Online Reviews: Should you Respond, Even When They’re Negative?

Written By Tracey Cumberland
Project Director, Client Operations for Curi Advisory, Curi’s business unit dedicated to helping practice leaders protect, optimize, and grow their businesses with confidence

Medical practices are no exception to the rule that a strong online presence is essential to maintaining a thriving business. How and when you respond to online reviews is a key element of that presence—what’s often called online reputation management, or ORM.

Online reviews are used extensively by consumers to pick everything from mouthwash to medical care. A 2020 survey by Software Advice found that 90% of people use online reviews to evaluate physicians, and more than 70% of surveyed patients use online reviews as the first step to finding a new doctor. While most patients are pleased with the care that they receive, unfortunately, it’s the unhappy ones who are most likely to leave a review. How you choose to respond to these reviews can make or break a practice’s reputation, and it’s important to proceed with extreme caution to ensure compliance with any applicable privacy laws.

Responding to Online Reviews

Leaving negative or false reviews unaddressed can hurt your practice, your reputation, and even your career. So what do you do when a review is inflammatory or false? How do you avoid violating confidentiality? And should you even bother responding to positive reviews?

Many healthcare providers believe that HIPAA prevents them from responding to online patient reviews—and while it’s certainly a major concern, this is not entirely true. Privacy laws do restrict specific information from being noted on a public forum (such as acknowledgment of a doctor-patient relationship), but it’s important to note that these privacy laws do not outright prohibit responses to online commenters.

Understanding how to appropriately respond within these parameters can be nuanced, and we recommend that practices engage the help of experts to manage their online presence to avoid potential liability. At the very least, practices should appoint a designated individual to respond to all online reviews using only templates for responses. For example:

  • Related to positive reviews: “Thank you for taking the time to leave us a review!”
  • Related to negative reviews: “At our medical practice, we strive to provide the highest levels of patient satisfaction. However, we cannot discuss specific situations due to patient privacy regulations. If you are a patient and have questions or concerns, please contact us directly at [phone number].”

Top Dos and Don’ts of Online Reputation Management


  • Appoint a designated individual to respond to online reviews
  • Respond as soon as possible
  • Investigate negative feedback
  • Follow up—negative reviews should trigger a prompt and direct phone call, but never back-and-forth on the online review platform
  • Contact external experts before posting any response deviating from the language used in the above templates


  • Be defensive—don’t let emotion play a part in responses
  • Respond to specifics
    • Do not mention the practice or the patient’s name
    • Do not even remotely infer or confirm that the review relates to a patient of the practice
    • Do not mention details that could identify the patient
    • Do not acknowledge that the practice was involved in the treatment that is the subject of the review
  • Pay for positive reviews
    • Do not engage with any services that offer paid reviews or practice review “gating” (soliciting feedback and only directing those who had positive experiences to leave a public review). These practices are not advisable and could have negative consequences, including, but not limited to, removal of your business from online searches such as Google.

To learn more about online reputation management and the ways that Curi Advisory can help you protect and enhance your online presence using our Arrowlytics platform, click here or reach out to one of our experts at by calling 800.662.7917.

The opinions expressed herein are not intended as legal advice. We have found that the use of such information reduces the risks associated with ORM, but we cannot guarantee that following this advice will prevent an adverse action, claim, investigation, enforcement action or fine/penalty.