How to manage online reviews and stay HIPAA compliant

If you’re not careful, doctors, dentists, and other health professionals can get into hot water when it comes to HIPAA compliance and online reviews. Yes, you have to be HIPAA compliant in responding to online reviews!

According to the Yale School of Medicine, one plastic surgery shop in St. Louis posted before-and-after photographs on the Internet of thirty patients who had undergone breast augmentation surgeries. “Though their faces were obscured, the patients sued for negligence when they discovered that the pictures included identifying information, and that the site could be located simply by searching for the patients’ names.”


Fortunately, HIPAA regulations tend to help prevent such horror stories from happening. But HIPAA expert Dr. Danika Brinda reminds us that HIPAA came from a pre-online-review world.

How do health professionals and medical businesses respond to online reviews and stay HIPAA compliant?

Manage all your reviews for multiple sites and get more reviews from your happiest patients with Womply Reputation Management. Get a free demo

In this post, we’ll explain why it’s worth it for health professionals to respond to online reviews. We’ll also lay out some safe ways to write responses without compromising patient privacy.

Why bother? Is responding to online reviews worth it?

It’s no secret that online reviews matter to local businesses. Lakes of data and studies have shown that 9 out of 10 customers typically research before they buy, including 77% of patients searching for a trusted doctor.

So, having a presence on review sites, listings, and local directories is critical for being found and attracting new customers and patients. And the good news is, most of the time, at least for Yelp, reviews are positive.

But is just having reviews enough? Does responding to reviews make a difference?

One online reputation company published a study to answer this question and found that 78 percent of consumers say that seeing management respond to online reviews makes them believe that the business cares more about them.

In the same way, HIPAA compliant organizations have no excuse not to respond to reviews. In one Software Advice survey of how patients use online reviews, the majority of respondents (65%) felt it was “very” or “moderately important” for doctors to post a response.

But it’s tricky. Let’s look at ways you can interact with customers online without violating health laws.

How to respond to reviews and stay HIPAA compliant: 3 Don’ts and 3 Do’s


Don’t use language that indicates the patient even visited your local business premises.


  • A patient writes: “I had a wonderful experience seeing [doctor’s name].”
  • A non-compliant response would sound as innocent as: “Thank you, [patient’s name], for coming into our office yesterday.”
  • This is a violation of the patient’s personal privacy.

Don’t use any details or specifics, even if the patient mentions them in their own review.


  • A patient lauds: “My migraines are feeling much better thanks to [doctor’s name].”
  • A response like this would trigger a legal event: “We’re so glad! Remember to keep taking your Floricet oral twice a day!”
  • *Facepalm* Please, please, avoid giving detailed information out online, especially with patient prescriptions.

Don’t argue with negative reviews or egg on further online discussion.


  • A patient complains in a review: “The receptionist was rude. I’m never coming back.”
  • Digging in like this is asking for a court case:  “Sorry to hear this. Could you elaborate on the behavior of the receptionist?”
  • Oy vey. Should the patient respond would imminently result in apocalyptic disaster for your practice. Avoid unnecessary solicitation from your patients outside of a medical appointment.


Do respond. Full stop. For the sake of your reputation and revenue, take the first step and write a professional, cordial response.


  • A patient effuses in a review: “I didn’t appreciate how rushed the appointment felt.”
  • It might not have felt rushed to you, but a response like this would go a long way: “Thank you for your review. Per our policy, we try our best to see patients as efficiently as possible without sacrificing our commitment to provide quality health care.”

Do keep things general and policy-based.


  • A patient praises: “My skin rash is gone. Dr. [name]’s advice and treatment worked!”
  • Do not address the specific issue. Instead respond like this: “Thank you for your kind words. Our practice strives to perform at the highest standards of our policy to provide quality medical services.”
  • It might sound lame compared to a restaurant or hotel owner’s response, but it’s better than getting sued.

Do offer to take the conversation offline.


  • A patient writes about a terrible experience: “Your recommendation didn’t work. My back pain is worse now.”
  • Contain the incident and provide a clear next step: “We’re sorry to hear about the pain you’re experiencing and we’d love to help. It is our policy to protect patient information and discuss important matters offline. Please call us at [888-888-8888] so that we can help right away.”
  • Review sites are not the place to defend oneself. The best and safest action is to take the conversation offline.

If you take one lesson away from this article it’s this: HIPAA compliant businesses should respond to reviews if they want to succeed in today’s digital and smart-patient world. Remember these recommendations as you write your responses and your customers will be both pleased and protected.


How to find the best credit card processor for your small business

In this 5-minute read: How to determine the best credit card processor for your unique needs Flat rate vs. “interchange […]

Read More

The PPP is being extended! New application deadline is August 8, 2020

In this 2-minute read: The PPP application deadline is being extended to 8/8/2020 No other rules have been changed The […]

Read More

How much do local businesses like supermarkets, restaurants, bars, and more make during the 4th of July?

In this article: Do local businesses make more money on the 4th of July? The day before the 4th is […]

Read More

What are some alternative ways to accept credit cards?

In this 5-minute read: PayPal Etsy and eBay Cash advances Alternatives to traditional credit card processing Why you should consider […]

Read More

Top 5 ways payments has changed in the last 10 years

In this 7-minute read: Top payments innovators and disruptors over the past decade Square, Stripe, etc. EMV/chip card adoption in […]

Read More

Credit card processing fees: what small businesses need to know

In this 9-minute read: What things affect credit card processing fees? What types of fees and rates are available to […]

Read More

See why Womply is the #1 marketing and CRM solution used by 450,000+ businesses.

By submitting this form you agree to Womply’s Services Agreement