Are physicians prohibited from responding to online patient reviews?

Debunking Regulatory Myths-series only

This resource is part of the AMA's Debunking Regulatory Myths series, supporting AMA's practice transformation efforts to provide physicians and their care teams with resources to reduce guesswork and administrative burdens.



Physicians are prohibited from responding to online patient reviews.

Online reviews regulatory myth

Are physicians prohibited from responding to online patient reviews?

There are no federal laws or regulations prohibiting physicians or practices from responding to online patient reviews; however, unlike other businesses that may respond to online reviews in any way they deem appropriate, physicians are limited in what and how they can communicate with a patient reviewer in a public forum.

Acknowledgement of a patient’s relationship with the provider might risk violating patient privacy protected by the Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws. It is important to note that HIPAA does not explicitly prohibit physicians from responding to online reviews; physicians are free to respond and contribute to an online review forum, but they must maintain the privacy of the patient’s protected health information (PHI), even if the patient has already revealed personal information. While a patient is free to share any information about their experience in an online forum, physicians are prohibited from disclosing any patient-specific information.

Most, if not all, online review sites have openly published community review guidelines or standards. Physicians and practices do have the option to contact the review sites directly to dispute false or inflammatory reviews, especially if they believe the reviews violate the site’s community standards.

Physicians are encouraged to consider these suggestions when deciding whether and how to respond to online reviews.1

  • Don’t disclose any information about the patient—don’t even acknowledge the person is a patient in your office. Even if a patient has disclosed their information in an online review, remember that HIPAA prevents a physician from disclosing any information about a patient without the patient’s permission. A patient’s own disclosure is not permission for the doctor to disclose anything.
  • Consider taking the response offline. Sometimes, personal contact results in the patient taking down the negative review, or results in the patient adding an online review that lets other patients know your office is listening.
  • Speak about general policies and standard protocols if you chose to respond online. For example, if a patient is upset that they did not receive an antibiotic, a physician could respond, not by mentioning anything about the specific patient, but instead by saying that office policy and standard medical practice is to determine if a patient has a viral or bacterial infection and to only prescribe antibiotics when there a bacterial infection is present.
  • Remember, one bad review will not destroy your online reputation. Patients look at a physician’s overall rating and when there are many good reviews, a few bad ones will not stand out as the norm.
  • Don’t respond immediately. Take a deep breath and walk away.
  • Don’t ignore criticism. Instead, objectively look at the criticism from the patient’s point of view and determine whether there is something you or your office can do differently.
  • Don’t shy away from online reviews. Ask your patients to rate and review you online. In most cases, reviews are positive. And remember that many positive reviews dilute many negative reviews.

    Reducing Regulatory Burden Playbook

    Avoid overinterpreting the rules! This AMA STEPS Forward® playbook is your roadmap to practice efficiency.

Practices are required to provide HIPAA training to appropriate staff and are encouraged to develop policies and procedures related to appropriate disclosures of PHI, with special attention paid to avoiding disclosures on social media.

Numerous websites provide information about clinicians and organizations from which patients seek health care. Some of these sites provide user-submitted reviews about practices and clinicians from patients or members of the public. 

Unfortunately, patient reviews are not always positive, and can sometimes be negative, inflammatory, or false. Negative or false reviews can adversely, and sometimes seriously, affect a physician, their practice, reputation and their career. To avoid these potential consequences, physicians may feel compelled to respond to reviews to address concerns or rectify problems but are fearful they will run afoul of the law and patient privacy protections if they do.

Debunking Regulatory Myths CME

Interested in earning CME credit for this myth? Start now on AMA Ed Hub™. 

  1. Henry TA. How to respond to bad online reviews. American Medical Association News. 2016. Available from:

Visit the overview page for information on additional myths.

Submit your regulatory myth

AMA seeks to aid physicians and care teams by helping them understand medical regulatory requirements. Help us help you—submit a myth you'd like clarification on.

Disclaimer: The AMA's Debunking Regulatory Myths (DRM) series is intended to convey general information only, based on guidance issued by applicable regulatory agencies, and not to provide legal advice or opinions. The contents within DRM should not be construed as, and should not be relied upon for, legal advice in any particular circumstance or fact situation. An attorney should be contacted for advice on specific legal issues.

Page last reviewed in April 2022.