HIPAA-compliant responses to 3 of the most common types of reviews
Back to Blog

How to respond to the 3 most common types of patient reviews (while remaining HIPAA compliant)

Navigating online reviews can be uniquely challenging to physicians, who have to contend with being responsive, showing compassion, and adhering to HIPAA regulations all at once. It’s important to develop HIPAA-compliant responses so you don’t inadvertently violate patient confidentiality and risk thousands of dollars in fines.

Online reviews are playing an increasingly important role in patients’ decision-making process, as 94% search for and read reviews before selecting a doctor. Why is responding so important? It shows you listen to patient feedback, humanizes your practice, and even helps turn negative sentiment around. A simple thank you or invitation to reach out offline can go a long way in engaging your patient base.

As a longtime leader in reputation management for the healthcare industry, Doctor.com has vast expertise with reviews, and we’ve come across almost every kind imaginable. Below, we’ve outlined the three most common types you’ll encounter in the healthcare sphere as well as HIPAA-compliant responses to each.

>> Related webinar: 6 ways to embrace digital trends while remaining HIPAA compliant

The good

A ringing endorsement in the form of an online review can really put a smile on your face. And you may find it reassuring to know that sentiment tends to tilt positively in patient reviews.

While you might be tempted to leave a good review alone, it’s important to respond to happy patients. They’re a critical base for your practice, likely to recommend your practice to others in their social circles as well as visit your practice again (and again and again). Use a positive review as an opportunity to show appreciation, engage a happy customer, and demonstrate to prospective patients that you listen to — and care about — feedback.

Patient review: “I found this practice about a year ago when I had a medical emergency. It’s since become the only place I go to for my eyes. The front office employees are on top of it, and the doctor is totally professional and attentive. She explains everything thoroughly and makes me feel like she really cares about my eye health and vision.”

What not to say: “It is my pleasure to be your doctor! Thank you for taking the time to write a review, and I look forward to seeing you at your next appointment.”  

Why not: At face value, this response seems innocuous — even cordial! But all HIPAA-compliant responses never confirm that a reviewer is a patient. Even if the author of the review self-identifies as someone who regularly visits your practice, your response must avoid language that corroborates their statement. 

Instead, try: “Thank you for sharing your feedback! I strive to provide the best possible care to every patient, and I always enjoy reading about a good experience.” 

>> Related read: The 3 types of patients that write online reviews

The bad 

It’s hard not to take a negative review personally. But getting a less-than-rave review from time to time is inevitable — for professionals in any sector. Take heart in knowing that most negative reviews for doctors or practices are about customer service issues — like parking, physician availability, wait times, billing snafus, and other things outside of the care provided.

Though the words might sting, remember to never lash out at someone who makes disparaging remarks on the internet. Simply acknowledge the patient’s frustration, offer to take the conversation offline, and move on.

Patient review: “Totally unprofessional! Doctors are surly, inattentive, and rushed when they finally get around to seeing you. What should have been a quick check-up took me more than an hour.” 

What not to say: “Hi Jenny, we did our best to accommodate you after you were late to your appointment, but our dermatologists had other patients to see, which is why you were waiting for a few minutes. In the future, please call our office if you won’t be able to keep your appointment time, and we will try to reschedule you.” 

Why not: In light of patient error, the urge to defend your practice can run high. But this review clearly violates HIPAA by not only confirming the author is a patient, but it also reveals additional information about the appointment that wasn’t in the original review. 

Instead, try: “Thank you for taking the time to provide feedback. We strive to make each patient’s experience exceptional, and it pains us to hear if we fall short of a patient’s expectations. Please call our office at (917) 555-6829 to discuss this matter further.” 

The good news? Having one or two negative reviews actually makes patients like you more. In fact, 95% don’t trust the credibility of a doctor’s profile if it has no negative reviews. For prospective patients reading through online feedback, a negative review here and there makes you seem more authentic and your profiles less, well, doctored.

>> Related read: Mastering reviews to become a 5-star practice 

The ugly 

The most unfortunate product of the digital age is the rise of so-called “trolls.” They are loud, they are vocal, and they don’t listen to reasoning as they try to sabotage someone’s credibility online. They are a burden across all industries, and, thankfully, in healthcare, they are also few and far between. But from time to time, a disgruntled former patient — even someone who has never been a patient at all! — might try to drag your reputation through the mud.

Patient review: “A total crook! I’m surprised this ‘doctor’ didn’t flunk out of medical school! Stay far away unless you like being scammed by con artists who are just after your money!” 

What not to say: “I prescribed you a topical cream and requested you schedule an appointment two weeks later, but I can’t help you if you don’t follow medical advice.”

Why not: One obvious HIPAA violation is that this review divulges more knowledge about the reviewer than was revealed in the original post. Never disclose any medical information about a patient, like the procedures they underwent or treatments they had done. Keep in mind that this even applies to anonymous review sites where patients don’t use full or real names. 

Instead, try: Nothing. Nothing at all! But if the good outweighs the bad, an overwhelming majority of prospective patients can see through blatant attempts to damage your standing as a healthcare provider, and they won’t put too much stock in the rare jaded patient with a warped view of your practice. If you truly feel compelled to respond, simply offer to take the conversation offline. 

Another avenue is to contact the review website directly, as most will remove fake reviews or those written in bad faith. Never ask someone directly to take down a negative review — that violates the policies of sites like Google and could result in a warning issued on your page, freezing your profiles, or kicking you off the platform entirely.

Quick tips to develop HIPAA-compliant responses: 

  • Keep language generic.
  • Be polite but brief.
  • Thank patients who leave feedback.
  • Restate policies or your practice philosophy.
  • Offer to resolve the issue offline.

Though HIPAA was introduced in the midst of the dot-com boom, there’s no way it could have predicted how drastically the online landscape would change in just a few short decades. But its rules still apply, and it’s the providers’ responsibility to stay up to date. Doctors need to deliver HIPAA-compliant responses to reviews as they tackle the slew of new digital tools that let them communicate with patients and broadcast information on the web. This not only keeps your patients happy, but it will help you avoid costly fines in the future.

Related Articles

Ready to Get Started?

Book a Demo