Medical organizations continue to grow their presence on the Internet in a move towards consumerism, taking a cue from other industries so that patients can easily search and find their services on the Internet.
But unlike retail, hospitality, and food companies, healthcare companies risk violating federal privacy laws by responding to patient reviews online.
According to a study, 72% of adults say they read online reviews when choosing a new healthcare facility or doctor. report from Reputation, an online reputation management company.
And patients provide this information.
Hospitals received 50% more reviews last year compared to 2020, according to the report. Doctors received 58% more reviews.
Patients do their research before choosing a doctor, and much of that research involves online reviews, says Lauren DeRitis, marketing coordinator at the Rothman Orthopedic Institute in Philadelphia.
“They look at reviews of what other people are saying,” she said. “We have to take this seriously.”
DeRitis manages online reviews and profiles of group offices and physicians on sites such as Google, Healthgrades, and RateMDs. On Google alone, she manages nearly 500 profiles, including business profiles for every doctor and every doctor’s practice location, to help them show up when a potential new patient searches for doctors in their area.
Online business profiles have become a major focus of Google’s health department.
Google recently added new features to its business profiles for healthcare providers and doctors so that patients can see the availability of appointments and information about what insurance doctors accept and what languages are spoken in their practice. Profiles collect information from various sources, and the provider may require its profile to update this information.
Online profiles and reviews can be a boon for smaller clinics looking to rank higher on Google and other search engine results so that new patients can find them more easily.
But health care providers need to make sure they’re not violating the Health Insurance Portability and Accountability Act when they publicly respond to patient reviews online.
HIPAA is of particular concern when responding to negative reviews, where service providers may want to protect themselves from patient complaints about doctors, waiting times, or bills.
Dental practice in North Carolina was recently hit with a $50,000 fine from the Department of Health and Human Services agency that enforces HIPAA following the disclosure of a patient’s medical information online when responding to a negative review on a Google practice profile in which the patient used a pseudonym. The practice revealed the patient’s real name and details of his visit to the doctor.
HIPAA violations can be “extremely detrimental to practice,” said Anders Gilberg, senior vice president of government relations at the Medical Group Management Association.
ISPs could face costly fines, he said, and that could damage their reputation.
“I don’t think everyone understands the scope and consequences if you do it wrong,” he said.
“The safest thing to do is not respond to negative reviews at all,” said Brad Rostolsky, partner in the life sciences group at privacy and security law firm Reed Smith.
It is natural to see criticism and want to protect the professional reputation of a person or business.
“But that’s going to be very difficult to do when you have HIPAA’s overarching privacy restriction on what you can say,” he said.
Patients can share their medical information online, posting details of their medical history and which doctor they went to, but healthcare providers are required to comply with HIPAA and cannot publicly disclose medical information.
Even publicly admitting that a commenter is a patient, or citing a reason for seeing a doctor, can be a violation of HIPAA.
If there is a complaint that the supplier wants to address, it is best to see if the organization can find out who the author of the comments is and contact them directly rather than on a feedback site.
Doctors and other employees who may be subject to public criticism should not react angrily to comments online. If someone has a strong urge to respond to a comment on a review site, it is important that someone involved in compliance and privacy review the response before posting.
Rostolsky said that instead of commenting on negative reviews, providers are better off encouraging patients who have had positive experiences to write reviews.
Some healthcare providers put up signs in their offices telling them where to leave a review, or front desk staff encourage patients to leave a review after they are discharged.
Gilberg suggested that organizations include guidance on how to respond to reviews in their social media policies. Ideally, they will assign a designated employee to review review websites and respond to comments with legally approved response templates so they can post without violating HIPAA.
It is critical to move conversations about the patient’s experience into a private discussion via email or telephone rather than continue it publicly.
DeRitis said she responds to every negative review about the office or the Rothman doctor. Other employees are tasked with responding to positive feedback.
Rothman uses a software platform to collect online reviews online, so it’s easy to stay up to date with what’s being posted. According to DeRitis, only about 2-3% of Rothman-related reviews are negative.
It is useful to respond to negative reviews both to address the patient’s complaints and to show others who read the reviews that the group is responsive and listening to the patient’s concerns.
DeRitis also sends out monthly reports to physicians and Rothman management detailing which markets are receiving reviews and what those reviews are.
DeRitis makes responses to online reviews generic — such as saying she’s disappointed to hear about the experience — and includes an email address that she encourages commenters to contact her directly. If she’s not sure if something can be included, she’ll also check with the group’s Compliance department. If it’s a clinical complaint posted on a doctor’s personal profile, she’ll loop them too.
Only a small proportion of patients turn to her directly. For those who do, she will figure out what the next steps are. This may mean apologizing to a patient who has had a long wait time and contacting the office manager or specific physician if this becomes a trend, or contacting the billing team for the patient to resolve a billing issue.
“We’re taking it offline so we can get into the details,” DeRitis said.