Skip to main content
Back to Blog

How to Write HIPAA-Compliant Review Responses

Category: Reputation Management / 5 minutes to read
Author: Jenelle Brooker
Published: December 3rd

How to Write HIPAA-Compliant Review Responses

Category: Reputation Management / 5 minutes to read
Author: Jenelle Brooker
Published: December 3rd

Every business today gets online reviews, and healthcare providers are no exception. But while a restaurant or hair salon can respond in any way they like to customers (although we do have some guidelines we recommend!), doctors have strict limitations on what they can and cannot say. 

HIPAA is designed to protect patient confidentiality – something that any healthcare provider can appreciate and respect. But it means you have to be very careful about how you respond to online reviews. If you accidentally violate HIPAA laws in your response, you could be setting yourself up for costly fines. 

Can I Just Ignore Online Reviews? 

Knowing that your response to an online review could violate HIPAA laws might leave you tempted to ignore the reviews altogether. Unfortunately, in today’s day and age, that’s not really an option. 

Surveys have found that 94% of all patients turn to online reviews when making decisions about which healthcare provider to choose. When bad reviews sit there unanswered, prospective patients might get the sense that you’re not concerned with providing attentive care. When you take the time to respond to reviews, it shows that you’re proactive and invested in the care of all your patients. 

What Do I Need to Watch Out For? 

So you should be responding to all reviews – both good and bad – but what is it that you can and cannot say? The main thing to be aware of is maintaining patient confidentiality. 

This means that you can’t write about any specific courses of treatment you’ve recommended, tests you’ve run, or diagnoses you’ve given. But it goes beyond that: You also cannot confirm that someone is a patient. 

Of course, when you’re responding to reviews from patients online, that’s a fine line to tread. Even if the person writes in their review that they’re a longtime patient at your practice, you cannot confirm that in your response. 

What Can I Say? 

It is possible to write a review that acknowledges what your patient has written without confirming their status as a patient. Your best bet is to respond in generalities. If someone writes a positive review, saying that your staff is kind and attentive and that you always take the time to listen to their concerns and outline a sensible course of treatment, you can respond stating the type of service you aim to provide to everyone. 

Rather than saying specifically, “I’m glad you were happy with the care you received from me,” you can say something like “My team and I always aim to treat every patient with care and respect.” Talk about the type of service you strive to provide at your practice and your philosophy of care for all patients, rather than speaking to the specifics of what the patient wrote in their review about your one-on-one interaction. 

The same principle holds true for a negative review. If you catch something troubling in a review, don’t address the specifics of the visit, and certainly don’t mention any way in which the patient may have been at fault. Even if the reason they felt worse after their visit to your practice was that they didn’t follow through on the course of antibiotics you prescribed, you can’t say that! 

Rather than directly acknowledging that they were a patient of yours who had a bad experience, mention that your office always looks to provide great service. Then, include a direct line where they can reach you to discuss their concerns in private. 

What About Terrible Reviews? 

Every once in a while, you’ll get a real doozy of a review. When that happens, your temptation might be to defend yourself. But when you write a response in anger, you’re all the more likely to forget about HIPAA and inadvertently say something you shouldn’t. 

When you get a horrible review, it’s best to take a step back. First of all, was the review warranted? No business is perfect, and doctors are no exception. If your office really did drop the ball, it’s best to reach out directly to the reviewer. 

Plus, you can take comfort in the fact that people reading reviews are wary of places that have a perfect five out of five stars. A bad review here or there isn’t the end of the world. 

If the reviewer is totally out of line and has posted something that’s factually incorrect, you can consider reaching out to the review site and letting them know the review was written in bad faith. You can’t, unfortunately, ask them directly to remove a review. 

Yelp has instituted a policy that flags the pages of businesses who try to threaten legal action against those who leave negative reviews. Most review sites are similarly concerned with protecting their users’ right to free speech, and so businesses can be flagged or even banned from the site if they directly ask for the removal of a review. 

Patients today have access to more information about healthcare providers than ever before. Whereas in the past they may have simply asked a friend or family member for a recommendation, they can now go online to see reviews from many existing patients when deciding which provider to see. That’s why it’s important that you take a proactive stance in managing your online reputation, all while adhering to the guidelines of HIPAA in the process. 

If you're looking for help managing your reviews, we can help! Give us a call today.

News & Insights

Let's get started.

Every great partnership starts with that first email, phone call, or meeting. So what are you waiting for? Simplified local marketing is just a hop, skip and a click away.