Review Websites:

Doctor Defamation & Patient Privacy A White Paper

May 4, 2015

Background

Social media provides an outlet for patient feedback, which can be used to inform and improve future practices like never before. However, today’s "share" culture is putting medical practices in legal danger.

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established rules to protect the privacy and security of individually identifiable health information. HIPAA Privacy Rule s set national standards in the U.S. for maintaining the confidentiality of protected health information. Accordingly, organizations and individuals were required to implement safeguards when working with covered information.

Failure to comply with HIPAA regulations can result in civil and criminal penalties. These penalties can apply to both organizations and individuals. Additionally, organizations can take disciplinary actions against responsible employees when a violation occurs.

HIPAA results in a monstrous issue for covered practitioners when faced with feedback on public forum sites such as “Yelp”. A practitioner who responds to reviews online could be slapped with violation of HIPAA and state privacy laws because by responding to a patient in an online forum arguably discloses a patient relationship.

In 1996, Congress also passed the Communications Decency Act (CDA), providing public forum sites that handle reviews protection from legal action. These sites can allow third parties to post information and the site is not held liable for that content. Yelp’s terms and conditions take full advantage of the CDA, disclaiming liability for user content on their site.

Fighting any negative online reviews in court has, in a way, become a futile exercise. In 2011, a California practitioner who sued the parents of a patient, alleging that a negative review they posted on Yelp defamed her, was ordered to pay the parents and Yelp $80,000 in attorneys' fees and litigation costs. The court ordered the practitioner to pay these fees because California has an anti-SLAPP (Strategic Lawsuit Against Public Participation) statute.

The law clearly favors the patient over the practitioner. Online review sites such as Yelp offer no relief for businesses faced with strict industry regulations. Yelp does not arbitrate disputes and argues that businesses should post public comments to reviewers. This clause is devastating for businesses whose reply may constitute acknowledgement of a patient relationship and therefore a privacy violation.

4/15/2023 Page 1

Yelp’s policy on flagging reviews from users who were never actually a patient recommends a remedy that can lead to illegally exposing patient relationships to Yelp’s flag removal case moderators. Businesses that cannot offer contact lists without violating patient confidentiality are rendered unable to provide evidence, which could lead to the removal of a fake review.

Abstract

Federal and state law supports a patient's right to post about a medical practice on public, online forums, and there is little practitioners can do to prevent patients from posting negative reviews. Additionally, industry specific regulations make it nearly impossible for HIPAA covered practitioners to respond to public face threats that result from negative online feedback. Terms and conditions on review websites offer no recourse for businesses with strict regulations, thereby rendering them helpless against potentially fraudulent and defaming reviews.

This paper seeks to shed light on a grave reputation management problem facing medical practitioners and offer prescriptive remedies.

Problem Statement

Some businesses are regulated more heavily than others, including regulations that affect how they manage their online reputation. These regulations apply to the businesses themselves and not consumers. This is the case with medical practices, which are accountable to federal and state laws regarding patient privacy and identifiable health information. As a result, these kinds of businesses can continue to be listed on sites like Yelp so that consumers can find and share information about them.

In most cases, regulated businesses can interact with consumers on Yelp in the same way that any other business can (e.g., sending private messages to reviewers or posting public responses which don't betray private information about the reviewer). Unfortunately, this is not the case with medical practices where responding to a patient in an online forum arguably discloses a patient relationship. This creates a situation where practitioners cannot legally respond to reviewers who are defaming them and causing losses to their reputation and bottom line.

This forces reputation managers for medical practices to limit review replies to overly generic, boilerplate communications, which can be perceived as cold and uncaring by an under-informed public. For example, medical practitioners or their representatives might state that they are always saddened when their patient experience did not exceed expectations. To avoid establishing a patient relationship, they must completely avoid any mention of the reviewer’s personal, patient experience or any issues that they have brought up in the review copy. Such impersonal language may further damage the perception of the practice and cause other users to perceive them as lacking concern for their patients on a relational level. This is assuming that the review was written by a person who actually had a personal consumer experience with the practice and is not an angry ex-employee or an industry competitor.

Sites like Yelp falsely contend that their review flagging protocols can remedy infirmities concerning fake reviews, however they fail to account for concerns such as HIPAA violations. Yelp’s policy on flagging reviews from users who were never actually a customer or patient prescribes, “Yelpers are not allowed to post reviews if they didn't have a consumer experience

4/15/2023 Page 2

with the business (e.g., buying something, calling to inquire about pricing, etc.). If you see a questionable review, please flag it.   Please note that our moderators will only remove a review if the consumer doesn't describe a consumer experience. It usually isn't enough to say that you don't recognize the reviewer as a real customer, so please let us know if you have specific evidence about who wrote the review.” The language here implies that businesses are expected to provide evidence that a reviewer did not interact with their business.

