Writing Google reviews about patients is actually a HIPAA violation

Illustration by Alex Castro / The Verge

In the past few years, the phrase "HIPAA violation" has been thrown around a lot. The law protects patient health information and people can't be asked if they're up to date on their immunizations.

Asking someone if they're vaccine free is a violation of the health care law. It's a fine thing for a non- doctor to ask another non- doctor. The Department of Health and Human Services says that a dentist in North Carolina did something that was a violation of the Health Insurance Portability and Accountability Act. After a patient left a negative review on the internet, he responded with his own post on the internet, saying that the patient missed appointments. According to the notice of proposed determination, there was no one star. On page 3, there is a redacted HIPAA-violating Google post.

He used the patient's full name and described the specific dental problem he was in for, which resulted in a referral for a root.

That is what a violation of the Health Insurance Portability and Accountability Act looks like. The law allows healthcare providers and insurance companies to share identifiable, personal information without a patient's consent. The dentist publicly shared a patient's name, medical condition, and medical history. The office was fined $50,000.

A 2016 ProPublica investigation found that doctors often include details about patients' health in response to negative reviews. The dentist was fined $10,000 for putting multiple patients' information on the website.

The Office for Civil Rights at the Department of Health and Human Services requested to see the internal policies and procedures for personal health information and social media. The office didn't provide anything as of fall 2020. Even if a patient is annoying, never post in the office.