How to Respond to Negative Online Reviews
in the World of HIPAA
by Kelly McLendon
Written by Kelly McLendon for MedRev, a CompliancePro customer that deals with improving patient healthcare experiences. This article deals with how healthcare organizations can respond to online reviews while being HIPAA compliant.
There are several types of social media interactions that providers of care or any HIPAA regulated organization will have to carefully approach. This article addresses online review responses for a healthcare business. The rules are so strict that at no time can direct acknowledgment of any provider-patient interactions be reflected in an online review or posting by the provider or their practice/company.
In fact, it cannot even be acknowledged, without prior consent, that the patient was ever seen or treated by the provider or their organization.
Negative social media reviews of HIPAA providers of care, health plans or other companies that create, use or manage protected patient data are a dicey subject to say the least. In many ways, social media reviews that are disagreeable or inaccurate pose an unfair disadvantage for smaller physician, dental, chiropractic and specialty practices because these smaller practices have a limited number of reviews, so any single review could skew their rankings and social media perception significantly.
Although smaller practices are most vulnerable to the impact of a small number of negative reviews, hospitals, surgery centers, and other large healthcare facilities and networks encounter the same issues and must follow the same rules. There is a narrow window of permissible actions that can be taken under the HIPAA privacy and security laws. This often leads healthcare businesses to avoid responding to online reviews altogether.