Don’t Let HIPAA Scare You From Responding to Patient Reviews

Don't Let HIPAA Scare You From Responding to Patient Reviews

Responding to online reviews is now standard practice for businesses. By not doing so, businesses risk losing credibility with consumers and, more importantly, revenue.

However, for healthcare providers, responding to patient reviews can be challenging. This is due to the possibility of revealing a patient’s protected health information (PHI), which is a key component of the HIPAA Privacy Rule. Those that break this rule face financial penalties, license censure and possible litigation.

But fear of violating HIPAA should not deter medical practitioners from engaging with their patients online. It’s not as difficult as you think and this post will outline some tips for responding to patient reviews while complying with HIPAA. If you aren’t doing this, your competition surely is – winning the battle for new patients.

Physicians are Found Online

When looking for a new doctor or dentist, consumers are turning to the web. A trend that is supported by studies that show that 72% of patients use online reviews as their first step in finding a new doctor. And, that 85% of consumers trust online reviews as much as a personal recommendation.

This is a situation that healthcare providers cannot afford to ignore. Further, medical practitioners must also respond to feedback from their customers. Engaging with customers online is expected and has many benefits. Not only does it demonstrate that you care for that customer’s concern, it also enhances your brand reputation in the eyes of those that read your responses. In an increasingly competitive environment, this is critical to both retain and attract more patients.


Before you start responding to patient reviews, make sure you have a good understanding of HIPAA (Health Insurance Portability and Accountability Act) and PHI (Protected Health Information). Essentially, PHI is a subset of the HIPAA rule. HIPAA was created to “publicize standards for the electronic exchange, privacy and security of health information”.

PHI covers what is called “individually identifiable health information”. This includes the patient’s medical history and their contact information (name, address, phone number, SSN, email), diagnoses and treatment.

Responding to Patient Reviews

Below are two examples of HIPAA compliant responses for both a negative and positive patient review.

1. Negative Patient Review:

Negative Patient Review and HIPAA Compliant Response

2. Positive Patient Review:

PositivePatient Review and HIPAA Compliant Response

In both examples you will notice the replies are brief and the tone is respectful. Below are more tips for successfully responding to patient reviews.

Move the Conversation Offline

As with responding to any online review, you should ideally respond once. Your reply should include a direct contact method – preferably a person’s name and cell phone number – for the customer to call to resolve the situation over the phone or in person.

Respond “Generically”

When writing replies to patient reviews, be brief and steer clear of wording that could confirm they are a patient. The point here is to make an effort to show you care for the patient by acknowledging their concerns without revealing PHI.

Sharing Patient Reviews

When a business gets reviews, a good strategy is to amplify them by sharing them on your website and social media accounts. Those in the healthcare industry should audit customer comments to make sure these reviews are HIPAA complaint before sharing.

Respond Privately

If you feel you cannot respond to a patient review without violating HIPAA, then don’t. In some instances, the subject matter will make it impossible not to reveal PHI. You should contact the patient directly in these cases to resolve their issue.


The competition for patients is fierce, and consumers are researching the web to find their healthcare providers. The facts are that consumers read patient reviews, trust patient reviews and expect you to actively engage with them online. Of course, your practice should be wary of being HIPAA compliant, but don’t let this prevent you from responding to patient reviews. Proactive online review management should be a key part of every healthcare provider’s marketing strategy.

ReviewIgnite can help medical practitioners manage their online reputation to help you improve your reputation and increase revenue. Please contact us to schedule a free demo of our online review dashboard.

Request a Demo