA vs Online Reviews: A Primetime Matchup

March 18, 2021 Comments Off on HIPAA vs Online Reviews: A Primetime Matchup

March 18, 2021 Let’s face it, social media and the internet tend to call the plays when it comes to our decision-making. Whether you’re shopping for a new car or just deciding between tacos or pizza for dinner, seeing a one-star review pop up under your Google search is a total red flag. So, when 95% of patients say that online reviews are reliable and over 70% say that reviews have influence over their choice of physician – being on the receiving end of a bad review can feel like a total cheap shot.  There’s really no such thing as pleasing everyone – and as a practice owner, having to deal with some unhappy patients just kind of comes with the territory. Even all-star’s get the occasional “boo” from the crowd and seeing a patient post “100% would NOT recommend!!” about your practice can be a hard hit to recover from. As much as we all want to come to our own defense, choosing to fight back does a lot more damage than just taking the ‘L’ in the online face-off with a patient. Just take it from the dental practice who was slammed with a $10,000 fine for including sensitive patient information in their response to a Yelp review.  You might be thinking if someone submits a review about my practice aren’t they already admitting that they’re a patient themselves? Though you aren’t totally wrong, HIPAA law is in place to protect patients’ privacy – and a patient submitting a review is NOT authorization for you to go and release their sensitive information when responding. So, while there might not be a winning playbook for how to keep your patients happy, there are some guidelines for how to best handle online reviews: Since there’s no one-size-fits-all response for any and every online review, your practice may receive some feedback that seems a bit out-of-left-field, and knowing how to handle it might be tricky. So to give you some sideline practice, let’s pretend you just received this negative review:  “I had to wait over an hour to be seen and the doctor was rude and rushed through my appointment. Overall it was a terrible experience and I will not be back.”– Negative Nancy A bad response for your practice would be: “We’re sorry you had a bad experience during your appointment, however, our records show that you were late to your appointment which therefore caused a delay in your wait time.” A HIPAA-compliantresponse would be:  “Our practice’s scheduling policy allows for adequate time with the doctor in order to keep our appointments running on time. However, due to emergency situations, it is possible for us to run behind schedule occasionally. We appreciate your feedback and are committed to providing the best patient care; you’re always welcome to contact our office if you would like to discuss further.”  It’s pretty easy to see why response #1 would probably end up on Sportscenter’s Not Top 10 Plays of the Week – but unfortunately, we are seeing more and more real-life examples of practice comments similar to this one. With patient complaint numbers on the rise and proposed regulation updates centered around improving patient rights, the Office for Civil Rights (OCR) has definitely made it clear that they’ll be bringing their “A” game on HIPAA enforcement.  Online reviews (both good and bad) should be handled with extreme care not only to protect your practice’s reputation amongst prospective patients but also to avoid any flags thrown by the OCR. So, while we hope that you won’t have to go head-to-head with a one-star Google review anytime soon, following HIPAA best-practices when and if you do will be the ultimate game-changer.

HIPAA Compliant Marketing for Healthcare Practices
Best Practices, HIPAA

HIPAA Compliant Digital Marketing for Healthcare Practices

July 8, 2020 Comments Off on HIPAA Compliant Digital Marketing for Healthcare Practices

July 8, 2020 Nowadays, you can shop online for anything – from chopsticks that double as LED lightsabers to a wig for your dog (seriously, we’re not kidding), and shopping online for a healthcare provider is no different. The internet plays a key role in a healthcare consumer’s decision making, in fact, according to a study released by the Pew Internet & American Life Project, “80 percent of Internet users, or about 93 million Americans, have searched for a health-related topic online.” Let’s face it, we use the internet for basically anything and everything nowadays especially as we continue to adapt in today’s COVID-19 world, which is why it’s important for your practice to understand what is and isn’t allowed when it comes to HIPAA compliance and online marketing.  Using online marketing as a tool can be extremely beneficial for practices. Most medical practices have a website and many use social media and email marketing as tools to reach potential patients – ensuring you are utilizing these platforms in a HIPAA compliant manner is imperative to marketing in the right ways while still ensuring the privacy of your patients and security of your practice. Whether it be for your practice website, social media page, or advertisement – if you would like to use any type of patient information there are some strict guidelines to follow: Your Practice Website Having a HIPAA compliant website for your practice enables patients to search for information regarding the services that you provide, and ultimately drive new patients to you. The following are some key tips to follow when creating and maintaining the website for your practice:   Email Marketing  If choosing to use email marketing to engage with patients there are some key safeguards you must take to ensure you’re protecting your patients’ information and aren’t setting yourself up for a HIPAA violation:  Social Media  Nowadays social media platforms play a large role in consumers’ decision making. Having a strong social media presence can be a great asset to your practice, but in order to use social media to your advantage, you should follow these guidelines:  Where marketing regulations get tricky is patient reviews or comments on digital platforms. While patients are able to post a review or comment about your practice, you cannot respond in any capacity that ties the patient to your practice. A dental practice in Texas was faced with a $10,000 fine along with a 2-year corrective action plan after they responded to a patients’ Yelp review. The practice had responded to multiple reviews the investigation found, disclosing patient information including names, medical diagnoses, and more and was only hit with a small fine due to their immediate cooperation with the Office for Civil Rights. On top of ensuring that you’re meeting all the criteria for a safeguarded online presence, you should also create a well-documented strategy that clearly outlines what’s permitted and what isn’t for your staff. This should cover the necessary policies and procedures for marketing to patient’s whether it is done online, over the phone, or in person.

Want an inside look at how the OCR operates? Watch our latest webinar with Iliana Peters, former Acting Deputy Director for HIPAA at the HHS OCR.

WATCH RECORDING
X