Physicians often believe that the Health Insurance Portability and Accountability Act (HIPAA) and other privacy laws prohibit them from responding to a review a patient or their caregiver posts on online—even if the review is negative or contains untrue or inflammatory information that can be harmful to them or their practice.
But there are no federal laws or regulations that expressly prohibit physicians or their practices from responding to online patient reviews. That having been said, unlike other businesses that can respond to online reviews however they see fit, HIPAA patient-privacy protections and state laws limit what physicians can say in response to a patient review in a public forum, according to research from the AMA through its “Debunking Regulatory Myths” series.
This series provides regulatory clarification to physicians and their care teams. It is part of the AMA’s practice-transformation efforts and gives physicians and their care teams resources to reduce guesswork and administrative burdens so their focus can be on streamlining clinical workflow processes, improving patient outcomes and increasing satisfaction.
“Physicians are free to respond and contribute to an online review forum, but they must maintain the privacy of the patient’s protected health information, even if the patient has already revealed personal information. While a patient is free to share any information about their experience in an online forum, physicians are prohibited from disclosing any patient-specific information,” says the AMA explainer.
Stay within the law
Posting an online response is not a physician’s only option to respond to online reviews. Physicians and practices can contact websites directly to dispute false or inflammatory reviews or if they believe reviews violate a website’s community review guidelines or standards.
Here are some do’s and don’ts that physicians should consider while deciding whether to respond to online reviews and what to say when they do decide to respond.
Do:
- Respond with general policies and standard protocols if you decide to respond online.
- Think about responding offline. Patients sometimes take down a negative review after the physician or practice reaches out personally. Or, sometimes patients add an online review that lets others know your office is listening.
- Remember that your online reputation is not destroyed with one bad review. Patients look at a physician’s overall rating, so a few bad reviews will not stand out as the norm when there are many good reviews.
- Make sure the practice is providing HIPAA training to the appropriate staff and do develop policies and procedures related to appropriate disclosures of personal health information, paying special attention to avoiding disclosures on social media.
Don’t:
- Respond immediately. Take a deep breath and walk away.
- Acknowledge the person is a patient in your office or disclose any other information about the patient if you decide to comment publicly. HIPAA says a physician can’t disclose information about a patient without the patient’s permission and a patient’s own disclosure does not give the doctor permission to disclose information.
- Ignore online criticism. Look at it objectively—from the patient’s point of view—and decide if you or your office could do something differently.
- Shy away from online reviews. Usually, reviews are positive so ask patients to rate and review you.
Earn CME credit
Learn more with the “AMA Debunking Medical Practice Regulatory Myths Learning Series,” which is available on AMA Ed Hub™ and provides regulatory clarification to physicians and their care teams. For each topic completed, a physician can receive CME for a maximum of 0.25 AMA PRA Category 1 Credit™.
Physicians are encouraged to submit questions or ideas they have about potential regulatory myths. The AMA’s experts will research the matter. If the concerns turns out to be a bona fide regulation that unnecessarily burdens physicians and their teams, the AMA’s advocacy arm can get involved to push for regulatory change.
