DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

From the frying pan into the fire? When HIPAA and reputation collide

Posted on October 25, 2010 by Dissent

One of the values I find in reading a lot online is that I’ll read something that makes me realize a gap in my own understanding of HIPAA or other issues.  In this case,  some forum comments and posts made by a doctor raised questions in my mind about whether  HIPAA-covered entities fall afoul of HIPAA by responding to negative comments a patient made about them in public forums.

Can doctors defend their reputation in public spaces of the Internet if they are accused of lousy treatment by a named patient, and if so, how much can they say in the process of trying to defend their reputation without violating HIPAA?   Or are they violating HIPAA if they respond at all if the patient has not given explicit consent for them to discuss their care or case?

Recognizing that I’m wandering in as a spectator to the  dispute that inspired this blog entry  and have not contacted any of the parties involved, here’s what it looks like from behind the relative calm of my coffee mug:

1. A patient was seemingly unhappy with the results of a surgical  procedure. The doctor seems to have made a second attempt, also with less than optimal results. Both parties agree on that.  From there, the stories diverge.

2. The patient said he asked for half of what he had paid to be refunded. When the doctor refused, he left critical reviews/complaints about him on consumer sites.  He also registered a [name]sucks.com domain.

The doctor responded to a number of the patient’s posts.   In one, he indicated that the patient had suffered from a “rare complication.”  It is not clear to me who first mentioned “rare complication.”

3.  The doctor claims the patient tried to extort him and has harmed his business by his public comments. He has repeated that allegation in a few  forums and even started his own threads about the patient’s business on some consumer gripe sites.

Seeing a doctor file a consumer complaint about a patient’s business is disturbing.  That there’s no indication he ever dealt with the business where the patient is employed is disturbing.  That in some of the posts he not only warns the employer about the patient but characterizes the patient as “unstable” is especially disturbing.

I do not know if the doctor consulted with his attorney about the wisdom of posting about his patient or responding to him online, but certainly I do not view his conduct as prudent.   But what would HIPAA say, if anything?

Doctors can generally reveal confidential patient information to defend themselves in actions involving a professional disciplinary board if a patient files a complaint about them.  They can also disclose financial information if necessary to obtain payment (e.g., as in referring an account to collection),  but to discuss quality of care in a public forum, even if the patient disclosed the relationship or complained about you? Or to reveal your patient’s occupation and workplace and accuse your patient of attempted extortion?  Defamation issues aside, what does HIPAA require of us?

I certainly understand the professional and personal desire to defend or repair one’s reputation, but reading the posts gave me that “yucky” feeling that the conduct was not appropriate. Maybe there is a HIPAA exemption that makes such public statements permissible and I just haven’t found it or recognized it, or maybe there isn’t any such exemption and some think there should be, but I don’t see where HIPAA permits us to say publicly what this doctor said.  Certainly, even if the doctor has not violated HIPAA, I have strong reservations about this type of approach and think it probably does more reputational harm than good, but for now, I’m just focused on the HIPAA aspects.

HIPAA lawyers: have I misunderstood the law? If so, please educate me.  Thankfully, I’ve never been in this situation, but if I ever am, I’d like to know what HIPAA really permits or bars.

No related posts.

Category: Health Data

Post navigation

← Ca: Bruyea's lawsuit against feds could be settled out of court, says lawyer
MWeb hacked, users’ details exposed (updated) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • DOJ investigates ex-ransomware negotiator over extortion kickbacks
  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
  • One in Five Law Firms Hit by Cyberattacks Over Past 12 Months
  • U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
  • Senator Chides FBI for Weak Advice on Mobile Security
  • Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks
  • Kelly Benefits updates its 2024 data breach report: impacts 550,000 customers
  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban
  • 20 States Sue HHS to Stop Medicaid Data Sharing with ICE
  • Kids are making deepfakes of each other, and laws aren’t keeping up
  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.