How to manage online reviews and stay HIPAA compliant

77% of consumers do online research before selecting a physician, so it pays to take control of your practice's online business reputation. 

77% of consumers do online research before selecting a physician, so it pays to take control of your practice's online business reputation. 

If you’re not careful, doctors, dentists, and other health professionals can get into hot water when it comes to HIPAA compliance and online reviews.

According to the Yale School of Medicine, one plastic surgery shop in St. Louis posted before-and-after photographs on the Internet of thirty patients who had undergone breast augmentation surgeries. “Though their faces were obscured, the patients sued for negligence when they discovered that the pictures included identifying information, and that the site could be located simply by searching for the patients’ names.”

Yikes.

Fortunately, HIPAA regulations tend to help prevent such horror stories from happening. But HIPAA expert Dr. Danika Brinda reminds us that HIPAA came from a pre-online-review world.

How do health professionals and medical businesses respond to online reviews and stay HIPAA compliant?

In this post, we’ll explain why it’s worth it for health professionals to respond to online reviews. We’ll also lay out some safe ways to write responses without compromising patient privacy.

Why bother? Is responding to online reviews worth it?

It’s no secret that online reviews matter to local businesses. Lakes of data and studies have shown that 9 out of 10 customers typically research before they buy, including 77% of patients searching for a trusted doctor.

So, having a presence on review sites, listings, and local directories is critical for being found and attracting new customers and patients. And the good news is, most of the time, at least for Yelp, reviews are positive.

But is just having reviews enough? Does responding to reviews make a difference?

One online reputation company published a study to answer this question and found that 78 percent of consumers say that seeing management respond to online reviews makes them believe that the business cares more about them.

In the same way, HIPAA compliant organizations have no excuse not to respond to reviews. In one Software Advice survey of how patients use online reviews, the majority of respondents (65%) felt it was “very” or “moderately important” for doctors to post a response.

But it’s tricky. Let’s look at ways you can interact with customers online without violating health laws.

How to respond to reviews and stay HIPAA compliant: 3 Don’ts and 3 Do’s

Don’ts

Don’t use language that indicates the patient even visited your local business premises.

Example:

  • A patient writes: “I had a wonderful experience seeing [doctor’s name].”
  • A non-compliant response would sound as innocent as: “Thank you, [patient’s name], for coming into our office yesterday.”
  • This is a violation of the patient’s personal privacy.

Don’t use any details or specifics, even if the patient mentions them in their own review.

Example:

  • A patient lauds: “My migraines are feeling much better thanks to [doctor’s name].”
  • A response like this would trigger a legal event: “We’re so glad! Remember to keep taking your Floricet oral twice a day!”
  • *Facepalm* Please, please, avoid giving detailed information out online, especially with patient prescriptions.

Don’t argue with negative reviews or egg on further online discussion.

Example:

  • A patient complains in a review: “The receptionist was rude. I’m never coming back.”
  • Digging in like this is asking for a court case:  “Sorry to hear this. Could you elaborate on the behavior of the receptionist?”
  • Oy vey. Should the patient respond would imminently result in apocalyptic disaster for your practice. Avoid unnecessary solicitation from your patients outside of a medical appointment.

Do’s

Do respond. Full stop. For the sake of your reputation and revenue, take the first step and write a professional, cordial response.

Example:

  • A patient effuses in a review: “I didn’t appreciate how rushed the appointment felt.”
  • It might not have felt rushed to you, but a response like this would go a long way: “Thank you for your review. Per our policy, we try our best to see patients as efficiently as possible without sacrificing our commitment to provide quality health care.”

Do keep things general and policy-based.

Example:

  • A patient praises: “My skin rash is gone. Dr. [name]’s advice and treatment worked!”
  • Do not address the specific issue. Instead respond like this: “Thank you for your kind words. Our practice strives to perform at the highest standards of our policy to provide quality medical services.”
  • It might sound lame compared to a restaurant or hotel owner’s response, but it’s better than getting sued.

Do offer to take the conversation offline.

Example:

  • A patient writes about a terrible experience: “Your recommendation didn’t work. My back pain is worse now.”
  • Contain the incident and provide a clear next step: “We’re sorry to hear about the pain you’re experiencing and we’d love to help. It is our policy to protect patient information and discuss important matters offline. Please call us at [888-888-8888] so that we can help right away.”
  • Review sites are not the place to defend oneself. The best and safest action is to take the conversation offline.

If you take one lesson away from this article it’s this: HIPAA compliant businesses should respond to reviews if they want to succeed in today’s digital and smart-patient world. Remember these recommendations as you write your responses and your customers will be both pleased and protected.