Violating HIPAA by responding to Yelp

If the provider does not bill electronically they are not bound by HIPAA. If they don't participate in Medicare they are not required to submit electronic bills. This is a major loophole not known by many granted there are not many providers that don't bill electronically

And if I remember correctly, Medicare does not require electronic billing UNLESS the entity has at least 10 employees. One of the perks of a small office & a reason the provider I worked for several yrs ago chose not to electronically bill (although we all went thru HIPAA training & followed the same rules though we weren't subject to it).

An obvious way for patients to set practitioners up for a lawsuit.

My understanding is that HIPAA covers all protected health information, whether electronic, written, or spoken. Could you tell me where you found this information?

It's literally in the beginning of the law that describes who it applies to....

I think if someone is putting their review (which will likely contain some sort of PHI and definitely an identifier or two) for a medical service on a site that allows for people with businesses to respond to and potentially ameliorate the events that spurred a negative review, they are implying their consent to having more of their information put up on the site. These people want to have their cake and eat it, too. It's one thing if you tell your friend with whom you have a mutual provider about a bad experience you had and the friend mentions it to the provider and then the provider puts you on blast to the friend. It's an entirely different issue if you're putting your own info out there to the public that sheds light on the TMI issue that social media has propagated.

Fabulous, informative response. Everyone wants to umbrella everything under "HIPAA" and that is not always the case.

You are correct in that what PHI is protected. The issue is whether HIPAA applies to the agency.

A covered entity must meet a two prong test. You must be a healthcare provider billing for services/doing covered electronic transactions/insurance company/information clearing house AND you must electronically submit claims to insurance. So for example if you sent medical reports to your child's school nurse and the information was disseminated HIPAA would not apply. FERPA would.

"Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards."

Are You a Covered Entity? - Centers for Medicare & Medicaid Services

If the provider or facility does not electronically submit information they are not a covered entity and HIPAA does not apply. An example in above linked article included a psychology practice that revealed diagnoses however since they did not bill insurance electronically HIPAA did not apply.

Covered Entities and Business Associates | HHS.gov

https://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/Downloads/CoveredEntitycharts.pdf

I think that when one offers a business service to the general public, which health care is, one must be prepared to receive feedback both positive and negative based on patient experiences. It is a different situation if patient/s are maliciously posting negative and untrue comments about practitioners in an attempt to harm the practitioner/s reputations, but I think these kinds of posts are often pretty obvious. It seems reasonable that if one is a decent practitioner who strives to treat patients respectfully and provide quality care, that the majority of feedback will tend to reflect this, and the positive feedback will outweigh the bad. I would have serious doubts about a practitioner who only expected to receive positive feedback from patients.

You haven't met some of the vindictive people peeved they didn't get a narcotic prescription or expect miracle cures after years of self neglect....unrealistic expectations yield poor outcomes and bad feelings.

You haven't met some of the vindictive people peeved they didn't get a narcotic prescription or expect miracle cures after years of self neglect....unrealistic expectations yield poor outcomes and bad feelings.

Well, they're still posting about their experience, and vindictiveness is usually pretty easy to spot in my experience.

Well, they're still posting about their experience, and vindictiveness is usually pretty easy to spot in my experience.

Unless you are a scared patient seeking help. Many review sites will not remove negative reviews even if proven to be false and libelous and that's the bigger issue

Unless you are a scared patient seeking help. Many review sites will not remove negative reviews even if proven to be false and libelous and that's the bigger issue

There are other ways to determine a practitioner's quality/credibility besides online patient reviews. I always use a variety of other methods, which I believe is only sensible, and would never suggest that anyone should rely only on online reviews.

Our social media coordinator asks me to look at her responses to the Yelp reviews on occasion, to make sure we are not violating anyone's privacy or engaging in defamatory conduct. Our typical response is something like this: "We are sorry that you did not have a good patient experience with us. We work hard to do a good job for all of our patients. We cannot discuss the details of your care here due to confidentiality laws. Please contact us at xxx-xxx-xxxx or email address so that we can work with you to address your concerns". I think that is about as far as you can go, and it is not a good idea to get into some Yelp flame war with a patient.

These negative Yelp and other reviews for healthcare entities are increasingly common. In my risk management and medical-legal journals, I have read of some parties, usually physicians, that have sued persons posting negative Yelp or other reviews. It is usually for defamation. I understand that the results of these suits are mixed, with some of them being thrown out of court and some of them prevailing. Even if the physician wins, it may be a Pyrrhic victory if the patient does not have sufficient assets or insurance to pay any judgment and legal fees.

I think that your facility has the right approach. It's reasonable; it's fair; it's balanced. It doesn't negate the patient's experience and it offers the patient the opportunity to address the concern/s with the facility if they wish.

Becoming defensive about receiving negative feedback, unless the feedback is obviously malicious, untrue, and intended to harm a practitioner's reputation, is, I think, counterproductive to practitioner-patient relations. Much better to just accept that experiences vary, and that some people will have positive experiences and will express this online, and some people will have negative experiences and will express this online. As I posted previously, if a practitioner treats patients respectfully and strives to provide quality care, it seems reasonable that the positive feedback will outweigh the bad.