Protected Health Information in Reviews

Patient reviews and testimonials are important for your practice. Prospective patients use them to determine if they should visit you, search engines use them as a ranking signal, and you use them to showcase your team and expertise.

However, getting reviews and publishing them in healthcare is different than most industries. Mainly because of HIPAA.

At MDidentity, we know the challenges practices face in getting reviews while staying HIPAA compliant. Below we’ll share a few ways you can protect your patients’ information and still get online reviews.

HIPAA’s Regulations on Publishing Patient Reviews

A few years ago, a physical therapy practice posted testimonials from happy patients, including PHI, their name and photo, online. While, the happy patients may have been okay with their testimonial, the physical therapy practice failed to get written authorization to use them for marketing purposes.

This mistake cost the practice $25,000 in fines.

HIPAA’s regulations on publishing patient reviews containing PHI are strict. There are specific rules and guidelines your practice must follow if you’re going to use these patient testimonials with PHI in your marketing campaigns including your website.

Keeping Your Reviews HIPAA Compliant

  1. Get a signed agreement – For every patient testimonial, you must have a written authorization form acknowledging they their consent. You should keep a copy at the office and give your patient a copy as well.
  2. Provide HIPAA rules to patients – When a patient is signing their authorization form, you should also hand them a copy of HIPAA’s policies. All patients need to know their rights when it comes to patient privacy. This policy should also include how you might use their testimonial on the website, on social media, and any other online entity.
  3. Give patients guidelines on what to say – While you don’t want to tell patients what to say in their review, you should give them pointers and tips so they can not only protect themselves, but give you a good review as well. Tell them how they can protect their privacy without sacrificing their review.

Not following HIPAAs guidelines on protecting patient information and privacy can cost your healthcare practice thousands of dollars. And not only is it the money, but your reputation, both in the local community and medical community, will be threatened as well.

It’s worth creating a process that your internal team can follow to stay HIPAA compliant. This protects you and your patients from possible legal matters.

Want to get more HIPAA-compliant reviews for your practice? MDidentity can help you request more reviews, respond to reviews, and so much more. A unique online reputation management tool, MDidentity has everything you need to conquer your reviews. Get a free demo here.

Andrew Rost
Andrew is the Lead Product Manager for MDidentity, where he geeks out daily over digital reputation, data and graphs. When he’s not equipping doctors and business owners with the tools and knowledge to manage their digital reputation, he’s playing sports, eating granola and hiking the woods of Maine with his family.