Articles / Practice Growth

Responding to Patient Reviews: What to Say (And What Will Get You Sued)

· 9 min read · Nick Dumitru

A patient just left you a one-star review on Google. Your blood pressure spikes. You want to fire back with the truth. You want to explain what really happened. You want everyone reading that review to know that this person is being unreasonable.

Don’t type a single word yet.

What you say in the next five minutes could cost you a $1.5 million HIPAA fine, a medical board complaint, or a lawsuit. And I’m not being dramatic. Real practices have paid six-figure settlements over review responses that seemed perfectly reasonable to the doctor who wrote them.

Physician responses to negative reviews significantly influence patient choice, according to a 2024 study in the Journal of Medical Internet Research. That means your response matters twice: once for the patient who wrote it, and once for every prospective patient who reads it afterward. Get it right and you build trust. Get it wrong and you lose both the reviewer and everyone watching.

The HIPAA trap in three sentences

Here’s how fast you can get in trouble:

Patient writes: “Dr. Smith botched my nose job and then refused to fix it.”

Dr. Smith responds: “Mrs. Johnson, the revision you’re referring to wasn’t medically necessary based on your post-op healing at 6 weeks, and I explained this during your follow-up on March 3rd.”

That response just confirmed: the patient’s identity, the procedure performed, a clinical assessment, and a specific appointment date. All of that is protected health information under HIPAA. The maximum annual penalty for willful neglect that goes uncorrected is $1.5 million. And “I was just defending myself” is not a legal defense.

I’ll get into the HIPAA details more later. For now, just burn this into your brain: never confirm or deny that someone was your patient, and never reference any clinical details.

Responding to positive reviews

Let’s start with the easy ones. A patient leaves a five-star review saying something nice. Here’s what to do.

Respond within 48 hours. Speed signals that you pay attention and care about patient feedback. Don’t let positive reviews sit there unacknowledged for weeks.

Be specific enough to seem human, vague enough to be safe. You can thank someone by name if they’ve used their own name publicly in the review. But don’t add any clinical details they didn’t mention.

Good response: “Thank you, Sarah! We’re so glad you had a great experience. Your kind words mean a lot to our whole team.”

Bad response: “Thank you, Sarah! We’re so glad your rhinoplasty recovery is going well. Dr. Chen always enjoys working with patients who follow the post-op instructions as well as you did.”

See the difference? The second one just confirmed the procedure, the doctor, and the patient’s compliance. All PHI.

Vary your responses. If every response is “Thanks for the kind words! We appreciate you!” it reads like a bot. Mix it up. Reference their sentiment without referencing their care.

Here are some safe positive response templates you can adapt:

  • “Thank you so much! It’s always great to hear when someone has a positive experience with our team.”
  • “Really appreciate you taking the time to share this. Feedback like yours helps other patients feel confident about reaching out.”
  • “This made our day. Thank you for trusting us.”

None of those reference a procedure, a condition, a date, or a treatment plan. That’s the point.

Responding to negative reviews

This is where it gets tricky. And where most doctors mess up.

Step 1: Walk away from the keyboard

Read the review. Feel your emotions. Then close the browser and wait at least two hours. Better yet, sleep on it. Your first draft response is almost always too defensive, too detailed, and too risky. I’ve read hundreds of doctor responses to negative reviews. The ones written in anger always make things worse.

Step 2: Determine if it’s a real patient

Some negative reviews are fake. Competitors, disgruntled former employees, or people who never visited your practice. If you genuinely don’t have a record of this person, flag the review with Google as policy-violating and respond with something neutral like: “We take all feedback seriously. We weren’t able to find a record matching your description, but we’d like to help. Please call our office directly.”

Step 3: Write the response using these rules

Acknowledge their frustration without agreeing with their claims. You don’t have to say “you’re right.” You have to say “I hear you.”

Never confirm they were a patient. This is the one that trips up every doctor. Even “we always strive to provide great care for all our patients” is safer than “we’re sorry your experience at our practice wasn’t what you expected.” The second one implies they were a patient.

Never reference any clinical details. Not the procedure. Not the outcome. Not the dates. Not the diagnosis. Not the treatment plan. Nothing. Even if they’ve already shared those details publicly, you cannot confirm them.

Offer to resolve it offline. Give them a phone number or email. This does two things: it shows prospective patients that you handle complaints professionally, and it moves the conversation to a private channel where you can actually discuss specifics without HIPAA risk.

