How to Respond to Online Reviews While Maintaining HIPAA Compliance

Online reviews are vital to your dental practice’s sustained growth. 94% of patients search for and read reviews when deciding on a dentist. This trend is similar outside health industries but unlike small and medium-sized businesses, dental practices have to put in more effort to protect their patient’s privacy when responding to online reviews. The HIPAA guidelines exist to help you do this effectively. 

Regardless of the kind of reviews you receive - positive or negative - a good rule of thumb is to always respond to your reviews online. By responding to a review, you let prospective patients know that you are authentic and able to handle criticism when necessary. The challenge, however, is responding to online reviews while maintaining HIPAA-compliance.

When you respond to your online reviews with HIPAA-compliant responses, your prospective patients will see that you have professional and patient-focused values. They will put themselves in the shoes of the reviewer and observe how your dental practice’s policies will protect their privacy when they patronize your service. With HIPAA-compliant responses, you can avoid paying significant fines and damaging your reputation. 

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. The act was created to protect the privacy of patients by regulating the transmission and usage of their health records by health practitioners. It regulates how dentists interact with their patients both online and offline. 

Although the guidelines were created at the beginning of the dotcom era, they still apply to the digital tools we use today for communication and online reputation management. Dentists can pay up to $1.5 million in fines due to non-compliance with these guidelines. It doesn’t take much to make a mistake and be non-compliant. A seemingly courteous gesture such as mentioning your patient’s name or referencing the details of their appointment in your response to their online reviews can make you guilty of non-compliance. 

In this article, you will learn the dos and don’ts of responding to online reviews. By reading these tips, you will gain a better understanding of the HIPAA guidelines and know how to use them to your advantage.

Before we get into the nitty gritty, we’d like to make it abundantly clear that this is not legal advice and we would highly recommend that you speak to your lawyer(s) if you are unsure of what to do.

What you should not do when responding to online reviews

1. Don’t mention the patient’s name or appointment details. 

Naturally, when responding to a compliment or complaint, we tend to reply with specifics. In your HIPAA-compliant response, you have to do the exact opposite. The goal of the HIPAA is to protect your patient’s personal health information. This is also referred to as protected health information (PHI). 

PHI refers to any independently identifiable health information that is related to a patient’s past, present or future medical condition. It includes 18 identifiers such as names, email addresses, account numbers, dates and more. Any information that can be traced back to your patient should not appear in your response. 

Many at times, online reviews are not on private forums. They are usually on public platforms. You shouldn’t disclose your patient’s information to people who have no business knowing about it. Even if the patient includes their personal information in their reviews, do not repeat that information in your response. 

2. Do not make any reference to the patient’s medical issues or health records

Patients may get very descriptive and detailed in their online reviews but your response should always be short and simple. You will be violating the HIPAA guidelines if you make any references to your patient’s symptoms, medical condition or health records. In fact, in your response, you shouldn’t refer to the patient as your patient. Even if the patient mentions details about themselves, health condition or symptoms in their reviews, you should not repeat them in your response. 

It is easy to make these mistakes, especially when responding to a negative review. Later in this article, we will share ways to navigate negative reviews but the important thing to know is that any information that can be traced back to your patients should not be included in your responses. 

3. Do not respond emotionally

One common mistake is to respond to negative online reviews by being defensive and pointing out errors on the patient’s part. Although you might feel like you have to protect your dental practice’s reputation by addressing negative reviews this way, the reality is that these sorts of responses are a bad look for you and your dental practice. An emotional response isn’t professional and is very likely to be non-compliant with HIPAA guidelines. 

Negative reviews are bound to happen. As much as you might want to maintain a 5-star rating for your dental practice, there will always be patients who are not fully satisfied. Most times, their dissatisfaction isn’t related to the work you do. Instead, it might have more to do with waiting periods, parking or billing issues. It is unrealistic to think you wouldn’t get negative reviews now and then. Negative reviews make you and your dental practice seem more authentic to your prospective patients. You will get negative reviews but you should never respond to them emotionally.

4. Don’t share confidential information on social messaging platforms

Social messaging platforms tend to violate HIPAA’s compliance standards. These platforms may not have suitable technical safeguards in place. Even if the chat or message box is private, information shared via these platforms could be leaked to the public. If you are responding to a review, communicating with a patient or addressing a complaint using these platforms, do not share any confidential information. 

Remember that it is your responsibility to protect your patient’s privacy. Do not put their privacy at risk by trying to respond to online reviews or threads on social messaging platforms. Your dental practice should have a secure way of communicating and interacting with your patients that doesn’t include social messaging. If you do not have a system in place for doing this, contact one of our experts at Connect the Doc to learn more about our new messaging application. 

5. Don’t post patients’ pictures online

With the popularity of social media and smart media, it has never been so easy to capture and share pictures. It is easy to share information of any kind by taking a picture and sharing it with someone or posting it online. Pictures can also be used to promote brands, businesses and services. However, for dentists and dental practices, sharing the wrong pictures may risk violating HIPAA guidelines and disclose protected health information (PHI) of your patients. 

