Smiling dentist making sure to respond to reviews in a HIPAA-compliant way

Online reviews on Google, Yelp, Facebook, and other public review platforms are more critical than ever for dentists. Here’s why: 84% of consumers look to online reviews before choosing providers. Additionally, according to Moz, review signals account for 13% of local ranking factors.

In other words, not only do reviews matter to potential patients, but they are incredibly important for SEO.

In addition to obtaining reviews, responding to online reviews is a great way to build trust with potential patients and engage with current patients. A well-crafted response to a negative review can turn a bad situation into an opportunity, while a thoughtful response to a great review can build loyalty and show you really care.

However, dentists and other healthcare professionals have something extra to consider when responding to online reviews: HIPAA. The Health Insurance Portability and Accountability Act, or HIPAA, is designed to protect patients’ privacy. So how does HIPAA affect your ability to respond to reviews?

HIPAA concerns

Non-compliance could result in legal action and hefty fines, so how can you engage with patients who leave you a review – without getting in legal hot water?

Rest assured, it CAN be done successfully! Healthcare professionals can respond to reviews – it just takes a little care to make sure it’s done in a way that respects and protects patients’ privacy.

You may wonder: If the patient leaves a review on a public site like Yelp or Google, isn’t that an authorization for the practice to acknowledge he or she is actually a patient? After all, the patient basically admits it in his/her own words.

In reality, no matter what the patient states in the review, it’s NOT an authorization for the practice to release any patient information in response.

Dentists must respond to reviews in a HIPAA-compliant way.

Best practices: How to respond to reviews in a HIPAA-compliant manner

When responding publicly on Google, Yelp, or other platforms, never confirm if the patient was seen by your practice or release any of the patient’s medical information.

It’s best to focus on office policies and use generic terms that don’t offer any specific patient information. Here are a few examples:

Example review: “Dr. Dentist is the BEST! She treats my 5-year-old son so well that he LOVES to visit the dentist. I had a cavity filled during my last visit and the doctor was so gentle; it didn’t hurt at all. Our entire family loves Dr. Dentist and we highly recommend her!”

  • BAD response: “We’re so glad you enjoyed your experience with us and look forward to seeing you again soon!”
  • GOOD HIPAA-compliant response: “We aim to deliver the best care to patients and love to hear positive experiences! Thanks for sharing this feedback!”
  • Why it works: The response doesn’t directly confirm the reviewer is a patient.

Example review: “I had to wait more than an hour to be seen, and the front desk lady was rude and didn’t seem concerned with my long wait at all. When I finally saw the dentist, he only spent a few minutes with me and seemed rushed.”

  • BAD response: “We’re sorry you had a bad experience with our team during your appointment and we’d love the opportunity to make it right.”
  • GOOD HIPAA-compliant response: “When scheduling, it’s our policy to allow plenty of time with the doctor so we can keep our schedule running on time. However, because of emergency situations, it is possible to be behind schedule occasionally. We appreciate your feedback and are committed to providing the best patient care; you’re welcome to send any other comments to our Office Manager Debbie at (email address).”
  • Why it works: The content of the response is generic and focuses on the practice’s policies. It doesn’t confirm the reviewer is a patient. It also provides an opportunity to takes the conversation offline.

More tips

Don’t let HIPAA-related fears prevent you from asking for or responding to reviews! Google itself states that “Replying to reviews is a great way to engage with your customers and get valuable feedback.” Here are a couple of useful tips to keep in mind from the Google My Business Help page:

  • Be nice and don’t get personal. This isn’t just a guideline–it’s also a good idea as a business owner…Keep your responses useful, readable, and courteous.
  • Keep it short and sweet. Users are looking for useful and genuine responses, but they can easily be overwhelmed by a long response.
  • Thank your reviewers. Respond to happy reviewers when you have new or relevant information to share. You don’t need to thank every reviewer publicly since each response reaches lots of customers, not just one.

You can respond to reviews in a HIPAA-compliant manner successfully! If you have questions about local SEO or obtaining reviews, schedule a free, no-obligation call with Angela, our Director of Client Services. She’d be happy to help answer your questions!