Connect with us

Columns

Keeping HIPAA Happy: The Legal Way to Solicit Reviews

Although HIPAA does not specifically mention online reviews, it outlines several rules that impact your legal ability to encourage patients to write reviews.

mm

Published

on

ONLINE REVIEWS CAN make or break your business. In fact, up to 84 percent of patients say they help them choose a doctor. When patients are happy with your services, it’s a great idea to encourage them to review your practice on Google or Yelp.

But can you actually do that? The Health Insurance Portability and Accountability Act (HIPAA) is very strict on how health care providers use patients’ contact information. In order to stay out of trouble, it’s crucial that you familiarize yourself with HIPAA’s rules and follow them to the letter.

11 Images That Show Why Oxford Eyes in Orlando Was Named One of America’s Finest Optical Retailers
Photo Gallery

11 Images That Show Why Oxford Eyes in Orlando Was Named One of America’s Finest Optical Retailers

11 Images That Show Why Huxley Optical in Minnetonka, MN Was Named One of America’s Finest Optical Retailers.
Photo Gallery

11 Images That Show Why Huxley Optical in Minnetonka, MN Was Named One of America’s Finest Optical Retailers.

13 Images That Show Why Oculus Eyewear Gallery in San Marcos, TX Was Named One of America’s Finest Optical Retailers
Photo Gallery

13 Images That Show Why Oculus Eyewear Gallery in San Marcos, TX Was Named One of America’s Finest Optical Retailers

What Does HIPAA Actually Say?

Although HIPAA does not specifically mention online reviews, it outlines several rules that impact your legal ability to encourage patients to write them. Here are the basics of HIPAA’s privacy rule as it relates to your patient’s contact information and how you’re allowed to use it.

The Privacy Rule is meant to protect all “individually identifiable health infomation” that you might get from your patients. The way you get that information doesn’t matter; whether you hear it verbally, read it in an email, or your patient fills it out in an online form, that information is protected. Individually identifiable health information includes:

  • The patient’s name, address, birthday, or social security number
  • The patient’s past, present, or future mental or physical health conditions
  • Any services or care you’ve provided or are currently providing the patient
  • Any other information one might reasonably believe could be used to identify your patient

You need a patient’s express written permission to use or disclose their information for any marketing efforts. Your intended use or disclosure of the information needs to be clearly defined in plain language to make sure they understand what they’re agreeing to. Your patient must also be able to revoke their consent at any point. Keeping their information in a database is fine, but you will need their permission to add them to mailing lists.

Start with a Survey

One of the best ways to get reviews from the right patients is through patient satisfaction surveys. Through an automated system, you can identify patients that provide high satisfaction scores and ask them to write reviews. It’s a great way to curate a positive digital reputation.

Advertisement

But Is This Method HIPAA Compliant?

Technically, yes, with a major caveat.

You do not need consent to send any communication that falls under care operations, which could include invoices, appointment reminders, and other administrative messages needed to keep the practice running. A patient satisfaction survey helps you identify areas for improvement and, as such, is covered as care operations messages.

With that said, asking for online reviews is not considered care operations. As part of the survey, you will need to ask for consent to contact them in the future. You cannot ask for reviews if you don’t receive consent. If they give you high satisfaction scores on the survey and consent to receive communication from you in the future, you can follow the survey up with a request for a Google or Yelp review.

Make Sure Patients Can Opt Out

It’s not enough for patients to opt-in; they must be able to opt-out any time. To stay HIPAA compliant, you need to make sure every piece of communication that requires consent also has a simple and clearly labeled button or checkbox that allows a patient to withdraw their consent.

Save Yourself a Headache

It’s important that every practice owner and manager study HIPAA. It is not simply an issue of following the law; it’s about respecting patients’ privacy and wishes. If you can prove that patient experience is your priority, your practice will grow. Disclaimer: This article is based on an interpretation of HIPAA’s guidelines and should not be considered bona fide legal advice.

Advertisement

Kaia Pankhurst is a Senior Content Strategist at Marketing4ECPs (marketing4ecps.com) where she creates and implements content strategies for eyecare practices all over North America. Outside of the office, Kaia is a musician, activist, and professional wrestler. Email her at [email protected]

SPONSORED VIDEO

SPONSORED BY WEAVE

Transform Your Multi-office Phone System Into a Revenue-generation Tool

Weave’s multi-office, multi-department, and multi-provider phone system is built to flexibly accommodate and augment your practices’ most powerful revenue-generation tool: ring phones across multiple locations, set up inter-office call overflow, support external call centers, and more. And by connecting to your patient data, call handlers see a patient’s upcoming appointments, overdue balances, overdue family members, and preferred location – all when they pick up the phone." Learn more at getweave.com/weave-unify

Promoted Headlines

Advertisement

Advertisement

Advertisement

Subscribe


BULLETINS

Get the most important news and business ideas for eyecare professionals every weekday from INVISION.

Instagram

Most Popular