The Reason Doctors Are Sharing Your Private Information Online

May 31st 2016

Aimee Kuvadia

It seems that health care providers aren't very good at taking criticism. Offended by unfavorable patient reviews on Yelp, a number of them are firing back by sharing their patients' private information online, according to a report co-published by ProPublica and The Washington Post.

By spilling intimate details about everything from their patients' diagnoses to treatments, health care professionals — doctors, dentists, and chiropractors, among others — are in violation of more than just decency; they're defying the law, specifically HIPAA (Health Insurance Portability and Accountability Act), as disgruntled patients are pointing out.

Yelp review Yelp review

After a patient in Washington state complained about her dentist ignoring a cracked tooth with an infection, the dentist apparently rebuffed her accusation by divulging: "Due to your clenching and grinding habit, this is not the first molar tooth you have lost due to a fractured root. This tooth is no different."

Needless to say, the patient wasn't pleased by her dentist's response, and made it known.

Yelp review Yelp review Yelp review

The times may be changing — health care providers aren't used to receiving ratings online as if they were a restaurant or store — but the law isn't: HIPAA explicitly forbids medical professionals from disclosing patient information without permission.

ProPublica pulled out all the stops when performing its analysis. Granted unprecedented access by Yelp to search its almost 2 million reviews, the nonprofit news organization utilized a tool created by the Department of Computer Science and Engineering at the NYU Tandon School of Engineering to single out 3,500 one-star reviews that mention HIPAA. Scores of complaints emerged about matters that began as an issue with medical care but morphed into a privacy concern.

Yelp Review  Yelp review

Some patients aren't taking their health care providers' indiscretions lightly, and are reporting them to the Office for Civil Rights within the U.S. Department of Health and Human Services, enforcer of HIPAA. The agency, however, isn't exactly known for staying on top of HIPAA violations and complaints.

A 2015 ProPublica analysis found that the Office for Civil Rights receives thousands of complaints a year — close to 18,000 in 2014 — but only issues a small number of fines. Since 2009, it's only penalized about 30 providers, not counting large breaches.

It's a plot twist for patients, who think that medical professionals guilty of violating their privacy oath believe that because their patients roasted them, they're entitled to roast them back. Except, patients aren't bound by HIPAA.

“If the complaint is about poor patient care, they can come back and say, ‘I provide all of my patients with good patient care’ and ‘I’ve been reviewed in other contexts and have good reviews,’” Deven McGraw, the office’s deputy director of health information privacy, told ProPublica. But they can’t “take those accusations on individually by the patient.”

Some health care providers don't sit idly by as their patients spout off negative reviews online; they implore them to delete their complaints, or in some cases, sue them, although very few, if any, have won.

In 2007, the company Medical Justice, founded by Jeffrey Segal, was building contracts for health care providers to give to patients that asked them to turn over copyrights to reviews, so unfavorable ones could be removed. But following a lawsuit, the company discontinued recommending the waivers. Segal has now changed his stance, believing health professionals should embrace reviews instead of fighting them.

“For doctors who get bent out of shape to get rid of negative reviews, it’s a denominator problem,” he told ProPublica. “If they only have three reviews and two are negative, the denominator is the problem. … If you can figure out a way to cultivate reviews from hundreds of patients rather than a few patients, the problem is solved.”