As beneficial as it might seem to promote your services, make a statement or respond to an online review using pictures of patients, do not post your patient’s pictures online. Even if your patient’s name and face are blurred out in the picture, do not post it. HIPAA only permits you to post pictures of your patients if you have received written consent from the patient to share it. That said, it is much safer to not do it at all. 

What you should do when responding to online reviews

1. Keep language simple and generic

Respond to your online reviews using simple and non-specific terms. Avoid making references to any specific information related to the patient, their appointment and health condition. Instead, use generic language and terms that reestablishes your dental practice as a patient-focused environment. 

Example: Thank you for taking the time to share your feedback. We strive to provide the best possible care for our patients. 

This HIPAA-compliant response does not disclose any information about the patient. More so, it doesn’t acknowledge the reviewer as a patient. Instead, it uses simple and non-specific language to address the reviewer’s comments.

2. Focus on your dental practice’s policies

When responding to your online reviews, keep the focus on the policies and measures that you have in place at your dental practice. Refer the reviewer to your practice’s standard of care and procedure. This shows that you care about your patients and have set guidelines to ensure they get the best care possible. 

Example: Thank you for taking the time to share your feedback. We strive to provide the best possible care for our patients. Our policy is to provide visitor’s parking permits to patients for the duration of their appointment. If a patient receives an unfair parking fine, we can work with them to resolve it. If you want to discuss further, please contact us at 444-444-4444.

This HIPAA-compliant response addresses the reviewer’s negative feedback by referring them back to the dental practice’s parking policy. It doesn’t disclose any information about the reviewer or their appointment. 

3. Always show appreciation

You should always show appreciation for any review you get - even if the review is negative. The reviewer took some time to leave feedback for your dental practice. This feedback could be beneficial to your online reputation management plan or the sustained growth of your dental practice. Online reviews can reveal things about your dental practice that you need to continue doing or need to improve on. 

Always begin a response to an online review with a show of appreciation. Your courteous response could go a long way to affirm current and prospective patients about your professionalism. It could also sway the minds of negative reviewers in your favor. Remember that behind every online review is a human being who is either happy or unhappy with their experience at your dental practice. Your reviewer is a human being so treat them as such. Don’t be quick to dismiss them or take their feedback for granted. 

4. Respond without being defensive 

If you receive a negative review, especially one that you know is either untrue or unfair, you may want to get defensive. Although this may seem like the right thing to do, it isn’t. Instead of being defensive, acknowledge the reviewer’s concerns, show appreciation for their feedback and refer them back to your policies. 

It is always better to respond to online reviews within a few days after they’ve been posted publicly. A quick response is important as it addresses the issues in negative reviews before many eyes can see them. Your response should be quick but not reactive or defensive. 

5. Take the conversation offline

If a negative review includes a critical issue that requires your attention to resolve the matter, take the conversation offline. Like we discussed earlier, start your response with a show of appreciation, refer the reviewer to your dental practice’s policies and invite them to give you a call to discuss the issue. This shows that you are willing to look further into the issue and have an open line of communication to resolve it.

Even if you know the reviewer personally and have their contact details, do not call the reviewer yourself. Let them call you. After speaking with them and resolving their issue, you can ask them to amend their negative review. If they agree to that, you would have killed two birds with one stone by simply inviting them to have the conversation offline.

Create an internal HIPAA compliance guideline

The steps we have discussed so far will help you respond wisely to your online reviews. By paying attention to these dos and don’ts, you ensure that you are complying with HIPAA guidelines. However, it is important that everyone else on your dental practice’ team understands HIPAA guidelines and can respond to online reviews.

You can do this by creating an internal HIPAA compliance policy for your team members. Your policy should include examples or templates of appropriate and HIPAA-compliant responses for all kinds of online reviews. You or anyone on your team can choose from this list of HIPAA-compliant responses when responding to online reviews. 

Reviews online, especially Google reviews, are the bedrock of your online reputation management plan. It is not enough to gather reviews, you have to know how to respond to them while protecting your patient’s privacy and complying with HIPAA guidelines. HIPAA-compliant responses boost your dental practice’s brand and online reputation. They help attract prospective patients to your dental practice.

Curious as to how to respond to a positive or negative review that you received?

Connect the Doc is an industry leader in online reputation management. We equip dentists and their dental practices with the tools and education they need to gather online reviews, respond appropriately to reviews and leverage reviews to meet their marketing goals. If you’d like to learn more about how you can get authentic and automatic reviews for your dental practice or how to respond to a specific review, request a demo today.

Disclaimer: The individuals who maintain this blog work at Connect the Doc. The information, comments and links posted on this blog do not constitute legal advice. No client relationship has been or will be formed by any communication(s) to, from or with the blog and/or the blogger. For legal advice, contact an attorney actively practicing in your jurisdiction. Do not send any confidential or privileged information to the blogger; neither Connect the Doc nor the blogger will assume any liability or responsibility for it. If you send any information, documents or materials to the blog, you give permission for the blogger to include them on or in the blog. No information, documents or materials you send to the blog will be considered confidential or privileged by Connect the Doc. Also, no such information, documents or materials will be returned to you. All decisions relating to the content belong to the blogger.