ONLINE REVIEWS CAN make or break your business. In fact, up to 84 percent of patients say they help them choose a doctor. When patients are happy with your services, it’s a great idea to encourage them to review your practice on Google or Yelp.
But can you actually do that? The Health Insurance Portability and Accountability Act (HIPAA) is very strict on how health care providers use patients’ contact information. In order to stay out of trouble, it’s crucial that you familiarize yourself with HIPAA’s rules and follow them to the letter.
What Does HIPAA Actually Say?
Although HIPAA does not specifically mention online reviews, it outlines several rules that impact your legal ability to encourage patients to write them. Here are the basics of HIPAA’s privacy rule as it relates to your patient’s contact information and how you’re allowed to use it.
The Privacy Rule is meant to protect all “individually identifiable health infomation” that you might get from your patients. The way you get that information doesn’t matter; whether you hear it verbally, read it in an email, or your patient fills it out in an online form, that information is protected. Individually identifiable health information includes:
- The patient’s name, address, birthday, or social security number
- The patient’s past, present, or future mental or physical health conditions
- Any services or care you’ve provided or are currently providing the patient
- Any other information one might reasonably believe could be used to identify your patient
You need a patient’s express written permission to use or disclose their information for any marketing efforts. Your intended use or disclosure of the information needs to be clearly defined in plain language to make sure they understand what they’re agreeing to. Your patient must also be able to revoke their consent at any point. Keeping their information in a database is fine, but you will need their permission to add them to mailing lists.
Start with a Survey
One of the best ways to get reviews from the right patients is through patient satisfaction surveys. Through an automated system, you can identify patients that provide high satisfaction scores and ask them to write reviews. It’s a great way to curate a positive digital reputation.
Advertisement
But Is This Method HIPAA Compliant?
Technically, yes, with a major caveat.
You do not need consent to send any communication that falls under care operations, which could include invoices, appointment reminders, and other administrative messages needed to keep the practice running. A patient satisfaction survey helps you identify areas for improvement and, as such, is covered as care operations messages.
With that said, asking for online reviews is not considered care operations. As part of the survey, you will need to ask for consent to contact them in the future. You cannot ask for reviews if you don’t receive consent. If they give you high satisfaction scores on the survey and consent to receive communication from you in the future, you can follow the survey up with a request for a Google or Yelp review.
Make Sure Patients Can Opt Out
It’s not enough for patients to opt-in; they must be able to opt-out any time. To stay HIPAA compliant, you need to make sure every piece of communication that requires consent also has a simple and clearly labeled button or checkbox that allows a patient to withdraw their consent.
Save Yourself a Headache
It’s important that every practice owner and manager study HIPAA. It is not simply an issue of following the law; it’s about respecting patients’ privacy and wishes. If you can prove that patient experience is your priority, your practice will grow. Disclaimer: This article is based on an interpretation of HIPAA’s guidelines and should not be considered bona fide legal advice.
