Answering Reviews on Google Business Profile (GBP)

A HIPAA-Compliant & FTC-Friendly Guide
for Dental and Healthcare Providers

Guy-review

Why Respond to Reviews?

Engaging with patient feedback online builds trust and improves your online reputation. However, as a healthcare provider, responses must comply with HIPAA, FTC guidelines, and Google’s review policies.

HIPAA RULE: Never Confirm a Patient Relationship

Even if a reviewer uses their real name, you cannot confirm that they were treated at your office.
HIPAA-Safe Responses:
  • “Thank you for your kind words!”
  • "We appreciate your feedback!”
  • “Thank you for taking the time to leave a review.”
Unsafe Responses:
  • “We loved seeing you yesterday.”
  • “We’re glad your treatment went well.”
  • “We’re so happy your child had a great visit.”

You may thank them in person at their next visit — never online.

Google Review Policies

(Reminder from Google, 2024)

Accept all reviews, both positive and negative.
Never offer incentives (e.g., discounts, gifts) in exchange for reviews.
Do not solicit reviews from employees or affiliates.
Avoid reviewing competitors or asking others to post fake reviews.
Read google's full policy
FTC Consumer Reviews Rule

(Effective Oct 21, 2024)

Learn more from the FTC

The FTC now enforces civil penalties for:

  • Posting fake reviews
  • Suppressing or hiding negative reviews
  • Misrepresenting endorsements or testimonials
Best Practices for Responding to Reviews
  • Acknowledge without identifying the reviewer as a patient.
  • Keep it short, polite, and professional.
  • Report reviews that violate Google’s policies.
  • Do not attempt to move conversations online. Invite them to call privately.
Sample Responses You Can Use:
  • “Thank you for your thoughtful feedback.”
  • “We appreciate hearing from our community!”
  • “Thanks for your review — it means a lot to our team.”
How to Respond to Negative Reviews (While Staying HIPAA-Compliant)

Negative reviews can be frustrating, but responding professionally shows prospective patients you care
— even when you can’t discuss specifics.

DOs:
  • Acknowledge the feedback without confirming they are a patient.
  • Invite them to connect offline for further assistance.
  • Stay calm, courteous, and non-defensive.
  • Report any reviews that violate Google’s policies (e.g., fake, irrelevant, or containing personal health info).
DON'Ts:
  • Don’t confirm treatment or reference any health information.
  • Don’t argue, apologize for specific care, or attempt to diagnose online.
  • Don’t disclose any details that could suggest the reviewer’s patient status.
Sample HIPAA-Compliant Responses to Negative Reviews:
"Thank you for your feedback. We’re always working to improve and would be happy to speak with you directly. Please feel free to call our office.”
“We strive to provide a great experience and take all concerns seriously. If you’d like to speak with our team, we welcome your call.”
“We’re sorry to hear about your experience. Please contact us directly so we can better understand your concerns.”
More Resources:
  1. ADA: Managing Dental Practice Online Reviews
  2. Birdeye: HIPAA Guidelines for Reviews
  3. Google Business Profile Policies Summary