Hipaa Violation Med Spa

Summary

Sharing private health information without consent can violate HIPAA, even for med spas not accepting insurance. File a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your rights were violated.

Full Conversation

Hello I left a negative Google review at a med spa. The director (MD) responded to my public review using my first name and included private details regarding my skin’s reaction to a laser hair removal treatment. I intentionally did not share these details in my review. Was this is HIPPA violation?
Hello. If the med spa director shared your private health information without your consent, it could potentially be a violation of HIPAA. However, the specifics depend on your location and the exact circumstances. Could you please share your location?
I'm based in California.
Virginia
Thank you for the information. In Virginia, sharing your private health information without your consent could potentially be a violation of the Health Insurance Portability and Accountability Act (HIPAA).
- HIPAA rules prohibit the disclosure of protected health information without patient consent.
- You may file a complaint with the U.S. Department of Health and Human Services' Office for Civil Rights.
Even as a med spa that doesn’t take insurance?
Yes, even if the med spa doesn't take insurance. The HIPAA applies to all healthcare providers that transmit health information electronically, not just those that accept insurance.