How to handle PHI from online reviews and surveys - Binary Fountain

August 24, 2017

How to handle PHI from online reviews and surveys

By: John McFeely

There’s no question that patient reviews are growing ever more important to healthcare organizations and their providers. The new digitally-empowered healthcare consumer rules: seventy-seven percent of patients today use online reviews when choosing a provider. The prevalence of online comments, and the sheer number of online comments and reviews on sites like Facebook and Google make it much more likely that protected health information (PHI) will show up online.

It is vital that a healthcare organization establish a process for handling situations where a patient posts an online review or comment related to their physicians or facility – and reveals their PHI. This goes beyond good consumer relations, of course. The Health Insurance Portability and Accountability Act (HIPAA) imposes stiff financial penalties for privacy breaches and exposure of PHI. The legal tangle that can result is reason enough to be pro-active on privacy.

What’s your procedure for monitoring reviews with PHI?

The ‘early warning system’ for dealing with PHI is your reputation management policy and the tools you use to maintain it. Make sure you are monitoring online mentions of your facilities and providers for potential trouble: watch for addresses, names, procedures, and other signs of exposed PHI. Here’s a list of the you need to know.

When it comes to managing reviews on your facility’s provider pages, Binary Fountain recommends publishing all comments from patient experience surveys, whatever the sentiment. However, comments should be monitored for PHI (along with profanity and libelous comments), with the identifying content being removed before it’s published, in accordance with the HIPAA privacy rule. This is a best-practice approach that reflects industry standards.

When monitoring third-party online rating and review sites, your editing tools should include templates that help ensure consistency of response, so that the reply is appreciated as genuine, rather than canned or robot-like. You should analyze patient feedback from a multitude of online sources to ensure maximum coverage: social media, review sites, advocacy forums, blogs and others.

Are you responding properly?
In situations where there is potential PHI exposure, it’s essential to adopt and follow a written response procedure that immediately engages Legal, Patient Advocacy and Customer Care staff as appropriate to the individual case.

In coordination with them, your response should come within a couple days – hours, if possible. The longer PHI sits exposed to public view, the more troublesome it is. Take the conversation offline rather than risking an online back-and-forth that could worsen the situation. Requesting that they remove the PHI is in their best interest – not just yours. Also, if the PHI is disclosed in a complaint or negative review, the provider appears to the public as neglectful and uncaring. In this case continue to take the conversation offline and help them contact a patient relations staffer.

Are you prepared?
It’s vital to have in place a reputation management program that actively seeks comment, and that actively engages with consumers. So, what’s the best time to prepare your response to comments, complaints or reviews that potentially expose PHI? NOW, before the next comment is posted!

To learn more, visit our blog homepage.

About the Author

John McFeely
Sales Director

Request a Demo