The doctor’s guide to responding to patient reviews and other online feedback

Download the free whitepaper

By submitting my email address above, I acknowledge that PatientPop may use my information as described in its Privacy Policy.

When patients search for doctors and other healthcare providers, they often turn to reviews. In fact, one survey revealed that 72 percent of people said checking review sites is their first step in choosing their providers.1 Another report found that 78 percent of people say they trust online reviews as much as personal recommendations.2 In another survey, 91 percent of people said they will conduct additional research on a provider even after receiving a referral.3

A critical part of online reputation management is acknowledging and engaging with the feedback you receive online. However, many doctors are hesitant to respond to patient reviews and other feedback because of the Health Insurance Portability and Accountability Act (HIPAA), which includes protections for patient privacy. Unlike restaurants and retail stores, doctors must take special care when engaging online as to not accidentally violate HIPAA.

This whitepaper provides a guide to reputation management for doctors. It discusses where patients are leaving feedback, explains why it's important to address feedback, and shares examples of HIPAA-compliant responses to online feedback.

Common questions about patient reviews and feedback

Where do patients leave reviews and feedback?

Patients can leave reviews and feedback on a variety of online sites. Your practice might be listed on Google My Business, Yelp, the Yellow Pages, and more. In addition, you likely have your own profile on physician directories such as WebMD or RateMDs.

According to a recent patient survey, patients most often post reviews on Google (39.2 percent), the practice’s own website (24.8 percent), and Yelp (23.8 percent).4

Patients said they most often read patient reviews on Google (48.8 percent), WebMD (32.8 percent), and Yelp (22.8 percent).

If you haven’t yet claimed your profiles, you should take time to do so on the more popular sites. Some websites allow you to set up alerts or notifications when a new review is submitted to ensure you never miss one. It’s imperative to stay on top of all patient feedback not only as part of your doctor reputation management strategy but also to learn of actionable feedback you can use to improve your practice.

Patients could also be leaving comments or feedback on your social media posts. In fact, for many, social media has become a customer service channel. Forty-six percent of consumers have used social to “call out” brands and more than half of consumers call out brands on social in order to get a resolution or response.5

Addressing private feedback

Sometimes, a patient won’t use a public forum to express a concern or to share a positive experience but will instead send feedback privately. Even though these comments are not visible to others, it’s very important for you to address them as part of your online reputation management strategy.

If you receive a private compliment, thank your patient and ask them if they would be willing to share their feedback publicly. This is an opportunity to boost your online reputation.

If you receive critical feedback, it is important that you respond and address the feedback in order to save the provider-patient relationship. Often, patients just want to feel heard by their doctors. Providing that opportunity privately can help with your overall patient retention and satisfaction.

What are the risks of responding to online feedback?

HIPAA prohibits healthcare providers from revealing their patients’ protected health information (PHI). Accidentally revealing PHI when responding to patient reviews can put providers at risk of fees, penalties, and in extreme cases, jail time.6

Perhaps of some relief to health providers, the U.S. Department of Health and Human Services (HHS) recently announced that it would place a cap on HIPAA fines based on culpability.7 In other words, those with a process to protect patient information would be penalized less than those who had shown neglect.

Patients might identify themselves as recipients of a provider’s care and reveal information about their diagnosis and treatment in their reviews or comments. But even if patients are open about their health, providers cannot confirm their business or discuss their care, as they are still bound by HIPAA.

A lack of clarity on what may or may not violate HIPAA deters many providers from engaging online.

In a recent survey, 36 percent of providers cited concerns about HIPAA as a primary reason for not responding to patient feedback.

Among providers who have never responded to patients online, 46 percent said they refrain due to concerns about HIPAA compliance.8

If the risks are great, why should healthcare providers even bother responding to online feedback?

Patients want to engage with their healthcare providers and want to know that their concerns aren’t falling on deaf ears. If you receive positive feedback, it’s a chance to thank someone for their kind words. Engaging with your patients also encourages others to leave positive feedback, which will help enhance your overall online reputation. 

Negative reviews can deter prospective patients from choosing you as their provider, so it’s of special importance to reply where appropriate. Negative patient reviews impact your average star rating, which is considered the most important review factor by consumers, and negative reviews stop 40 percent of consumers from wanting to use a business.9 Plus, if you respond to a disgruntled patient, it offers the chance to repair the relationship.

