The document discusses the issues that medical practices face with patient reviews on public websites due to privacy laws. It notes that while the law protects a patient's right to post reviews, laws like HIPAA greatly restrict a practice's ability to respond without risking privacy violations. This creates problems for practices to address defamatory reviews. The document proposes notifying website users of these legal restrictions on medical practices and encouraging alternative feedback channels. It also advocates for long-term legal solutions to better balance patient and practice rights regarding online reviews.

1. Review Websites:
Doctor Defamation & Patient Privacy
A White Paper
May 4, 2015
Background
Social media provides an outlet for patient feedback, which can be used to inform and improve
future practices like never before. However, today’s "share" culture is putting medical practices in
legal danger.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established rules to
protect the privacy and security of individually identifiable health information. HIPAA Privacy
Rules set national standards in the U.S. for maintaining the confidentiality of protected health
information. Accordingly, organizations and individuals were required to implement safeguards
when working with covered information.
Failure to comply with HIPAA regulations can result in civil and criminal penalties. These
penalties can apply to both organizations and individuals. Additionally, organizations can take
disciplinary actions against responsible employees when a violation occurs.
HIPAA results in a monstrous issue for covered practitioners when faced with feedback on public
forum sites such as “Yelp”. A practitioner who responds to reviews online could be slapped with
violation of HIPAA and state privacy laws because by responding to a patient in an online forum
arguably discloses a patient relationship.
In 1996, Congress also passed the Communications Decency Act (CDA), providing public forum
sites that handle reviews protection from legal action. These sites can allow third parties to post
information and the site is not held liable for that content. Yelp’s terms and conditions take full
advantage of the CDA, disclaiming liability for user content on their site.
Fighting any negative online reviews in court has, in a way, become a futile exercise. In 2011, a
California practitioner who sued the parents of a patient, alleging that a negative review they
posted on Yelp defamed her, was ordered to pay the parents and Yelp $80,000 in attorneys' fees
and litigation costs. The court ordered the practitioner to pay these fees because California has an
anti-SLAPP (Strategic Lawsuit Against Public Participation) statute.
The law clearly favors the patient over the practitioner. Online review sites such as Yelp offer no
relief for businesses faced with strict industry regulations. Yelp does not arbitrate disputes and
argues that businesses should post public comments to reviewers. This clause is devastating for
businesses whose reply may constitute acknowledgement of a patient relationship and therefore a
privacy violation.
5/4/2015 Page 1

2. Yelp’s policy on flagging reviews from users who were never actually a patient recommends a
remedy that can lead to illegally exposing patient relationships to Yelp’s flag removal case
moderators. Businesses that cannot offer contact lists without violating patient confidentiality are
rendered unable to provide evidence, which could lead to the removal of a fake review.
Abstract
Federal and state law supports a patient's right to post about a medical practice on public, online
forums, and there is little practitioners can do to prevent patients from posting negative reviews.
Additionally, industry specific regulations make it nearly impossible for HIPAA covered
practitioners to respond to public face threats that result from negative online feedback. Terms
and conditions on review websites offer no recourse for businesses with strict regulations, thereby
rendering them helpless against potentially fraudulent and defaming reviews.
This paper seeks to shed light on a grave reputation management problem facing medical
practitioners and offer prescriptive remedies.
Problem Statement
Some businesses are regulated more heavily than others, including regulations that affect how
they manage their online reputation. These regulations apply to the businesses themselves and not
consumers. This is the case with medical practices, which are accountable to federal and state
laws regarding patient privacy and identifiable health information. As a result, these kinds of
businesses can continue to be listed on sites like Yelp so that consumers can find and share
information about them.
In most cases, regulated businesses can interact with consumers on Yelp in the same way that any
other business can (e.g., sending private messages to reviewers or posting public responses which
don't betray private information about the reviewer). Unfortunately, this is not the case with
medical practices where responding to a patient in an online forum arguably discloses a patient
relationship. This creates a situation where practitioners cannot legally respond to reviewers who
are defaming them and causing losses to their reputation and bottom line.
This forces reputation managers for medical practices to limit review replies to overly generic,
boilerplate communications, which can be perceived as cold and uncaring by an under-informed
public. For example, medical practitioners or their representatives might state that they are always
saddened when their patient experience did not exceed expectations. To avoid establishing a
patient relationship, they must completely avoid any mention of the reviewer’s personal, patient
experience or any issues that they have brought up in the review copy. Such impersonal language
may further damage the perception of the practice and cause other users to perceive them as
lacking concern for their patients on a relational level. This is assuming that the review was
written by a person who actually had a personal consumer experience with the practice and is not
an angry ex-employee or an industry competitor.
Sites like Yelp falsely contend that their review flagging protocols can remedy infirmities
concerning fake reviews, however they fail to account for concerns such as HIPAA violations.
Yelp’s policy on flagging reviews from users who were never actually a customer or patient
prescribes, “Yelpers are not allowed to post reviews if they didn't have a consumer experience
with the business (e.g., buying something, calling to inquire about pricing, etc.). If you see a
questionable review, please flag it. Please note that our moderators will only remove a review if
5/4/2015 Page 2

