Encouraging Online Reviews

By Jackie Ulasewich, Founder, My Dental Agency

By now, you’re sure to understand the importance of managing your online reputation. We know dental practices are faced with two major threats regarding their online reputation. The first, of course, is negative reviews. However, as we’ve discovered, these can be mitigated and handled appropriately in such a way that they have minimal to no impact. But the greatest threat is a negative reputation — by which we mean not having a researchable reputation at all. In fact, not having a robust reputation online can be even worse than having negative reviews! As Oscar Wilde said, “The only thing worse than being talked about is not being talked about.”

In order to generate, enhance and maintain your online reputation, we prefer using our own tried, tested and true approach: the COME ON!” Approach. Here are tips and guidance on how this approach can best help you manage your dental practice reviews:

C: Consistently ask for reviews.
We understand that directly asking patients for online reviews might not be the most comfortable thing in the world. Fret not, though; you needn’t ask every single patient to leave an online review. We’ve discovered that the best approach is to take a few minutes during a morning or weekly meeting before the doors have opened to identify which patients would be optimal to ask to leave a review. Then, identify the staff member or doctor with the best relationship with those particular patients to ask for an online review. This is perhaps the most natural and results-producing method of getting these reviews. This helps minimize awkward situations, while at the same time maximizing the number of favorable reviews.

When done with sincerity and openness with a pleased patient, you’d be surprised how willing they are to give back and leave a review as a way of saying thanks. And your patients — just like everyone else — might get a bit busy and forgetful, so this little nudge is usually all that’s needed to get the online feedback you want.

O: Office signage that motivates patients to leave reviews.
In addition to verbal requests, it really does help to have an eye-catching sign at the front desk asking your patient to leave a review. It serves as a nice, simple reminder without having to ask (or in addition to your verbal request). And with the way smartphones are used to kill time these days, it’s pretty likely that while a patient is waiting a few minutes to be called back they will take that opportunity to write a review. Get creative and put something together that catches their attention.

M: Make it easy for your patients to leave reviews.
There are many ways you can provide your patients with the steps needed to leave an online review on the platforms you’ve targeted as the most relevant to your practice. You can shoot them a text message with a link to the review page of your preferred platforms, or even send them an email that directs them to the appropriate page. Since people are busy, the last thing we and many of our patients want to do is try to figure out how to leave a review on Google, Facebook or Yelp. This is why it’s best to simply send them directly to review pages on these platforms. This eliminates the need to provide verbal step-by-step instructions on how to arrive on those sites.

E: Email and marketing campaigns that ask for reviews.
Email campaigns are great for many things, including online reputation management. You can use your email campaign to give patients a friendly reminder that if they haven’t already left a review, it would be tremendously appreciated if they did so. Be sure to include the instructions or, better yet, links directly to the review pages in the email. However, it’s best practice to send these friendly reminders only every so often. You don’t want to bombard them with these messages every month and seem desperate or needy. Also, you can use social media to ask your followers and fans to leave a review. Great creative with the way you ask that will be sure to get the best response, in terms of quality and quantity.

O: Ongoing monitoring and moderation of reviews.
Online reputation management requires heightened vigilance. You never know when a negative review might strike. And, if and when this happens, it’s imperative you don’t let it linger.

N: Never leave a negative review unaddressed.
Let’s face it, negative reviews may happen. But don’t worry — it’s not the end of the world. By constantly monitoring and moderating your reviews, you can publicly respond to any unfavorable ones before any damage is done. In doing so, you will prove to patients — potential and current alike — that you truly care about their experiences and are actively working to resolve any issues they made have had. In this way, a negative review becomes something positive, as it allows you to address specific issues in a personal, caring manner for all to see. Moreover, as long as you are proactive and diligent in asking your patients to leave a positive review, the few perhaps misguided negative ones will be vastly outweighed and overshadowed. In comparison to your vast amount of positive reviews, they’ll appear as mere dismissible outliers.


With more than a decade of experience in corporate dental laboratory marketing and brand development, Ms.
Ulasewich decided to take her passion for the dental business and marketing to the next level by founding My Dental Agency. Since starting her company, Ms. Ulasewich and her team have helped a wide variety of business owners all over the nation focus their message, reach their target audience and increase their sales through effective marketing campaigns. For more information, she can be reached at Jackie@mydentalagency.com or 800.689.6434.

 

Be Cybersecure: Protect Patient Records, Avoid Fines and Safeguard Your Reputation

By David McHale, Senior Vice President and Chief Legal Officer, The Doctors Company

Cybercrime costs the U.S. economy billions of dollars each year and causes organizations to devote substantial time and resources to keeping their information secure. This is even more important for health care organizations, the most frequently attacked form of business.1 Cybercriminals target health care for two main reasons: health care organizations fail to upgrade their cybersecurity as quickly as other businesses, and criminals find personal patient information particularly valuable to exploit.

