Responding to online reviews without violating HIPAA

Reviews are a vital part of your online reputation

There’s no doubt that, in today’s world, online reviews are a game-changer when it comes to whether or not people will trust you with their business. A best practice for when it comes to managing your online reputation is to always respond to the reviews you receive, both positive, and negative, but what happens when you are in the healthcare industry and HIPAA is a real concern of yours?

What is HIPAA and what does it protect?

HIPAA stands for the Health Insurance Portability and Accountability Act. It is a US law designed to provide privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers.

HIPAA is important for patients because it keeps their sensitive and personal information safe. It prohibits healthcare providers from disclosing any of a patient’s protected information without their express authorization, which means that posting any information that identifies or confirms someone as a patient is likely a violation of their rights under HIPAA, even if that patient posted a review about their experience as your patient.

In other words, carrying out a conversation or responding to an online review could easily result in a HIPAA violation, and there are some pretty steep financial penalties for breaking HIPAA.

How to respond to an online review without violating HIPAA

The first step towards managing your reviews is to know that you have them in the first place. With so many people relying on reviews to help them choose which business is even worth going to, it is more important than ever to stay on top of your online presence. Find a process that works for you to encourage, monitor, and interact with the reviews you receive, and make reputation management a part of your routine. You can get started by claiming your online profiles, which will make it easy to spot and manage your reviews. One simple way to start monitoring your online reputation, for free, is to claim your TRL listing today!

So, what happens after you’ve noticed a review come in? You have a few options for where to go from here:

  • Ignore
  • Respond
  • Grow

We’re going to break each of these options down for you a bit more so you can feel confident in handling whatever reviews come your way.

Ignore

If you are concerned about HIPAA, ignoring a review can feel like the safest option available. If you are unsure about how to safely navigate responding to a review, positive or negative, you might want to err on the side of caution and say nothing until you have crafted a response that is both safe and effective. Ignoring reviews is not generally recommended, as receiving a response, to both positive and negative reviews, shows the client that you care about them and their experience. One of the things people look for when browsing through reviews is to see if the business is engaged with its clientele. Ignoring reviews is a temporary fix, and is not a habit you should fall into.

Respond

If you are worried about violating HIPAA when responding to online reviews, we suggest starting out by having a template. First, you need to know what you can and can’t say, and then, you need to show your clients that you genuinely care about their experience.

Remember, you want to avoid posting any information that identifies or confirms someone as a patient, so saying something like “I am sorry you had to wait longer than anticipated before being seen,” is in violation of HIPAA, as is “I’m so glad you loved your experience with Dr. Mendoza!”

Even in the case of a positive review, you want to keep in mind that while writing in a public space, you cannot confirm or give details about anyone’s time as a patient.

When it comes to responding to a negative review, you could try something more like this:

“We strive to provide our patients with the best quality care and experience, and your feedback could help us improve. Please call our office at xxx-xxx-xxxx and we will make the time to personally address any concerns.”

With this, you have shown a personal investment in the experience of your patients; you have highlighted a value that you hope to uphold or have shown your patients the way you hope to be known; you have shown that you value feedback and are open to growth; you have shown future clients that you value online reviews, and you have not violated any of HIPAA’s privacy laws!

While not necessary, you could always mention HIPAA in your response. This might serve as a reminder to the reviewer that their concerns will not be solved or addressed further online, prompting them to take the conversation offline, as requested. If you wanted to mention HIPAA, you could add to your response:

“Due to HIPAA privacy laws, we cannot address your concerns publically.”

Inviting a patient to address their concerns offline shows them that you value them and their feedback. Oftentimes, when someone has negative feedback, their bad experience comes from a place of not feeling heard or valued. Use this opportunity to show them that this is not the case. Your actions could result in the person removing the negative review, updating it, or even becoming a loyal customer.

Positive reviews deserve a little attention, too. A quick response to a positive review shows your patients that you are paying attention to their feedback and care about them and their experience. One response could look like:

“Thank you for this review/feedback. We hope to deliver the best in quality, and we love to hear about positive experiences.”

Or:

“We value this positive feedback, and love to know when we’re doing something right. We try to always uphold our commitment to offering great value and excellent service. Thank you!”

Of course, you don’t want to copy and paste the same exact response to every single review and comment you receive, but hopefully, these templates can give you a place to start, so that you can feel confident and comfortable navigating the restrictions of HIPAA online. Remember to always be polite and professional, and to set an appropriate tone to any response you give.

Grow

While receiving negative reviews can feel shocking or personal, look at them as an opportunity to grow your practice! You might notice a few reviews that address concerns with wait times. Is there a process you can change that results in decreased waits? Can you make your waiting room more comfortable and inviting? If concerns come up about the professionalism of your staff, can you have a meeting that addresses or reminds them of your standards? In any business, there is always room for improvement, and online reviews have the ability to offer you genuine customer feedback, so make sure you are putting them to good use!

The takeaway

Your online reputation is an important part of your business, and we highly recommend managing it no matter what industry you are in. There are ways to engage with your clientele online while still safely navigating the rules of HIPAA. If you can keep a cool head when it comes to reading your reviews, and can get yourself started with a few simple template responses, you can quickly become a pro at handling online comments. Educate yourself on HIPAA’s policies, and show your clients how much you care about them!

Take the first step towards being in control of your online reputation with Top Rated Local!

By now, you know that your business’ online reputation is undoubtedly linked to online reviews and the way you do or do not respond to them. Top Rated Local has the resources you need to stay on top of your reviews and reputation. Best of all, listing your business with Top Rated Local is free!

Share this article!