Doctor checking charts

Are You HIPAA Compliant with Your Online Review Response?

Healthcare as an industry is currently undergoing a shift, and chances are your marketing strategies have too with more of a vision on becoming more patient-focused. The rapid growth of social media and online reviews has changed the way patients choose healthcare providers. Just like with the typical consumer, more patients are starting to use online reviews to compare physicians, health brands, and offices long before ever picking up the phone to schedule an appointment. Now more than ever, your online reputation is everything. 

Would you like to attract new patients? Maybe you want to increase your patient retention? You’re going to need to take measures to boost your online reputation and maintain a positive online presence. That means not only generating more reviews (good or bad) but also responding to your online reviews. Today more than ever, it is imperative to understand patients’ attitudes toward online reviews.

Online reputation management

Some Facts to Consider When Discussing Online Reviews and Responses

  • 65% of respondents indicated that it is essential for providers to respond publicly to patient reviews
  • 72% of consumers read online ratings and reviews to consider booking with a new healthcare provider
  • 72% also stated that they preferred choosing providers rated four out of five stars or higher
  • 55% of millennials polled preferred a provider because of their online reviews
  • 50% of participants read ten or more reviews, and 23% read 20 or more reviews
  • 60% of organic searches result in a conversion right in the Google experience. 

But did you know responding to reviews might make you non-compliant with HIPAA regulations? Now, not to scare you, that doesn’t mean you shouldn’t or can’t respond to reviews. After all, federal laws and regulations do not prohibit physicians or practices from responding to online patient reviews. In fact, unlike other businesses that respond to online reviews physicians and healthcare providers of all types are limited in how they are able to interact online with reviewers. The fact that online responses to reviews are indeed public means you fall under HIPAA compliance regulations when responding and could therefore be penalized for violating these guidelines if you’re not careful—which is actually a much easier mistake to make than you might think.

Here are some interesting facts when taking HIPAA into account when responding to your office/providers online reviews:

That’s right. Even if the reviewer makes it abundantly clear that they are a patient, visited your office, or had some sort of contact with you and your staff – to remain compliant, it’s best to not acknowledge them as a patient and take a more indirect approach in responding. We will discuss this in a bit.

This was sort of covered in the previous and is also probably one you are very familiar with. But even if the reviewer gives details of their visit, treatment, etc. your best bet is to, again, have an indirect approach and not replay in a way that leaves you vulnerable to non-compliance

So as a healthcare provider, what are you supposed to do? How do you properly respond to reviews? Here are 5 tips to help you stay HIPAA compliant:

Never acknowledge that the reviewer was a patient

The reviewer may identify themselves as a patient, but the provider or organization may not confirm that they were a patient. Never use the reviewer’s name in your answer, and never respond with information that would reveal why they sought care or discussed financial information. You may not use the fact that you never referred to the patient as a defense—there are 18 identifiers protected by HIPAA, including dates of service and geographic info. It is also a HIPAA disclosure if indirect identifiers are released in combination with other information, potentially identifying the individual

Thank them for their feedback

Any feedback is valuable. Patient comments in online reviews and social posts may help identify operational problems or help staff be more friendly, helpful, and effective. Thank people for their comments—whether they are good or bad.

Take it offline. Not to the DMs.

It is essential to provide people with the chance to express themselves, but organizations need to refrain from doing so online. Even though private messages may seem private, these messages are still subject to HIPAA and may not contain any PHI whatsoever. These conversations are best left for phone calls or in-person meetings. You can even request that the reviewer contact you or your office in your response. In turn, email may be a viable source so long as permission was given by the patient

Be professional and courteous

It’s crucial to thank the reviewer whether the review is positive or negative for taking the time to provide their thoughts. Patients will see that you value feedback and want to improve the clinic by being polite, even to negative reviews.

Discuss brand, goals, and/or policy

Responding to an online review is an optimal time for you to increase your brand messaging. Don’t just address the complaint or compliment directly, rather, discuss your company objectives, policies, or goals the company has to better the patient experience and how their feedback helps to obtain that goal 

BONUS TIP: Have a number of response templates pre-approved and ready to use. This will make the process of responding smooth, easy, and HIPAA compliant

Now that we have covered some of the do’s and do nots, let’s look at some examples of responses that can keep you HIPAA compliant and your patients both current and those to come impressed. Feel free to use these in your current online reputation management plan!

Responses to Positive Reviews

  • Thank you for your review. We strive to provide high-quality care.
  • Thank you for taking time out of your day to share those kind words. Our goal is to provide high-quality care, so your feedback is appreciated.
  • Thank you for your kind words!
  • “We strive to make visits enjoyable for all patients!”


Responses to Negative Reviews

  • Our goal is to provide high-quality care, so your feedback is appreciated. Please call us at [phone number] or email us at [email address] so we can learn more.
  • We deeply regret the inconvenience. Please call us at [phone number] or email us at [email address] so we can learn more.
  • “Our goal is always to be extremely clear with our patients. That’s why we offer detailed instructions, and also print take-home instructions and even text them after appointments.”
  • We sincerely apologize for your recent experience. Please call us at [phone number] so we can ensure a better experience next time. Thank you for your comments.
  • “We’d love to talk about this further—contact our office manager at XXX-XXX-XXXX.”
  • “We know our patient’s time is valuable! Our goal is to see patients at the time of the appointment.”


You will notice with these examples, that they are brief and to the point but do not lead anyone to believe that the person leaving teh review is a patient. They dont directly address them by name, refer to their visit directly, or include any sort of identifying information. 

I want to reiterate that this article is to help educate you on something that is not necessarily widely known, not to scare you out of responding to your patient’s reviews. I cannot convey how extremely important engaging with your audience is via their feedback online. If you have a habit of responding to your patients reviews, that’s great! Youre not alone if they didn’t fall under the guidelines of being HIPAA compliant, the good news is that there is likely still time to go back and edit the responses you or your office may have made.

It’s important to make it a habit of engaging with your patients online in order to maintain a good reputation and higher level of care at your practice. Monitoring your reviews online – positive or negative – is crucial and doing so in a way that protects your patient’s privacy by following guidelines set out by HIPAA is imperative. 

If you’re just getting started managing your online reputation within your organization, you may want to respond to older reviews, especially negative ones. If you do, make sure to acknowledge issues and let the reviewers know you appreciated their feedback and how it is essential for your plan to improve the patient experience overall.

And don’t worry, with some effort, and a well-organized plan you can accomplish this.  CollatinCreative is here to help you. Whether your goal is patient retention, attracting new patients, or enhancing the experience your patients have within your office, we can help you. 

To learn more, please contact us to discuss a plan that’s right for you.  Click Here to Contact

Share to Your Socials

Want To Talk?

Fancy a chat about your needs? Pick a date and time that is best for you and we will contact you

©2022. CollatinCreative. All Rights Reserved.