Recent cyberattacks on large health insurance companies further demonstrate cybersecurity risks. On Jan. 29, 2015, Anthem, the second largest health insurer in the United States, announced it was the victim of a sophisticated cyberattack that it believed happened over several weeks starting in December 2014.2 Reported as one of the largest attacks to date, the Anthem breach exposed the information of up to 80 million current and former members, including names, birth dates, Social Security numbers, health care IDs and addresses.3 That same day, Premera Blue Cross discovered it also was a victim of a cyberattack, with an initial attack taking place in May 2014. Cybercriminals gained unauthorized access to the information of up to 11 million Premera customers dating back to 2002, ranging from birth dates and Social Security numbers to addresses and bank account information — the second largest breach, after Anthem, in the health care industry.4

The repercussions of security breaches can be daunting. A business that suffers a breach of more than 500 records of unencrypted personal health information (PHI) must report the breach to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). This is the federal body with the power to enforce the Health Insurance Portability and Accountability Act (HIPAA) and issue fines. To date, the OCR has levied more than $25 million in fines, with the largest single fine totaling $4.8 million.5 In 2014, U.S. health care data breaches cost companies an average of $314 per record — the highest of any industry.6

A health care organization’s brand and reputation also are at stake. The OCR maintains a searchable database (informally known as a “wall of shame”) that publicly lists all entities that were fined for breaches that meet the 500-record requirement.7

To help safeguard your systems, know the most common ways a breach occurs. The theft of unencrypted electronic devices or physical records is the most common method, accounting for 29 percent of breaches across all industries in the United States.2 Also common are hacking (23 percent) and public distribution of personal records (20 percent). A breach in the latter category led to the largest OCR fine to date when two affiliated hospitals accidentally made patient records public on the Internet.5

If you think you may not be fully compliant with HIPAA privacy and security rules, consider taking the following steps:

  • Identify all areas of potential vulnerability. Develop secure office processes, such as:
    • sign-in sheets that ask for only minimal information.
    • procedures for the handling and destruction of paper records.
    • policies detailing which devices are allowed to contain PHI and under what circumstances those devices may leave the office.
  • Encrypt all devices that contain PHI (laptops, desktops, thumb drives and centralized storage devices). Make sure that thumb drives are encrypted and that the encryption code is not inscribed on or included with the thumb drive. Encryption is the best way to prevent a breach.
  • Train your staff on how to protect PHI. This includes not only making sure policies and procedures are HIPAA-compliant, but also instructing staff not to openly discuss patient PHI.
  • Audit and test your physical and electronic security policies and procedures regularly, including what steps to take in case of a breach. The OCR audits entities that have had a breach, as well as those that have not. The OCR will check if you have procedures in place in case of a breach. Taking the proper steps in the event of a breach may help you avoid a fine.
  • Insure. Make sure that your practice has insurance to assist with certain costs in case of a breach.

 

References

1Visser S, Osinoff G, Hardin B, et al. Information security & data breach report—March 2014 update. Navigant. March 31, 2014. http://www.navigant.com/~/media/WWW/Site/Insights/Disputes%20Investigations/Data%20Breach%20Annual%202013_Final%20Version_March%202014%20issue%202.ashx. Accessed June 17, 2014.

2How to Access & Sign Up for Identity Theft Repair & Credit Monitoring Services. Anthem, Inc. February 13, 2015. https://www.anthemfacts.com. Accessed March 19, 2015.

3McCann E. Hackers swipe Anthem data in massive cyberattack. Healthcare IT News. February 5, 2015. http://www.healthcareitnews.com/news/hackers-swipe-anthem-data-huge-breach-attack. Accessed March 19, 2015.

4Miliard M. Premera Blue Cross hack exposes 11M. Healthcare IT News. March 18, 2015. http://www.healthcareitnews.com/news/premera-blue-cross-hack-exposes-data-11m. Accessed March 19, 2015.

5McCann E. Hospitals fined $4.8M for HIPAA violation. Government Health IT. May 9, 2014. http://www.govhealthit.com/news/hospitals-fined-48m-hipaa-violation. Accessed June 24, 2014.

6Ponemon Institute LLC. 2014 cost of data breach study: United States. May 2014. Study sponsored by IBM. http://www.accudatasystems.com/assets/2014-cost-of-a-data-breach-study.pdf. Accessed March 20, 2015.

7
Breaches affecting 500 or more individuals. U.S. Department of Health & Human Services. http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html. Accessed June 23, 2014.


David McHale is The Doctors Company’s Chief Legal Officer. He holds a law degree from the University of the Pacific’s McGeorge School of Law and an MBA from the University of Illinois. He is a Certified HIPAA Compliance Officer (AIHC) and a regular presenter before insurance trade organizations and the National Association of Insurance Commissioners (NAIC).

Contributed by The Doctors Company. For more patient safety articles and practice tips, visit www.thedoctors.com/patientsafety.

The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each health care provider in light of all circumstances prevailing in the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.