Acknowledging patient reviews is not only a customer expectation — 70 percent of patients say that it is very or moderately important to them that providers answer negative reviews10 — but responding can reverse its impact: Almost one in five people will disregard a negative review if the provider has responded in a thoughtful manner.11

In fact, a PatientPop survey found that, when a provider responds to a negative patient review, the rate of satisfied patients doubles, increasing 99 percent.12

Responding to patient feedback

The best preparation for responding to patient reviews and online feedback is to have a process in place. You may modify the particulars based on your schedule, specialty, and practice size, but there are three basic tenets providers should follow.


  • Respond quickly. Preferably, you should reply within 24 hours. Patients generally expect to receive a resolution and the longer you wait, the more it may appear you do not care.
  • Be concise. The longer your response, the more likely you are to overshare protected information or appear defensive. Offer to move the conversation to a private and secure place, so you can freely understand and address patient concerns.
  • Be careful. When someone is upset, it’s natural to want to apologize, but you should not say sorry or admit fault. It’s also important to remain vague in your response. Even if the patient has provided details regarding their visit, you cannot confirm a person is a patient or that they visited your practice without their explicit permission.

Positive patient reviews

When responding to a positive review, sometimes a simple thank you is enough. As mentioned previously, you cannot confirm what your patient has shared is true. If you would like to use their feedback in marketing materials, you can privately reach out to the patient and ask for their verbal consent. Once you have their verbal consent, you can send them a HIPAA-compliant release form to receive their written consent.

Here is an example of a positive review and a simple, but effective response:

“I had the most wonderful experience at this practice! The facility is clean, the staff is welcoming, and I was seen right at the time of my appointment. The doctor really listened to my concerns and helped me feel at ease. Would totally recommend!”

Example response: “Thank you for sharing! Everyone at our practice strives to provide an excellent patient experience.”

By responding with a short and sweet comment, you’re acknowledging the time your patient spent on writing you a review. You’re not confirming anything they’ve said or that they even came to see you but are simply thanking them for their review.

Negative patient reviews

Now let’s look at an example of a negative review and an appropriate response:

“I had a terrible experience at this doctor’s office. I waited over 45 minutes to be seen, the staff was rude, and no one was able to answer my questions. Plus, there’s nowhere to park. I don’t think I’ll return.”

Example response: “Thank you for your comment. The patient experience is important to us, which is why we aim to see all patients within 10 minutes of their scheduled appointment. We also offer valet parking behind the office building. Please give us a call at (800) 555-5555 so we can better assist you.”

In this response, the provider is careful not to apologize or admit fault, not to confirm that the reviewer is a patient, and not to reveal any personal information or details regarding their visit. They simply say thank you, reiterate a general office policy and information about the practice, and offer to move the conversation offline.

Positive social media comments

HIPAA covers all online interactions, so responding on social media is not much different from responding to reviews. Some social media platforms allow you to “like” comments, and that is an easy and effective way to acknowledge someone’s feedback.

Here’s an example of a positive comment:

“I love this doctor! She and her team work to make sure you have an amazing experience!”

Example response: “Thank you for this feedback. Our practice has an amazing group of providers and staff, and we all take great pride in our work.”

Again, in this response, the provider is thanking the person for the comment and then talking about her work and her staff in general terms.

Negative social media comments

Sometimes a patient will find your Facebook page to share their concerns. A patient might comment:

“It’s very frustrating trying to get in touch with this practice. They never pick up their phone!”

Example response: “Thank you for your comment. Our phone lines can sometimes get tied up, especially during our lunch hour. If we’re not able to take a call, we try to respond to all voicemails within one business day.

In addition to phone calls, we accept questions and other inquiries via email at [email protected]. We also offer new and returning patients the ability to schedule available appointments online at their convenience.”

This response provides others who are reading the comment with information about the practice without revealing anything about the person who commented. As an additional step, you can send a private message asking for the best way to reach them. That way, you can follow up directly.

Like it or not, patients rely on online reviews and other commentary to make their care decisions. Doctors and healthcare providers who fail to reply to feedback run the risk of alienating prospective patients. On the other hand, providers who respond to online feedback in a timely, concise, and careful manner could enjoy more new patients and could even sometimes mend relationships with current patients.

HIPAA undoubtedly complicates the process of replying to patient reviews and other feedback, but it’s possible to demonstrate that you’re listening to patient feedback without violating their privacy. Using this whitepaper as a starting point, work with your legal counsel to create an online reputation management plan that’s right for your practice.

Disclaimer: The information in this whitepaper should not be used in place of legal counsel. Always vet your process for online interactions with an attorney.

Download the free whitepaper

By submitting my email address above, I acknowledge that PatientPop may use my information as described in its Privacy Policy.

The doctor’s guide to responding to patient reviews and other online feedback