HIPAA protects sensitive patient information, so it may seem counterintuitive for practitioners to request public reviews. What happens if patients disclose protected health information (PHI)? What if providers or their staff don’t handle responses appropriately? Will there be fines or lawsuits? Is it worth the time and effort needed to manage online ratings and reviews when so much is at stake?
If you want to keep attracting new patients, the answer is yes.
Transparency vs. Privacy
Facing higher deductibles and out-of-pocket expenses, healthcare consumers are not as passive about choosing doctors and healthcare systems as they’ve been in the past. Patients are going online to research doctors and hospitals now more than ever.
And according to Reputation’s own research, reviews on Google and health insurance websites are what people trust when seeking information about providers. Nearly 80% of consumers report using online reviews as a first step to seeking a healthcare provider, while 16% use them to validate the doctor they’ve chosen.
A surplus of patient reviews demonstrates a high level of commitment to patient care and supports transparency initiatives that build trust and credibility with consumers. Plus, online reviews provide actionable insight into recurring issues that may have an impact on the patient experience. Such insights can lead to operational improvements based on patient feedback.
Yet despite the many benefits of online reviews, 77% of doctors don’t have only have one review on Google, due in part to a perceived risk of HIPAA violations. That gives doctors who focus on online reputation a huge advantage, when it comes to attracting and retaining patients.
Under the HIPAA Privacy Rule, PHI needs to be protected. However, patients often offer information about themselves willingly that is considered PHI, creating a tricky situation for providers.
Still, actively managing your online presence is less of an option and more of an imperative, if you want your practice to thrive. By following some simple strategies, health systems can successfully balance achieving the transparency healthcare consumers crave with the privacy required by HIPAA.
Engage Online without Risk
Fortunately, HIPAA doesn’t have to be a deterrent to building a healthy volume of recent online reviews. Here are some basic guidelines that can help minimize any risk of HIPAA violations as you request and respond to patient reviews:
- Enlist your legal department. Work with your legal and compliance team to develop 15-20 approved, HIPAA-compliant responses to common situations you may encounter. Then, load them into your reputation management system’s content library, so doctors and staff responding to reviews can choose from them.
- Know the laws regarding patient contact. Some states require written permission for healthcare providers to communicate with patients electronically. This may impact the way you request reviews, as well as how you respond to them. If you’re unsure of your state’s laws or don’t have consent, use the phone.
- Patient Discloses PHI? Don’t Delete. If a review from a patient includes protected health information (PHI), you don’t necessarily need to delete it. But make sure your response doesn’t disclose or acknowledge that the person was a patient. Then…
- Take the conversation offline. Thank the reviewer for the input, then politely request they contact you directly for further assistance or to discuss their issue in more detail.
Learn more about using patient reviews to improve ratings and rankings, and gather candid patient feedback from multiple sources for insights that help improve patient experience.