HIPAA Rules for Patient Testimonials: What Dentists Can (and Can’t) Say

By Susan Richards

Practicing dentists who boast a winning combination of digital marketing, user-friendly websites, and state-of-the-art dental technology still need one thing to succeed: positive patient testimonials. A modern office building or intraoral cameras may not have the desired impact compared to a relieved patient raving about the prompt and caring response to a dental emergency or the kind, efficient team members.

Genuine, enthusiastic reviews will deliver what matters most to potential patients who do online research for a new dentist: trust, relatability, and proof of success. Indeed, with most consumers using online search engines or third-party apps to find everything from the nearest taco shop to a qualified oral surgeon, making that connection is crucial.

While some people scan the star counts on Yelp or Healthgrades, many will want to read the personal experiences of other patients. Patient perspective can be compelling coming from those with similar cases or needs, such as dental anxiety or edentulism. An emotional bond might be created when learning of a total stranger having transformational dental care.

Harnessing the Value of the Patient Testimonial

Some reviews are organic and posted on Google or social media, but dentists must own the narrative of testimonials and online reviews from satisfied patients. The best way to do that is to ask.

The request can be automated soon after the patient's treatment by creating a form for the front desk or a scripted email. While fresh in their mind, a positive response will be more authentic and confident. Relevant questions for the patient could include:

1. Why did you choose our practice?
2. What type of dental care did you receive?
3. Are you satisfied with the results?
4. Was the staff friendly and helpful?
5. Did the dentist or hygienist answer all your questions?
6. Would you recommend our practice to friends and family?
7. What can we do to improve the patient experience?

Integrating positive, glowing reviews into your dental marketing is a no-brainer. Whether filming video testimonials or including five-star ratings on your home page, the message is clear to prospective patients. However, the healthcare industry has stringent guidelines for sharing patient information – even the ones willing and happy to do so.

Safeguarding Your Patients and Practice with HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was created, in part, to ensure continuity of coverage for employees between jobs. As more insurance industry transactions were conducted electronically, the HIPAA Security Rule was introduced to safeguard protected health information (PHI) across various platforms.

While the most common HIPAA violation is failing to provide patient records in a timely manner, dentists have also paid the price for inappropriate online responses to reviews. Receiving a negative review is never ideal, but engaging with a patient in a public forum—even if they're fake—may inadvertently reveal protected and personal information.

Dental providers are encouraged to respond to reviews, both positive and negative. However, it must be done in a way that doesn't indicate the person's status as a patient or discuss any aspect of their treatment. DOCS Education's regulatory counsel offers some tips for responding while remaining HIPAA-compliant:

1. Avoid using names.
2. Keep it general and avoid "you" specific language.
3. Focus on your practice goals and brand.
4. Remain positive.
5. Offer to continue the conversation offline.

When cultivating reviews and testimonials to help business growth, dentists must always follow HIPAA rules to safeguard their patients' PHI and their own practice.

HIPAA Guidelines and Patient Testimonials

The most appreciative patients must know they can trust a dental provider with their personal information, even when sharing a positive treatment experience. Here are seven key guidelines for honoring that relationship, both legally and in using best practices.

1. Written Authorization: Obtain explicit authorization from a patient before using their testimonial for marketing purposes. The document must describe what information will be disclosed, where it will be used, and who will receive it. Avoid legal language that may confuse most laypeople.
2. Minimum Information: You cannot include personal background on the patient or information that's irrelevant to their satisfaction with the care provided.
3. No Quid Pro Quo: Under no circumstances should a dentist condition dental care on receiving a patient testimonial.
4. De-Identification Option: Dentists have the option to "de-identify" a patient if they use a testimonial without written authorization. Primarily used to protect a patient's identity in research and studies, the U.S. Department of Health and Human Services (HHS) lists 18 identifiers to remove from any patient information shared publicly, including a testimonial.
5. Documentation and Recordkeeping: As with any legal documentation, dental offices should maintain comprehensive records. Authorizations should include an expiration date and be kept for six years. Inform the patient they can revoke permission at any time.
6. Staff Training: Ensure all team members are aware of HIPAA requirements in general and those related to marketing, social media, and patient testimonials.
7. Business Associate Agreement: To add another layer of HIPAA-required patient privacy, dentists must utilize a Business Associate Agreement when entering into a third-party relationship where PHI is disclosed. These associates and subcontractors could include cloud storage vendors, print and mailing services, and marketing companies.

Cultivate Goodwill

Positive feedback is rewarding on multiple levels for any business. Whether through social media, online review forums, or video testimonials, word-of-mouth recommendations remain a powerful tool for dental marketing. But dentists should never put their practice at risk by violating their patients' privacy – and HIPAA rules in the process.

There's great value in building patient trust and establishing your reputation in the community. Learn to cultivate goodwill in the form of testimonials while protecting everyone's best interests.

Author: Susan Richards is an award-winning staff writer at DOCS Education. With more than 20 years of experience in local journalism, feature writing, and business marketing, Susan enjoys creating content with context for various industries.