How to respond to online reviews and stay HIPAA complaint.

We all know online reviews are valuable, but how do you respond and stay out of trouble with HIPPA?

Patient reviews play a crucial role in guiding individuals through their healthcare journey. A recent survey found that 86% of patients rely on online reviews, with 60% reading at least five before selecting a healthcare provider. Therefore, it's vital for healthcare organizations and providers to actively seek and respond to reviews. Reviews build trust and trust is the currency of all transactions. Unfortunately, a lack of reviews can put a medical clinic at a disadvantage.

Even more important, healthcare providers must handle reviews in a manner compliant with the Health Insurance Portability and Accountability Act (HIPAA). Any mishandling of protected health information (PHI) can expose organizations to significant financial, legal, security, and reputational risks.

How can you ensure that your medical clinic is responding to online reviews in a manner consistent with HIPAA regulations?

First, if you discuss leaving a review online encourage the patient to share their positive experience, but leave specific health conditions or treatments out of their response. This protects them and protects the clinic.

Next, in order to stay within HIPAA requirements, the provider should not use personal information about the patient in their response. You cannot publicly acknowledge any information about their visit. Any reference to or acknowledgment of a patient's personal health information is a potential violation of HIPAA guidelines, which for a HIPAA-covered entity results in fines anywhere from $100 to $50,000.

How Not To Respond To Online Patient Reviews

Don't use the reviewer's name. While it may seem impersonal to avoid addressing the reviewer directly, using a name is a direct violation and needs to be avoided. Do not talk about their health condition or specific health issues.

Refrain from using words like "patient," "you," or "your." This type of phrasing inherently acknowledges the reviewer's personal experience with your business. It also puts you at risk of confirming/denying a fact about their visit, which violates HIPAA privacy guidelines.

How To Respond To Online Patient Reviews

Keep replies vague but genuine so it doesn't sound like a robot. Use your business name in the response. Use keywords representing the products and services you provide that help support your patients.

If the patient mentions a product, repeat it, but in general, don't apply it to the patient's situation.

Promote your business's values and policies. Instead of addressing the specifics of a review in your response, use it to promote your business's core values.

Focus on what you generally expect for your patients, and share it regarding their feedback.

For example, if your patient had a longer wait time than expected, don't apologize for the inconvenience, a possible violation. Instead, reiterate that your clinic "strives to provide the shortest wait times possible and will work to improve in the future." With this, you indirectly address their feedback and bring the focus back to your business.

Here Is An Example Of A HIPAA Compliant Response

"I am so grateful for this very encouraging review. It warms my heart to hear about positive experiences. Thoroughness is a core value of our functional medicine clinic, and I enjoy helping to manage symptoms through a natural approach. Comfort is an essential part of my practice and exactly what I want people to experience. I love to help, and if anyone else needs help, please see me," Sarah Klien, MD Peak Health Medical Clinic

Why Should You Respond To Online Reviews?

Responding to online reviews significantly impacts search engine optimization (SEO). According to Harvard Business Review, you get 12% more reviews and better ratings when you respond to online reviews.

The overall volume of reviews about your clinic helps potential patients better understand the experience they'll have when they schedule a discovery call or appointment with you.

Even better, when patients see good reviews, they tend to give good reviews. Plus, patients leave reviews with keywords that other potential patients are looking for, and Google rates your business based on these keywords.

Finally, online search engines love unique, up-to-date, and ongoing content - Google promotes healthy, active businesses that stay engaged with their customers.

What Is Considered Protected Health Information (PHI)

Defines PHI as individually identifiable health information transmitted or maintained in any form or medium (electronic, oral, or paper) by a covered entity or its business associates, excluding certain educational and employment records.

Information such as diagnoses, treatment information, medical test results, and prescription information are considered health information under HIPAA, and when these types of information are maintained in a “designated record set” with identifiers such as birth dates, gender, ethnicity, and contact and emergency contact information, all of the information maintained in the set is considered protected health information under HIPAA law.

PHI only relates to health information about patients or health plan members. It does not include information contained in educational and employment records. Additionally, PHI is only considered PHI when an individual could be identified from the information in the record set. If all identifiers are removed from the set, it ceases to be protected health information and the HIPAA Privacy Rule’s restrictions on uses and disclosures no longer apply.

Would you like help getting more reviews for your medical clinic?

To learn more about how you can grow your online reviews: