How to Respond to Online Reviews While Remaining HIPAA-Compliant

Whether the review is positive or negative, you should respond. But be sure not to violate patient privacy!


Like it or not, responding to reviews matters to consumers. A recent survey conducted by BrightLocal found that 30% of respondents look to review responses when judging a local business [reference].

Unfortunately for medical professionals, the Health Insurance Portability and Accountability Act (HIPAA) laws can make responding to reviews even more of a challenge.

Enacted in 1996, HIPAA laws apply to the internet just as much as anywhere else, so healthcare organizations must take them into account when responding to online reviews. This can be a little tricky, but for this post, we’ve narrowed it down to the most important and simple rule of thumb, as it applies to responding to online reviews:

The practice cannot disclose if a reviewer is, indeed, a patient. Even if a patient leaves his or her name and a detailed description of the visit, to confirm that the person leaving the review is or was a patient could violate patient privacy. This rule also applies to direct messages that may happen on platforms such as Yelp.

So what should your goals be?

When it comes to responding to reviews as a medical professional, keep three goals in mind:

  1. Whenever possible, respond to the reviews you receive.
  2. In your response, don’t confirm if the reviewer is actually a patient.
  3. Always be courteous.

Some examples:

Responding to a positive review...

"I love this practice and everyone who works here. They always run on-schedule and are communicative and friendly. The building has lots of big windows that let lots of light in, and the rooms and equipment are always sparklingly clean. I’d definitely recommend them!"

  • A non-compliant response: Kathy, we’re so happy that you have had good experiences at our practice. We love when you come in and are looking forward to the next time!
  • A HIPAA-compliant response: We’d like to thank you for your review! We try our best to provide quality care to our patients and are very appreciative of your feedback.

Responding to a negative review...

"I liked the doctor fine but the appointment felt a little rushed. However, the front desk staff seemed like they didn’t know anything and tried to charge me the wrong amount, then were passive aggressive about my insurance."

  • A non-compliant response: Mike, when you were at our practice you had different insurance than you said you had when you scheduled your appointment with us, and this insurance doesn’t work well with our system. We’re sorry for the problems but next time be sure to have all your information up-to-date.
  • A HIPAA-compliant response: We value your feedback and are sorry to hear about your negative experience. We strive to offer the very best experience to all of our patients and your feedback will help us improve.

You can do it!

It may not be easy to respond to online reviews, but it’s an important and valuable part of your online presence. The more experience you get with responding to reviews, the easier it will become.

Just remember: the best rule of thumb for HIPAA-compliant review responses is to keep it short and general.

Written by Patrick Quinn on April 23rd, 2018 in Marketing

Have a look at what we’re writing.

Useful advice, company announcements, and case studies to help you get to know us...

Interested in working with us?

Likewise. We can't wait to hear from you.

Start Your Project 888-333-3731