3. the consumer doesn't describe a consumer experience. It usually isn't enough to say that you don't
recognize the reviewer as a real customer, so please let us know if you have specific evidence
about who wrote the review.” The language here implies that businesses are expected to provide
evidence that a reviewer did not interact with their business.
Proving that a person had no interaction with a business might entail providing evidence such as
call logs, contact lists, payment receipts and other exhaustive lists with no sign of the reviewer’s
name or other contact information. This is assuming that the reviewer in question used their real
name on their Yelp profile and that identifiable information such as an e-mail address or phone
number are even available. Businesses that cannot offer contact lists or other supporting
documents without violating patient confidentiality are rendered unable to provide evidence,
which could lead to the removal of a fake review. Accordingly, Yelp’s policy leaves covered
medical practices with the choice of being defamed or risking a violation of federal and state
privacy laws. Yelp’s unfair treatment of covered medical businesses is both unfair and highly
unethical.
Proposed Solution
New measures must be taken to increase public awareness of the limitations faced by medical
businesses on review websites. Awareness alone will not resolve inadequacies in legal protections
available to covered medical businesses. However, increased transparency and public awareness is
a step in the right direction.
Introduction of Solution
Public review sites must take steps to notify users of the legal limitations faced by
businesses that are held accountable to federal and state laws concerning patient privacy
and identifiable health information.
Business representatives who claim business profiles on review sites should be asked if
they are held accountable to federal and state privacy laws such as HIPAA. If the page
owner confirms that they are a covered organization, a notice should be clearly posted on
their business profile for all users to see.
Recommended notification messaging points might include the following:
• NOTE: This business is legally responsible for adhering to federal and state privacy
laws [HYPERLINK TO A PAGE WITH LINKS TO RELEVANT FEDERAL
AND STATE PRIVACY LAWS], which restrict their ability to publicly and
personally respond to reviewers. Users are encouraged to contact the business in
person, by phone, or private message before posting a review. WARNING: You
are legally liable for the information contained in your review.
• NOTE: Medical information is private and is subject to legal restrictions
[HYPERLINK TO A PAGE WITH LINKS TO RELEVANT FEDERAL AND
STATE PRIVACY LAWS], for both patient and practitioner. Users are
encouraged to contact this business in person, by phone, or private message before
posting a review. CAUTION: You are legally liable for the information contained
in your review.
5/4/2015 Page 3

4. Application of Solution
Notification of the privacy limitations placed on practitioners will enlighten business page
viewers as to the reasons behind public replies that would have otherwise been considered
to be cold or impersonal.
Additionally, recommending alternative feedback channels will encourage reviewers to
communicate with businesses in a way that allows for greater protection of privacy and
quicker resolution.
Alerting users to the private nature of medical information and of their liability for the
information contained in their review is intended to dissuade fake reviewers or
competitors from posting defamatory reviews.
While public notification alone is not a sufficient, long-term remedy to the unfair treatment
of medical businesses in online forums, it is a necessary interim strategy as stakeholders
await legislative action to balances the scales.
Long-Term Focus
Long-term solutions should focus on providing legal protections for medical businesses and
practitioners. Legal provisions should treat releases of protected patient information equally,
regardless of the releasing party. Accordingly, private information is entirely kept private unless
the patient clearly and publicly acknowledges a personal consumer experience with a covered
medical business. Legal remedies should increase the liability of patients providing information
that can be perceived as acknowledging a patient relationship. If a reviewer clearly and publicly
identifies himself or herself as a patient, the law should treat this as a release of liability for the
business to reply publicly on the review-hosting site. Future efforts should seek to identify
remedies, which equally protect both patient and practitioner.
Conclusion
Online review websites create privacy issues for medical practitioners who cannot publicly
acknowledge a patient relationship with reviewers on their business profiles. Accordingly, current
federal and state privacy laws seriously limit a covered business’ ability to repair damage done to
their online reputation by fake and real reviewers. Currently, terms and conditions of review
websites such as Yelp offer no viable recourse options. While business owners wait for legislative
protections to catch up with technology, public notification on review sites can offer some interim
assistance. Long-term focus should be dedicated to updating outdated legal precedents, which
could not have anticipated such protectoral deficiencies in situations arising from then non-
existent technologies.
5/4/2015 Page 4

5. Appendices
Appendix A – Author
Bianca Cirimele, BA, MA
Appendix B – References
1. Can I report a review if I don't think it was posted by a real customer? (n.d.).
Retrieved May 4, 2015, from http://www.yelp-support.com/article/Can-I-report-a-
review-if-I-dont-think-it-was-posted-by-a-real-customer?l=en_US
2. Dentists can use online forums such as Yelp to their advantage. (2014, January
13). Retrieved May 4, 2015, from http://www.cda.org/news-events/dentists-can-
use-online-forums-such-as-yelp-to-their-advantage
3. Yelp for Business Owners. (n.d.). Retrieved May 4, 2015, from
https://biz.yelp.com/support/common_questions
5/4/2015 Page 5

6. Appendices
Appendix A – Author
Bianca Cirimele, BA, MA
Appendix B – References
1. Can I report a review if I don't think it was posted by a real customer? (n.d.).
Retrieved May 4, 2015, from http://www.yelp-support.com/article/Can-I-report-a-
review-if-I-dont-think-it-was-posted-by-a-real-customer?l=en_US
2. Dentists can use online forums such as Yelp to their advantage. (2014, January
13). Retrieved May 4, 2015, from http://www.cda.org/news-events/dentists-can-
use-online-forums-such-as-yelp-to-their-advantage
3. Yelp for Business Owners. (n.d.). Retrieved May 4, 2015, from
https://biz.yelp.com/support/common_questions
5/4/2015 Page 5