Keep it short. Three to four sentences. Long responses look defensive and give you more rope to hang yourself with.

Safe response templates for negative reviews

“We’re sorry to hear about your experience. We take all patient feedback seriously and would like the opportunity to address your concerns directly. Please contact our office at [phone] so we can discuss this further.”

“This doesn’t reflect the standard we hold ourselves to. We’d like to learn more about what happened. Please reach out to us at [phone/email] and we’ll make sure the right person connects with you.”

“Thank you for sharing your feedback. We understand this wasn’t the experience you expected, and we’d like to discuss this privately. Please call us at [phone].”

Notice what’s not in any of those: the patient’s name tied to any care detail, confirmation of any procedure or visit, defensiveness, clinical explanations, or excuses.

The responses that will destroy you

These are real patterns I’ve seen from doctors. Every one of them is a liability:

The clinical defense. “Actually, the swelling you experienced is a normal part of the healing process for the procedure you had, and we discussed this extensively during your pre-op consultation on January 12th.” This confirms the procedure, the outcome, and a specific appointment. HIPAA violation.

The blame shift. “If you had followed the post-operative care instructions we provided, your results would have been better.” This confirms they were a patient, had a procedure, received instructions, and had a suboptimal result. It also makes you look like a jerk to every prospective patient reading it.

The passive-aggressive apology. “We’re sorry you feel that way.” Everyone on the internet knows this isn’t a real apology. It reads as dismissive and will make the negative review stick harder in readers’ minds.

The lawyer-up response. “This review contains false and defamatory statements. Our attorneys have been notified.” Even if it’s true, this response makes you look vindictive and scary. Prospective patients don’t want to give their money to someone who threatens legal action when they get a bad review.

The denial. “This never happened. We have no record of this person.” Even if it’s true, now you look like you’re calling the patient a liar. A simple “we weren’t able to match this to a record” is safer and less combative.

When to respond vs. when to ignore

Respond to every review on Google. Both positive and negative. There’s no scenario where ignoring a review helps you.

For negative reviews on smaller platforms (Yelp, Healthgrades, RateMDs), the calculus changes slightly. If the platform has low traffic in your market, a non-response might be fine. But on Google, where 84% of patients are looking? Respond. Always.

For abusive, profane, or clearly fake reviews, flag them for removal first. Then leave a brief, professional response in case Google doesn’t remove them.

Training your staff on review responses

If you have staff members responding to reviews on your behalf, they need training. Specifically on HIPAA-compliant response language. I’ve seen front desk managers respond to reviews with detailed explanations of office policies that inadvertently confirmed patient identities and visit details.

Create approved response templates. Train staff to use them. Make it clear that nobody deviates from the templates without the doctor’s personal review and approval. One well-meaning receptionist typing out a detailed response at 5 PM on a Friday can create a six-figure problem.

The strategy behind the response

Every review response is marketing. It’s not for the person who wrote the review. It’s for the 50 prospective patients who will read it next month.

When a prospective patient reads a negative review followed by a calm, professional, empathetic response, they think: “This doctor handles criticism well. They care. They’re professional.” That response can actually convert MORE patients than if the negative review had never existed.

I’ve watched practices turn one-star reviews into trust-building moments just by responding well. The negative review shows you’re human. The response shows you’re a professional.

When a prospective patient reads a negative review followed by silence, or worse, a defensive rant, they think: “If this is how they handle a complaint publicly, what happens when something goes wrong with my procedure?”

45% of patients regularly read reviews before booking, according to Tebra’s 2025 data. They’re reading your responses too. Write them for that audience.

What to do this week

  1. Read every negative review on your Google profile. If any are unanswered, respond using the templates above. Today.
  2. Read every response you’ve already written. Does any of them contain clinical details, procedure names, or specific dates? If so, edit or delete those responses immediately. Talk to a healthcare attorney if you’re unsure.
  3. Create a simple review response document with three approved templates: one for positive reviews, one for negative reviews, and one for suspected fake reviews. Share it with anyone who has access to your review profiles.

Your review responses are public statements about your practice. Treat them that way.

Written by

Nick Dumitru

20+ years helping growth-focused businesses generate leads and revenue.

About Think Basis

← Previous

Online Scheduling for Medical Practices: Help or Hindrance?

Next →

HIPAA and Online Reviews: What You Can and Can't Say

Ready to Talk Growth?

If you are serious about scaling your practice or portfolio, we should talk.

Start a Conversation