HIPPA Security Rule Compliance for Dental Practices: Protecting Your Patients' Data - And Yourself.
Dave Argentar • September 17, 2019
The care that dentists need to provide their patients doesn’t end when they get up from the chair. Dental offices, and the computers, networks, servers, and files maintained within (and outside of) their walls contain patient information that must be kept secure and protected from data breaches and unauthorized disclosure. If your practice doesn’t have the systems, protocols, and policies in place to comply with HIPAA’s multitude of patient privacy and security requirements, even inadvertent and seemingly “harmless” violations can lead to significant financial and legal headaches.
HIPAA security compliance simply cannot be an afterthought for dental practices, nor is it a matter of “set it and forget it.” It requires constant vigilance, proactive planning, and regular audits and updates. This is particularly true when it comes to ensuring the security of electronic health records. Dentists need to commit people, time, and resources to the protection of patient information and should regularly consult with attorneys who can assist them in making their HIPAA compliance efforts robust and effective.
HIPAA Application to Dental Practices
After HIPAA became law in 1996, the U.S. Department of Health and Human Services (HHS) issued a set of national standards governing the use and disclosure of patients’ protected health information (PHI). Commonly known as the Privacy Rule , the Standards for Privacy of Individually Identifiable Health Information apply to “covered entities” as defined in HHS regulations.
The odds that your dental practice is a “covered entity” under HIPAA sit pretty close to 100%. If you send claims, eligibility inquiries and requests, pre-determinations, claim status inquiries, or treatment authorization requests to third parties through electronic means, you must comply with HIPAA.
HIPAA obligations don’t end at the Privacy Rule, which limits how and to whom PHI can be disclosed. Dental practices must also comply with the Security Rule ( Security Standards for the Protection of Electronic Protected Health Information ) as well as the Breach Notification Rule.
The HIPAA Security Rule
While the Privacy Rule addresses who may have access to PHI, the Security Rule sets the standards for ensuring that only those authorized individuals can access that information. One important distinction between the Privacy Rule and Security Rule is that while the former applies to PHI in whatever form – paper, oral, electronic - the Security Rule only covers electronic health records (ePHI). Since dental practices increasingly rely on electronic means to create, store, and transmit records, ensuring that your practice satisfies the Security Rule’s mandates is the centerpiece of any HIPAA compliance program.
The safeguards required under the Security Rule are divided into three categories:
· Administrative – As defined in the rules, these are policies and procedures designed “to manage the selection, development, implementation, and maintenance of security measures to protect electronically protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”
Practices must sufficiently implement and monitor their “performance of security management process, assignment or delegation of security responsibility, training requirements, and evaluation and documentation of all decisions.”
The essence of administrative compliance is people: people who are in charge of security, people who are trained about security, and people who are responsible for administering, monitoring, and auditing security compliance.
· Physical Access Controls – This involves safeguards established to control physical access to data and information and the systems which store them. This includes such essential elements as:
o Facility Access Controls – policies and procedures that limit physical access to all areas and devices where ePHI is stored, such as locked doors, restricted areas, surveillance systems, security guards, etc.
o Workstation Access and Security – policies and procedures that specify the proper functions to be performed on workstations, how employees should perform those functions, and physical workstation security.
o Device and Media Controls – thumb drives, laptops, phones, tablets, and other devices represent a significant vulnerability for unauthorized access to or distribution of ePHI. Dental practices need to establish policies and procedures that govern how hardware and electronic media containing ePHI can enter or exit dental offices. These controls must include disposal, media reuse, accountability, and data backup and storage.
· Technical controls – this involves “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” Firewalls, encryption, data security measures, and other systems put in place to prevent data breaches, cyberattacks, and unauthorized access to ePHI fall into this category.
Your Practice Could Be Held Responsible for Any HIPAA Violations by a “Business Associate”
Many if not most practices contract at least some of their billing, claims management, and other back-office responsibilities to third-party vendors. If a practice fails to obtain “satisfactory assurances” from a “business associate” that it is HIPAA-compliant before retaining their services, and a PHI breach subsequently occurs, the practice entity may be considered liable for any damages that result
That is why every dental practice that shares PHI with outside contractors enter into a written HIPAA-Compliant Business Associate Agreement with such vendors. These agreements should specify:
·the types of PHI that the practice will provide to the business associate;
·the permissible uses and disclosures of PHI by the business associate;
·the measures that the business associate must implement to protect PHI;
·the actions that the business associate will take in the event of a data breach.
HIPAA Compliance Questions? Call Grogan, Hesse & Uditsky Today
At Grogan, Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you.
If you have questions or concerns about your practice’s compliance with HIPAA, please call us at (630) 833-5533 or contact us online to arrange for your free initial consultation.
Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
Speak to an Attorney
Related Posts
For many associate dentists, the sound of opportunity knocking comes in the form of an offer to become a co-owner of the practice where they work. Rare is the dentist who would reject out of hand the chance to reap the rewards of years of hard work and move from employee to owner. For the practice owner who opens the equity door for their associate, such a “buy-in” can infuse cash and value into the business, laying the foundation for a seamless ownership transition upon their retirement. The key to a successful buy-in is a clear and equitably structured deal that is workable for both parties in terms of how the associate will pay for their equity interest. However, there is no one-size-fits-all approach. The structure of a dental associate buy-in can vary significantly depending on factors such as the associate’s financial capacity, the practice’s value, and the owner’s long-term objectives. Whether you are the associate or the practice owner in such an anticipated transaction, you should consult with an experienced dental practice attorney to understand your options and determine which structure provides you with the most value. Your discussions with your attorney will likely include some or all of these common dental associate buy-in arrangements: Cash Purchase A cash purchase is the most straightforward buy-in model. With either cash on hand or through financing (the more likely scenario), the associate purchases an agreed-upon percentage of the practice (for example, 25% or 50%) for a lump sum based on the appraised value of the practice. That appraisal will likely use metrics such as collections, earnings before interest and taxes (EBIT), or a percentage of annual gross revenue. The main advantage of a cash purchase is its simplicity and immediacy. The associate becomes an owner right away, while the practice owner receives a clean and full payout for the equity sold. However, obtaining the needed financing may be easier said than done for an associate dentist, and a large cash payout may also come with unwanted tax ramifications for the owner. Buy-in documents for a cash purchase should address governance rights, profit distribution, and exit mechanisms. They should also define what happens if an associate departs, how future buyouts are valued, and whether non-compete or non-solicitation covenants apply. Installment Sale An installment sale allows the associate to purchase equity over time, making periodic payments instead of an upfront lump-sum payment. After the practice value is determined, the associate agrees to buy a certain percentage of ownership through regular payments (e.g., monthly or quarterly) over several years. Payments may include interest, and ownership may be transferred incrementally or upon full payment. This is a good option for associates who do not have the means for a full cash buy-in immediately. For owners, this arrangement provides a steady income stream – so long as the associate does not leave before completing payments. That is why the documentation should clearly outline the timing of ownership right transfers and provide robust default remedies, such as forfeiture of prior payments or reversion of ownership interests. Sweat Equity In a sweat equity buy-in, the associate essentially cashes in their years of service, earning ownership over time based on their contribution to the practice’s growth or profitability rather than through an immediate cash investment. In a typical sweat equity arrangement, the associate receives equity credits or options tied to measurable performance benchmarks, such as production levels, collections, or tenure. Once those targets are met, a portion of ownership is granted or sold at a reduced price. This structure enables talented but liquidity-challenged associates to become owners without initial financial strain. It also incentivizes them to grow the practice and stay long-term. Shadow Account (a/k/a Phantom Equity) As I discussed in detail in this post , a shadow account (also known as a phantom equity plan) is an increasingly popular buy-in model, especially when the owner is not yet ready to transfer real equity but wants to reward the associate as if they were an owner. In this model, the associate receives the right to cash payments equal to the value of the shares at a specified later date or distribution event. That value can be established through an appraisal or an agreed-upon formula. The selected events that give an associate a right to a payout can include such things as achieving performance goals, termination, or retirement. There are two types of shadow account/phantom stock plans. In an "appreciation only” plan, the cash payout upon vesting does not include the value of the underlying shares, only the increase in value of that stock since it was granted. In a “full value” plan, the practice pays both the underlying value of the stock and the amount the stock has appreciated while held by the associate. Like actual stock, phantom stock has a defined value and tracks the practice’s performance, but an associate holding phantom stock typically does not have either minority shareholder rights or voting rights in the practice. This makes phantom stock plans attractive for owners who want to provide associates with a sense of equity ownership without giving up any actual control. The practice has broad discretion and flexibility in designing the plan, including valuation formulas and vesting conditions, and the administrative burdens are less than for traditional stock option plans. As noted, the “best” buy-in structure depends on the unique goals of both parties. No matter which model is ultimately adopted, well-crafted documentation, preceded by careful consideration and consultation with counsel, is essential. That is because these deals do more than just transfer ownership - they can lay the foundation for a stable, profitable partnership that preserves the practice’s legacy and rewards everyone’s investment, financial or otherwise. We Focus on You So You Can Focus on Your Patients At Grogan Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Please call us at (630) 833-5533 or contact us online to arrange for your free initial consultation. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices. This blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
