The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Washington Attorney General Sues Plastic Surgery Provider for HIPAA Violations and Falsely Inflating Online Ratings

Posted By on Jan 6, 2023

Washington Attorney General Bob Ferguson is suing a plastic surgery provider for falsely inflating online ratings, bribing, and threatening patients, and alleges the actions of the practice violated the Health Insurance Portability and Accountability Act (HIPAA) Rules.

The lawsuit was filed in the U.S. District Court for the Western District of Washington against the Seattle plastic surgery clinic Allure Esthetic and its owner Dr. Javad Sajan after receiving multiple complaints from patients and former employees. The complaints alleged the practice was bribing and threatening patients to prevent them from posting negative reviews on platforms such as Yelp and Google, and that patients were made to sign non-disclosure agreements (NDAs) before receiving treatment prohibiting them from publishing online reviews that could in any way harm the practice. The practice considered any review under 4 stars to be a negative review. Attorney General Ferguson said these practices falsely inflated its online reviews.

According to the lawsuit, more than 10,000 patients were made to sign the NDAs stating legal action would be taken in response to negative reviews. Patients who posted negative reviews were allegedly intimidated into removing the reviews and were told they would be sued for monetary damages if the reviews were not deleted. In some cases, patients were offered bribes for removing negative reviews, including cash and free services. Patients that accepted the payments or free services were required to sign a second NDA that stipulated they would be liable for $250,000 in damages if they posted any further negative reviews. Patients were required to pay a $100 consultation fee before being told they would be required to sign an NDA.

The lawsuit also alleges employees were ordered to post fake positive reviews online that included altered before and after photographs that made it appear the treatments were more successful than they actually were. A VPN was used for posting fake reviews to conceal the IP addresses of the office computers. The practice is also alleged to also applied for rebates on behalf of its patients without obtaining their consent, then kept the rebates. Hundreds of fake email accounts were created to register for rebate programs intended for real patients, which resulted in thousands of dollars of fraudulent rebates being paid to the practice each month.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The lawsuit alleges that between 2017 and 2019, the NDAs required patients to contact the practice prior to publishing any online review under 4 stars, with the NDAs stating patients would be liable to “pay monetary damages to the practice for any losses” if negative reviews were not removed. The NDAs also stated that patients must waive their HIPAA privacy rights, stating consumers must “allow a response [to the review] from the practice with any personal health information” if they post a negative review. The HIPAA Privacy Rule prohibits covered entities from conditioning treatment, payment, enrollment, or benefits eligibility on an individual granting an authorization to disclose protected health information. That wording was changed in 2019, but the NDAs continued to be required until March 2022.

In addition to the alleged HIPAA violations, the practice and owner are alleged to have violated the Washington State Consumer Protection Act (CPA) and the Consumer Review Fairness Act (CRFA). The lawsuit asks the court to invalidate the NDAs,  require the practice to write to all patients to inform them that the NDAs are invalid, and block the practice from using NDAs in the future. Monetary damages of up to $7,500 are sought per violation and the court has been asked to order the practice to pay restitution to patients for the $100 consultation fees and return any rebates that are owed to customers.

“Patients rely on reviews to determine if a healthcare provider is right for them and using legal threats and bribes to manipulate those reviews is deceptive and harms Washingtonians. We are taking action to stop these unethical and illegal practices,” said AG Ferguson. “Threatening and bribing customers to prevent them from sharing the truth about their experience isn’t just wrong — it’s illegal.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist