OCR announced that a dental practice in Charlotte and Monroe, North Carolina was awarded a $50,000 civil monetary penalty following their disclosure of a patient's information as a response to a negative online review. Interestingly, the dental practice failed to OCR's data request, did not object (respond) to an administrative subpoena and did not contest OCR's Notice of Proposed Determination.
A second dental practice in Fairhope, Alabama did agree to accept a corrective action plan that included a $62,500 payment after disclosing patient information to a campaign manager and third-party marketing company.
In both cases, a covered entity business failed to understand the basics of HIPAA and while their payments aren't exactly career ending, we don't know what civil litigation will follow and the impact to each practice's patient care. Click the graphic below if you want to read more about each of these cases.
If you don't know what you should be doing with The Rules, give us a call. If the subject requires more than a consultant's advice, we can connect you with the right people.
Stay (HIPAA) safe,