Healthcare providers are no strangers to HIPAA, the Health Insurance Portability and Accountability Act, which was enacted in 1996. The legislation’s original objective was to protect healthcare coverage for individuals who lose or change their jobs. However, it also set forth a series of standards that protect patient privacy by ensuring that medical records remain private.
But what does that mean for online reviews? The proliferation of sites like Facebook and Google have made it easier than ever for patients to write reviews about their healthcare experiences—both good and bad. And while these platforms provide an opportunity for patients to speak up about issues they may have experienced in your practice or hospital, they also pose risks if you fail to protect patients’ personal information. Read on to explore some of the ways you can respond to patients while complying with HIPAA privacy requirements.
What is HIPAA?
HIPAA is a federal law that protects the privacy of medical information. It applies to all healthcare providers, including hospitals, doctors, clinics, and insurance companies.
HIPAA requires covered entities—the people or organizations who transmit or receive electronic health information—to protect the confidentiality of a patient’s protected health information (PHI). This means those entities cannot share PHI with anyone else unless given permission or required by law.
What is a HIPAA-compliant review response?
Patient reviews on Google and other top healthcare review sites are a major contributor to your practice’s online reputation, and how you respond to reviews can further help or harm your image. First and foremost, your responses to online reviews must comply with HIPAA.
When crafting a HIPAA-compliant review response, the response must be de-identified. Some of the most common ways to identify a patient are by name, initials, or identifying characteristics such as age, gender, or location.
Some reviews, like Google reviews, are not anonymous and will have a name associated with the review. However, it is crucial to understand that it could be a violation to acknowledge that the reviewer was actually a patient. For that reason, we recommend not repeating the reviewer’s name in your response. This avoids confirming whether the patient was treated by your practice.
We also recommend creating internal guidelines for responding to reviews. Share these guidelines with the staff who will be responsible for responding to ensure they have an understanding of compliant versus non-compliant responses. Consider including several templated responses to give them a starting point.
Let rater8 take the pressure off!
rater8 clients benefit from a built-in feature that allows them to respond to reviews in one convenient dashboard. They can also select a response from a number of pre-written, HIPAA-compliant review responses.
Streamline the response process through the use of customizable, HIPAA-compliant response templates. rater8’s optimized workflow allows you to respond to reviews at the press of a single button in your rater8 dashboard. You will be prompted to respond with a predefined, randomized template, taking only a moment per review. An abundance of variety prevents reviewers from receiving the same response and assuming the process is automated. We define templates based on star rating and whether or not a review has a comment to ensure the right verbiage is always used in each response template. For example, you wouldn’t want to accidentally ask a 5-star reviewer to contact you about their 1-star review.
Be professional and courteous…even in response to negative reviews.
If you already use rater8, it’s likely you’re receiving a majority of positive reviews. In fact, in 2021 alone, we added 331,000 reviews for clients, and 97% of them were 4– and 5-star reviews. However, even the best practices receive negative reviews sometimes. This is where your response should be a priority. Responding professionally and respectfully when someone has something negative to say about your organization is crucial for maintaining a good image with both patients and potential patients alike. Providers may be tempted to explain away any shortcomings. While this can be enticing in the heat of the moment, it may reveal too much information about an individual patient, thus violating HIPAA.
While the aforementioned rules apply just the same for negative reviews, our number one recommendation in responding to negative reviews is asking the reviewer to contact you offline. Request they contact your office to discuss and resolve the issue directly. If you use rater8, you may want to create a template for 1-star reviews that includes the phone number for your patient experience coordinator and encourages the reviewer to call them.
Review responses can be HIPAA-compliant without feeling too robotic.
While you may not be able to share details with the reviewer, there is a lot that can be said without violating HIPAA. Remember that in a situation with an unsatisfied patient, your goal should be to address the reviewer’s concerns, apologize for the situation, and offer to speak with them directly.
We know the future of healthcare depends on providers who are brave enough to take risks and put their patients first. We also know that HIPAA compliance is one of the most important parts of your practice, and we hope this information has provided you with a starting point on crafting HIPAA-compliant review responses.