Proving that a person had no interaction with a business might entail providing evidence such as call logs, contact lists, payment receipts and other exhaustive lists with no sign of the reviewer’s name or other contact information. This is assuming that the reviewer in question used their real name on their Yelp profile and that identifiable information such as an e-mail address or phone number are even available. Businesses that cannot offer contact lists or other supporting documents without violating patient confidentiality are rendered unable to provide evidence, which could lead to the removal of a fake review. Accordingly, Yelp’s policy leaves covered medical practices with the choice of being defamed or risking a violation of federal and state privacy laws. Yelp’s unfair treatment of covered medical businesses is both unfair and highly unethical.

Proposed Solution

New measures must be taken to increase public awareness of the limitations faced by medical businesses on review websites. Awareness alone will not resolve inadequacies in legal protections available to covered medical businesses. However, increased transparency and public awareness is a step in the right direction.

Introduction of Solution

Public review sites must take steps to notify users of the legal limitations faced by businesses that are held accountable to federal and state laws concerning patient privacy and identifiable health information.

Business representatives who claim business profiles on review sites should be asked if they are held accountable to federal and state privacy laws such as HIPAA. If the page owner confirms that they are a covered organization, a notice should be clearly posted on their business profile for all users to see.

Recommended notification messaging points might include the following:

NOTE: This business is legally responsible for adhering to federal and state privacy laws [HYPERLINK TO A PAGE WITH LINKS TO RELEVANT FEDERAL AND STATE PRIVACY LAWS], which restrict their ability to publicly and personally respond to reviewers. Users are encouraged to contact the business in person, by phone, or private message before posting a review. WARNING: You are legally liable for the information contained in your review.

NOTE: Medical information is private and is subject to legal restrictions [HYPERLINK TO A PAGE WITH LINKS TO RELEVANT FEDERAL AND STATE PRIVACY LAWS], for both patient and practitioner. Users are encouraged to contact this business in person, by phone, or private message

4/15/2023 Page 3

before posting a review. CAUTION: You are legally liable for the information contained in your review.

Application of Solution

Notification of the privacy limitations placed on practitioners will enlighten business page viewers as to the reasons behind public replies that would have otherwise been considered to be cold or impersonal.

Additionally, recommending alternative feedback channels will encourage reviewers to communicate with businesses in a way that allows for greater protection of privacy and quicker resolution.

Alerting users to the private nature of medical information and of their liability for the information contained in their review is intended to dissuade fake reviewers or competitors from posting defamatory reviews.

While public notification alone is not a sufficient, long-term remedy to the unfair treatment of medical businesses in online forums, it is a necessary interim strategy as stakeholders await legislative action to balances the scales.

Long-Term Focus

Long-term solutions should focus on providing legal protections for medical businesses and practitioners. Legal provisions should treat releases of protected patient information equally, regardless of the releasing party. Accordingly, private information is entirely kept private unless the patient clearly and publicly acknowledges a personal consumer experience with a covered medical business. Legal remedies should increase the liability of patients providing information that can be perceived as acknowledging a patient relationship. If a reviewer clearly and publicly identifies himself or herself as a patient, the law should treat this as a release of liability for the business to reply publicly on the review-hosting site. Future efforts should seek to identify remedies, which equally protect both patient and practitioner.

Conclusion

Online review websites create privacy issues for medical practitioners who cannot publicly acknowledge a patient relationship with reviewers on their business profiles. Accordingly, current federal and state privacy laws seriously limit a covered business’ ability to repair damage done to their online reputation by fake and real reviewers. Currently, terms and conditions of review websites such as Yelp offer no viable recourse options. While business owners wait for legislative protections to catch up with technology, public notification on review sites can offer some interim assistance. Long-term focus should be dedicated to updating outdated legal precedents, which could not have anticipated such protectoral deficiencies in situations arising from then non-existent technologies.

4/15/2023 Page 4

Appendices

Appendix A – Author

Bianca Cirimele, BA, MA

Appendix B – References

1. Can I report a review if I don't think it was posted by a real customer? (n.d.). Retrieved May 4, 2015, from http://www.yelp-support.com/article/Can-I-report-a-review-if-I-dont-think-it-was-posted-by-a-real-customer?l=en_US

2. Dentists can use online forums such as Yelp to their advantage. (2014, January 13). Retrieved May 4, 2015, from http://www.cda.org/news-events/dentists-can-use-online-forums-such-as-yelp-to-their-advantage

3. Yelp for Business Owners. (n.d.). Retrieved May 4, 2015, from https://biz.yelp.com/support/common_questions

4/15/2023 Page 5