How to manage online reviews and stay HIPAA compliant

If you’re not careful, doctors, dentists, and other health professionals can get into hot water when it comes to HIPAA compliance and online reviews. Yes, you have to be HIPAA compliant in responding to online reviews!

According to the Yale School of Medicine, one plastic surgery shop in St. Louis posted before-and-after photographs on the Internet of thirty patients who had undergone breast augmentation surgeries. “Though their faces were obscured, the patients sued for negligence when they discovered that the pictures included identifying information, and that the site could be located simply by searching for the patients’ names.”


Fortunately, HIPAA regulations tend to help prevent such horror stories from happening. But HIPAA expert Dr. Danika Brinda reminds us that HIPAA came from a pre-online-review world.

How do health professionals and medical businesses respond to online reviews and stay HIPAA compliant?

Manage all your reviews for multiple sites and get more reviews from your happiest patients with Womply Reputation Management. Learn more, plus get free reputation monitoring and customer insights when you sign up for Womply Free! 

In this post, we’ll explain why it’s worth it for health professionals to respond to online reviews. We’ll also lay out some safe ways to write responses without compromising patient privacy.

Why bother? Is responding to online reviews worth it?

It’s no secret that online reviews matter to local businesses. Lakes of data and studies have shown that 9 out of 10 customers typically research before they buy, including 77% of patients searching for a trusted doctor.

So, having a presence on review sites, listings, and local directories is critical for being found and attracting new customers and patients. And the good news is, most of the time, at least for Yelp, reviews are positive.

But is just having reviews enough? Does responding to reviews make a difference?

One online reputation company published a study to answer this question and found that 78 percent of consumers say that seeing management respond to online reviews makes them believe that the business cares more about them.

In the same way, HIPAA compliant organizations have no excuse not to respond to reviews. In one Software Advice survey of how patients use online reviews, the majority of respondents (65%) felt it was “very” or “moderately important” for doctors to post a response.

But it’s tricky. Let’s look at ways you can interact with customers online without violating health laws.

How to respond to reviews and stay HIPAA compliant: 3 Don’ts and 3 Do’s


Don’t use language that indicates the patient even visited your local business premises.


  • A patient writes: “I had a wonderful experience seeing [doctor’s name].”
  • A non-compliant response would sound as innocent as: “Thank you, [patient’s name], for coming into our office yesterday.”
  • This is a violation of the patient’s personal privacy.

Don’t use any details or specifics, even if the patient mentions them in their own review.


  • A patient lauds: “My migraines are feeling much better thanks to [doctor’s name].”
  • A response like this would trigger a legal event: “We’re so glad! Remember to keep taking your Floricet oral twice a day!”
  • *Facepalm* Please, please, avoid giving detailed information out online, especially with patient prescriptions.

Don’t argue with negative reviews or egg on further online discussion.


  • A patient complains in a review: “The receptionist was rude. I’m never coming back.”
  • Digging in like this is asking for a court case:  “Sorry to hear this. Could you elaborate on the behavior of the receptionist?”
  • Oy vey. Should the patient respond would imminently result in apocalyptic disaster for your practice. Avoid unnecessary solicitation from your patients outside of a medical appointment.


Do respond. Full stop. For the sake of your reputation and revenue, take the first step and write a professional, cordial response.


  • A patient effuses in a review: “I didn’t appreciate how rushed the appointment felt.”
  • It might not have felt rushed to you, but a response like this would go a long way: “Thank you for your review. Per our policy, we try our best to see patients as efficiently as possible without sacrificing our commitment to provide quality health care.”

Do keep things general and policy-based.


  • A patient praises: “My skin rash is gone. Dr. [name]’s advice and treatment worked!”
  • Do not address the specific issue. Instead respond like this: “Thank you for your kind words. Our practice strives to perform at the highest standards of our policy to provide quality medical services.”
  • It might sound lame compared to a restaurant or hotel owner’s response, but it’s better than getting sued.

Do offer to take the conversation offline.


  • A patient writes about a terrible experience: “Your recommendation didn’t work. My back pain is worse now.”
  • Contain the incident and provide a clear next step: “We’re sorry to hear about the pain you’re experiencing and we’d love to help. It is our policy to protect patient information and discuss important matters offline. Please call us at [888-888-8888] so that we can help right away.”
  • Review sites are not the place to defend oneself. The best and safest action is to take the conversation offline.

If you take one lesson away from this article it’s this: HIPAA compliant businesses should respond to reviews if they want to succeed in today’s digital and smart-patient world. Remember these recommendations as you write your responses and your customers will be both pleased and protected.


How to change business name on facebook (walkthrough for desktop and mobile)

In this how-to article we’ll cover the main reasons to change your business name on Facebook, how to change your […]

Read More

14 best freelancing sites (plus tips for starting your freelance career in 2021)

What are the best freelancing sites and platforms to get you started in your freelance work? Let’s have a close […]

Read More

Best lead generation websites for contractors and freelancers

In this 8-minute read, we’ll go over the best lead generation websites for contractors and freelancers, discuss what is a […]

Read More

13 best freelance jobs for 2021 (and tips to get started)

In this 10-minute read: What is freelancing or freelance work? Best freelance jobs for highest pay Top freelance jobs that […]

Read More

41 small town business ideas that thrive

Small towns offer more business opportunities than you might think. A lower population size is one drawback in exchange for […]

Read More

How to spot fake Instagram followers, profiles, reviews (and how to report them)

In this 7-minute read: Do the Instagram accounts you follow have fake followers? Are you following fake Instagram accounts? Why […]

Read More

See why Womply is the #1 marketing and CRM solution used by 500,000+ businesses.

Please start typing, and then choose your business from the dropdown.

By submitting this form you agree to Womply’s Terms of Service and Privacy Policy.