encompass blog

HIPAA Guidelines and Online Reviews

HIPAA Guidelines and Online Reviews

Written by enCOMPASS Agency

These days, most business owners have to contend with online reviews, posted to sites like Google, Yelp, and Facebook. For some business owners, however, online reviews present some unique complications. Take, for example, those who work in healthcare professions. These business owners will naturally want to engage their patients and respond to online feedback, but in doing so, they have to keep regulatory compliance in mind—and in particular, HIPAA.

HIPAA, or the Health Insurance Portability and Accountability Act, provides medical providers with some restrictions on how they can and cannot interact with their patients on the Web. The bad news is that it’s surprisingly easy to inadvertently violate these guidelines while responding to online reviews. The good news, however, is that simply by reviewing a few basic guidelines, medical providers can ensure they stay on the right side of HIPAA regulations.

It’s All About Privacy

While HIPAA regulations can seem complicated, they really boil down to one thing—not sharing any of your patient’s personal information. If you always err on the side of privacy, you’ll probably be fine.

What this means is that, in responding to online reviews, you can never reveal any personal details about the patient. You can’t even say something like, “We’re glad you came to visit our practice.” Why? Because this reveals that the person in question did, in fact, visit you as a patient—and even that constitutes personal information!

Instead, try something a little bit more general, such as: “Thank you for providing our practice with this feedback.” This response doesn’t give away anything about the patient—not even the fact that he or she is a patient.

Avoid Discussing Diagnoses

Since you can’t reveal that your reviewer is a patient, you certainly can’t reveal his or her diagnosis, nor any specifics about their medical condition. Note that this is true even if the patient brings it up. For example, even if a patient notes that he visited your practice complaining of shoulder pain, you can’t mention that condition or your technical diagnosis anywhere in your review response.

This all raises a question: What can you talk about in your review response? First, always provide a simple thank you for the feedback. Second, focus on your organization’s policies and procedures. You may not be able to talk about the patient’s specific issue, but you can illuminate your general approach to handling patient concerns. Keep your response all about you, not about the patient’s particular situation.

Move the Conversation Offline

Of course, you may run into some scenarios in which you actually do wish to discuss some specifics with your patient. In these cases, it’s important to shift the conversation offline.

The best thing to do here is simply send your patient a private message, complete with your contact information, and ask them to contact you directly. Let them know how much you want to help resolve their issue in a private, one-on-one setting—a setting where you can speak a little more freely.

Not only does this allow you to provide adequate patient care but by initiating a one-on-one dialogue, you can sometimes convince the patient to take down or amend their negative feedback.

One important note here: Even if you’re sending your patient a private message, you still can’t get into the specifics of their diagnosis. HIPAA mandates that all electronic transmissions are free of personal and private patient information—and that includes even your private communications. That’s why it’s vital to ask them to contact you in your office.

What About Using Reviews on Social Media?

There’s one more important note about interacting with patient reviews: sometimes, you might get a really positive one and want to use it on social media.

That’s fine, under a couple of conditions. For one, it’s always best to reach out to the reviewer and make sure you have their permission. And second, even if they grant permission, it’s important to never share their photo on social media. Doing so is a HIPAA violation—again, even if the patient says it’s okay.

Find Out More About Engaging with Patient Reviews

Every business has to tangle with online reviews—but for healthcare companies, that can be an especially challenging and thorny proposition. Above all, make sure you keep HIPAA in mind, and that you always safeguard your patients’ private and personal information.

As you consider responding to online reviews, it may be helpful to invest in a platform where you can receive alerts as new feedback comes in and respond appropriately. That’s something we can help you with here at enCOMPASS, and if you want to chat about it, we’re around! Reach out any time and let’s start a conversation about your business and its strategy for handling online reviews.