Connect with us

Columns

Keeping HIPAA Happy: The Legal Way to Solicit Reviews

Although HIPAA does not specifically mention online reviews, it outlines several rules that impact your legal ability to encourage patients to write reviews.

mm

Published

on

ONLINE REVIEWS CAN make or break your business. In fact, up to 84 percent of patients say they help them choose a doctor. When patients are happy with your services, it’s a great idea to encourage them to review your practice on Google or Yelp.

But can you actually do that? The Health Insurance Portability and Accountability Act (HIPAA) is very strict on how health care providers use patients’ contact information. In order to stay out of trouble, it’s crucial that you familiarize yourself with HIPAA’s rules and follow them to the letter.

14 Images That Show Why Pend Oreille Vision Care in Sandpoint, ID, Was Named One of America’s Finest Optical Retailers
Photo Gallery

14 Images That Show Why Pend Oreille Vision Care in Sandpoint, ID, Was Named One of America’s Finest Optical Retailers

Check Out These 17 Eye-Catching Optical Murals
Photo Gallery

Check Out These 17 Eye-Catching Optical Murals

You Need to See These 28 Head-Turning Ways to Display Frames
Photo Gallery

You Need to See These 28 Head-Turning Ways to Display Frames

What Does HIPAA Actually Say?

Although HIPAA does not specifically mention online reviews, it outlines several rules that impact your legal ability to encourage patients to write them. Here are the basics of HIPAA’s privacy rule as it relates to your patient’s contact information and how you’re allowed to use it.

The Privacy Rule is meant to protect all “individually identifiable health infomation” that you might get from your patients. The way you get that information doesn’t matter; whether you hear it verbally, read it in an email, or your patient fills it out in an online form, that information is protected. Individually identifiable health information includes:

  • The patient’s name, address, birthday, or social security number
  • The patient’s past, present, or future mental or physical health conditions
  • Any services or care you’ve provided or are currently providing the patient
  • Any other information one might reasonably believe could be used to identify your patient

You need a patient’s express written permission to use or disclose their information for any marketing efforts. Your intended use or disclosure of the information needs to be clearly defined in plain language to make sure they understand what they’re agreeing to. Your patient must also be able to revoke their consent at any point. Keeping their information in a database is fine, but you will need their permission to add them to mailing lists.

Start with a Survey

One of the best ways to get reviews from the right patients is through patient satisfaction surveys. Through an automated system, you can identify patients that provide high satisfaction scores and ask them to write reviews. It’s a great way to curate a positive digital reputation.

Advertisement

But Is This Method HIPAA Compliant?

Technically, yes, with a major caveat.

You do not need consent to send any communication that falls under care operations, which could include invoices, appointment reminders, and other administrative messages needed to keep the practice running. A patient satisfaction survey helps you identify areas for improvement and, as such, is covered as care operations messages.

With that said, asking for online reviews is not considered care operations. As part of the survey, you will need to ask for consent to contact them in the future. You cannot ask for reviews if you don’t receive consent. If they give you high satisfaction scores on the survey and consent to receive communication from you in the future, you can follow the survey up with a request for a Google or Yelp review.

Make Sure Patients Can Opt Out

It’s not enough for patients to opt-in; they must be able to opt-out any time. To stay HIPAA compliant, you need to make sure every piece of communication that requires consent also has a simple and clearly labeled button or checkbox that allows a patient to withdraw their consent.

Save Yourself a Headache

It’s important that every practice owner and manager study HIPAA. It is not simply an issue of following the law; it’s about respecting patients’ privacy and wishes. If you can prove that patient experience is your priority, your practice will grow. Disclaimer: This article is based on an interpretation of HIPAA’s guidelines and should not be considered bona fide legal advice.

Advertisement

Kaia Pankhurst is a Senior Content Strategist at Marketing4ECPs (marketing4ecps.com) where she creates and implements content strategies for eyecare practices all over North America. Outside of the office, Kaia is a musician, activist, and professional wrestler. Email her at [email protected]

Advertisement

SPONSORED VIDEO

SPONSORED BY SHAMIR

Shamir Glacier PLUS™UV

Utilizing the most advanced technologies, Shamir Glacier PLUS™ UV ensures you receive the most enhanced performance from your lenses.

Promoted Headlines

Advertisement

Advertisement

Advertisement

Subscribe


BULLETINS

Get the most important news and business ideas for eyecare professionals every weekday from INVISION.

Facebook

Most Popular