<img alt="" src="https://secure.wire0poor.com/215720.png" style="display:none;">
Request a Demo Sign In
August 22, 2022

How to Maintain HIPAA Compliance When Responding to Patient Reviews

Review response is critical for online reputation management but health care providers must be careful. Widewail follows these rules to remain HIPAA compliant.

Review response is essential to any business’s reputation management strategy. For healthcare providers, HIPAA privacy requirements demand more attention to detail in review responses, but it’s not as challenging as it may seem. 

Reviewers often publicly share personal information in their reviews, such as their names or details of their visits. As a care provider, it may feel natural and more engaging to acknowledge these facts in your responses. This is where it gets tricky. 

Any reference to or acknowledgment of a patient’s personal health information is a potential violation of HIPAA guidelines, which can cost a HIPAA-covered entity anywhere from $100 to $50,000 in fines. After reading that, you may be thinking, why take the risk of responding at all? 

The answer is simple. 77% of patients use online reviews as the first step in finding a doctor. Your online reputation is a critical factor in earning the trust of prospective patients and your responses give a first look into the service they will receive if they choose a certain physician or clinic. Further, responding gives you the opportunity to connect with your existing patients, maintain their trust, and show them you care. 

So, how do you make your patients feel heard while remaining HIPAA compliant? In this article, we’ll explain how the team behind Widewail Engage handles responses for our healthcare clients, following HIPAA privacy requirements. We'll also provide some real-world examples to demonstrate what a HIPAA-compliant response looks like. 

4 Tips for writing HIPAA-compliant review responses:

  • Don’t use the reviewer’s name
  • Keep replies vague
  • Promote your practice’s values and services
  • Attempt to take the conversation offline

Our expert response team takes care to personalize and tailor responses to each reviewer’s individual experience. However, in following HIPAA guidelines, our approach looks a little different. The main rules we adhere to for HIPAA-covered practices are as follows:

Don’t use the reviewer’s name 

While it may seem impersonal to avoid addressing the reviewer directly, using a name is a direct HIPAA violation, and should be avoided.

Keep replies vague 

Refrain from using words like “patient,” “you,” or “your.” This type of phrasing inherently acknowledges the reviewer’s personal experience with your office. It also puts you at risk of confirming/denying a fact about their visit, which violates HIPAA privacy guidelines.   

Promote your practice’s values and policies

Instead of addressing the specifics of a review in your response, use it as an opportunity to promote your practice’s goals. Focus on what you expect for your patients generally, and share it as it pertains to their feedback.

For example, if your patient had a longer wait time than expected, don't apologize for the inconvenience and risk violating HIPAA guidelines. Instead, reiterate that your practice “strives to provide the shortest wait times possible, and will work to improve in the future.” With this, you indirectly address their feedback and bring the focus back to your office. 

Take it offline 

Inevitably, your practice will receive some negative feedback, and it’s only natural to want to address it in your response. However, the most appropriate and HIPAA-compliant way to react is to offer the reviewer a way to reach you directly, whether that be via phone or email. Independent of HIPAA, this is a general best practice. Suggesting an offline connection allows patients to share their experiences in a private setting while demonstrating that you value their feedback. It also protects you from oversharing and violating any privacy guidelines. 


Download the Book: 56 Review Response Examples


HIPAA-Compliant Positive Review Response Example

Now that you know more about how to avoid those expensive HIPAA fines in your review responses, let’s see a couple of real-world examples: 

HIPAA positive review response example (1)

This response meets HIPAA standards perfectly. It doesn’t address the reviewer by name, nor does it confirm/deny that the reviewer was ever a patient at this practice. Rather, the response offers gratitude to the reviewer, while promoting the doctor’s goals and values. 

HIPAA-Compliant Negative Review Response Example

HIPAA negative review response example (1)

Negative reviews for HIPAA-bound entities often contain very sensitive and personal information, which is why it’s important to take the conversation offline as soon as possible. This response directs the reviewer to reach out to discuss their concerns, rather than addressing or acknowledging them online, ensuring HIPAA compliance. It also promotes the practice’s goals in general, which helps make the reviewer feel heard. 

All in all, when writing HIPAA-compliant responses, it’s important to remember why you are responding in the first place. You want your responses to portray your practice in a positive light online, promote trust, and demonstrate gratitude for your patients. With a review response service like Widewail Engage, you can be confident that your responses will adhere to HIPAA guidelines while keeping your practice competitive in online reputation and search engine rankings. 

Managed Review Response Service  We've got a team of experts ready to write HIPAA-compliant review responses  for your practice. Learn more about Engage


Tag(s): Review Response

Emily Keenan

Originally from Scarborough, Maine, I moved to Vermont after graduating from St. Lawrence University, where I received my BA in English and Spanish. I have always been interested in writing and communication, which is what initially drew me to the Review Response Specialist position at Widewail. In my spare time, I can be found reading, playing electric guitar, or strolling/biking around one of Burlington’s many scenic trails. I always welcome the opportunity to talk about my work, and invite anyone with questions or comments to reach out or connect with me on LinkedIn.

U3GM Blog Post Comments

Other posts you might be interested in

3 Reasons Prospects Don’t Trust Your Reviews

5 min read | July 12, 2024
Why prospects might not trust your reviews and how to build credibility. Personalize responses, maintain review frequency and embrace negative feedback for authentic trust...
Ellie Guyon Review Response Specialist

How Smart Dealers Build a Head-Turning Reputation with No Wasted Effort, Backed by Data

6 min read | July 12, 2024
Smart dealers build their reputations using data-driven strategies. Learn to maximize positive reviews and minimize negative feedback in automotive sales and service.
Jake Hughes Director of Marketing

Use Reviews to Build Your Multi-location Brand

5 min read | July 10, 2024
Build a strong brand across multiple locations by effectively managing online reviews. Learn strategies to align locations, improve customer experience, and boost reputation.
Emily Keenan Content Marketing Specialist

Local Marketing Insider

Bite-sized, to-the-point, trend-driven local marketing stories and tactics.