How to manage online reviews and stay HIPAA compliant

If you’re not careful, doctors, dentists, and other health professionals can get into hot water when it comes to HIPAA compliance and online reviews. Yes, you have to be HIPAA compliant in responding to online reviews!

According to the Yale School of Medicine, one plastic surgery shop in St. Louis posted before-and-after photographs on the Internet of thirty patients who had undergone breast augmentation surgeries. “Though their faces were obscured, the patients sued for negligence when they discovered that the pictures included identifying information, and that the site could be located simply by searching for the patients’ names.”


Fortunately, HIPAA regulations tend to help prevent such horror stories from happening. But HIPAA expert Dr. Danika Brinda reminds us that HIPAA came from a pre-online-review world.

How do health professionals and medical businesses respond to online reviews and stay HIPAA compliant?

Manage all your reviews for multiple sites and get more reviews from your happiest patients with Womply Reputation Management. Learn more, plus get free reputation monitoring and customer insights when you sign up for Womply Free! 

In this post, we’ll explain why it’s worth it for health professionals to respond to online reviews. We’ll also lay out some safe ways to write responses without compromising patient privacy.

Why bother? Is responding to online reviews worth it?

It’s no secret that online reviews matter to local businesses. Lakes of data and studies have shown that 9 out of 10 customers typically research before they buy, including 77% of patients searching for a trusted doctor.

So, having a presence on review sites, listings, and local directories is critical for being found and attracting new customers and patients. And the good news is, most of the time, at least for Yelp, reviews are positive.

But is just having reviews enough? Does responding to reviews make a difference?

One online reputation company published a study to answer this question and found that 78 percent of consumers say that seeing management respond to online reviews makes them believe that the business cares more about them.

In the same way, HIPAA compliant organizations have no excuse not to respond to reviews. In one Software Advice survey of how patients use online reviews, the majority of respondents (65%) felt it was “very” or “moderately important” for doctors to post a response.

But it’s tricky. Let’s look at ways you can interact with customers online without violating health laws.

How to respond to reviews and stay HIPAA compliant: 3 Don’ts and 3 Do’s


Don’t use language that indicates the patient even visited your local business premises.


  • A patient writes: “I had a wonderful experience seeing [doctor’s name].”
  • A non-compliant response would sound as innocent as: “Thank you, [patient’s name], for coming into our office yesterday.”
  • This is a violation of the patient’s personal privacy.

Don’t use any details or specifics, even if the patient mentions them in their own review.


  • A patient lauds: “My migraines are feeling much better thanks to [doctor’s name].”
  • A response like this would trigger a legal event: “We’re so glad! Remember to keep taking your Floricet oral twice a day!”
  • *Facepalm* Please, please, avoid giving detailed information out online, especially with patient prescriptions.

Don’t argue with negative reviews or egg on further online discussion.


  • A patient complains in a review: “The receptionist was rude. I’m never coming back.”
  • Digging in like this is asking for a court case:  “Sorry to hear this. Could you elaborate on the behavior of the receptionist?”
  • Oy vey. Should the patient respond would imminently result in apocalyptic disaster for your practice. Avoid unnecessary solicitation from your patients outside of a medical appointment.


Do respond. Full stop. For the sake of your reputation and revenue, take the first step and write a professional, cordial response.


  • A patient effuses in a review: “I didn’t appreciate how rushed the appointment felt.”
  • It might not have felt rushed to you, but a response like this would go a long way: “Thank you for your review. Per our policy, we try our best to see patients as efficiently as possible without sacrificing our commitment to provide quality health care.”

Do keep things general and policy-based.


  • A patient praises: “My skin rash is gone. Dr. [name]’s advice and treatment worked!”
  • Do not address the specific issue. Instead respond like this: “Thank you for your kind words. Our practice strives to perform at the highest standards of our policy to provide quality medical services.”
  • It might sound lame compared to a restaurant or hotel owner’s response, but it’s better than getting sued.

Do offer to take the conversation offline.


  • A patient writes about a terrible experience: “Your recommendation didn’t work. My back pain is worse now.”
  • Contain the incident and provide a clear next step: “We’re sorry to hear about the pain you’re experiencing and we’d love to help. It is our policy to protect patient information and discuss important matters offline. Please call us at [888-888-8888] so that we can help right away.”
  • Review sites are not the place to defend oneself. The best and safest action is to take the conversation offline.

If you take one lesson away from this article it’s this: HIPAA compliant businesses should respond to reviews if they want to succeed in today’s digital and smart-patient world. Remember these recommendations as you write your responses and your customers will be both pleased and protected.


How to claim your listing on Nextdoor (step-by-step walkthrough!)

In this 4-minute read: How-to guide for claiming your Nextdoor business page Nextdoor is a social networking service for neighborhoods […]

Read More

Social media for small business in a post-election vacuum (fun ideas and tips!)

In this 7-minute read: Fun content ideas for social media platforms like Facebook and Instagram How to come up with […]

Read More

How to get feedback from the 90 percent of users who don’t post reviews online

In today’s world of social media and online reviews, it can sometimes feel like everyone has an opinion to share. […]

Read More

How to help customers feel comfortable using local services during a pandemic

In this 5-minute read: 9 tips to ease your customers’ fears during COVID As the pandemic continues to loom over […]

Read More

Can I list services on Facebook Marketplace? (tips to get noticed)

In this 6-minute read: Is listing services on Facebook Marketplace allowed? Selling products on Facebook Marketplace Facebook Marketplace is becoming […]

Read More

When 3rd-party delivery is half your restaurant business, how do you get feedback?

In this 5-minute read: Use your 3rd-party delivery service app’s tools Send a survey link on a handout or packaging […]

Read More

See why Womply is the #1 marketing and CRM solution used by 500,000+ businesses.

Please start typing, and then choose your business from the dropdown.

By submitting this form you agree to Womply’s Terms of Service.