Close Close
ThinkAdvisor

Life Health > Health Insurance > Your Practice

Web testimonial postings lead to $25,000 HIPAA privacy fine

X
Your article was successfully shared with the contacts you provided.

Federal regulators have announced a privacy investigation settlement that could affect how any entity that collects protected health information (PHI) uses consumer testimonials.

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) says it has negotiated the settlement with Complete P.T., Pool & Land Physical Therapy Inc., a Los Angeles physical therapy practice.

In 2012, the practice posted testimonials from happy patients, including full names and photos, on the Web without getting what OCR classifies as valid authorizations, according to an OCR settlement announcement and a copy of the settlement agreement posted on the OCR website.

OCR officials say the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule requires covered entities in a situation like that to get authorization forms from consumers before using their protected health information for marketing purposes.

The practice has agreed to pay a $25,000 fine, adopt and implement a corrective action plan, and give OCR a report on its compliance efforts.

See also: 

More on this topic

Will you top the HIPAA audit candidate list?

Home care provider faces $239,800 HIPAA penalty

Data security gurus to corporate lawyers: Get to know the FBI

     

Have you followed us on Facebook?