For years, state courts and legislatures have taken a skeptical eye toward non-competition agreements. Judges here in Illinois and elsewhere routinely struck down overly broad and overreaching provisions, while an increasing number of jurisdictions have passed legislation or ordinances banning non-competes outright or limiting their scope and enforceability. During the Biden administration, the federal government injected itself into the heretofore state and local assault on non-competes. Both the Federal Trade Commission (FTC) and the National Labor Relations Board (NLRB) took the position, in a Final Rule and counsel's opinion, respectively, that almost all existing and future non-competes were void and unenforceable. Those actions were immediately challenged in court, and litigation about the FTC's ban resulted in dueling district court rulings, with injunctions issued against its enforcement in some cases, while other judges found the FTC had properly issued the Final Rule. The FTC subsequently appealed federal court rulings in Texas and Florida that invalidated or enjoined, respectively, the FTC's non-compete ban. Then came Election Day 2024. Nationwide Ban Abandoned, but Challenges to Non-Competes Remain Unsurprisingly, for an administration with a penchant for being business-friendly and regulation-averse, the newly comprised FTC quickly changed its tune on a nationwide non-compete ban. A series of moves this year has made it clear that the federal government, at least for the next three years, is abandoning any such blanket efforts. Specifically, the FTC moved in September to dismiss its appeals of two district court decisions that had struck down the Final Rule. Simultaneously, the commission took steps towards acceding to the vacatur of the non-compete ban . At the same time, however, the FTC has also indicated, through recent enforcement actions and warning letters , that it will continue to pursue remedies against employers on a case-by-case basis for the unlawful use of post-employment non-competes under Section 5 of the FTC Act, which prohibits "unfair methods of competition." Those FTC efforts, which are nothing new, mean the battle over the validity of non-compete agreements will continue to be fought largely at the state and local levels. Once again, dental practice owners and other employers will need to tailor their non-competition agreements to comply with the patchwork of jurisprudence, laws, and regulations of the states and localities where they have employees while remaining mindful of anti-competitive overreach that could attract the FTC's attention. With the nationwide non-compete ban dead and buried, but restrictions on and litigation about the enforceability of such agreements very much alive, now is an opportune time for practice owners to consult with experienced employment counsel who can review and revise any existing or contemplated non-competition provision as necessary. If you have questions about your company’s non-competes or would like assistance reviewing or drafting such agreements, please call Grogan Hesse & Uditsky at (630) 833-5533 or contact us online to arrange for your free initial consultation. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
As a 17 th -century French playwright, actor, and poet, Molière probably received his fair share of stinging, negative reviews of his work. While we may not know exactly how he felt about such critiques, he did offer some sage advice that dentists should heed when confronted with a patient’s scathing, hurtful, or untrue online review: “ A wise man is superior to any insults which can be put upon him and the best reply to unseemly behavior is patience and moderation .” Human nature being what it is, patience and moderation can be in short supply when a dentist reads a review that casts doubt on their competence, integrity, or professionalism, especially if they believe that the review’s content contains abject falsehoods or misrepresentations. Not only can such online comments make blood boil and bruise the ego, but even one negative review can have a devastating impact on a practice and its reputation. 84% of the public trusts online reviews to help them make consumer decisions, including those involving healthcare providers. According to some surveys, more than 70% of patients say they read reviews before selecting a healthcare provider, and nearly half would not consider a provider with fewer than four stars. Negative reviews can disproportionately influence perception, even if they represent a small fraction of feedback. Given that a single negative review can stand out in an otherwise glowing profile and, if left unaddressed, may deter potential patients, dentists understandably will want to respond, correcting misstatements or otherwise neutralizing the misrepresentations or assertions contained in the review. But those responses, if made reflexively and without careful consideration of legal and ethical boundaries, can make a bad situation worse or make the dentist appear petty and vindictive. Additionally, dentists who do decide to respond to a patient’s negative review publicly may inadvertently reveal confidential patient information in their attempts to refute allegations of poor or substandard care. Such transgressions can have catastrophic licensing and regulatory consequences for dentists. So what should dentists do when faced with a horrible review that every prospective patient can see? As discussed below, responses can, and often should, be made, but with the patience and moderation Molière recommended. Hitting Back v. Hitting HIPAA Perhaps the biggest risk dentists take when publicly responding to a patient’s negative review is inadvertently violating their HIPAA patient privacy obligations. Unlike other businesses, dentists cannot freely discuss the details of a patient’s complaint in a public forum. The HIPAA Privacy Rule prohibits disclosing protected health information (PHI) without patient authorization. Even acknowledging that the reviewer is a patient may constitute a privacy violation. For example, if a patient writes, “I had a terrible root canal here,” the dentist cannot reply with, “We offered you antibiotics, but you refused.” That would be a clear HIPAA violation. Instead, dentists should respond in general terms that neither confirm nor deny treatment specifics. Best Practices for Responding to Negative Reviews When deciding how and whether to respond, dentists should keep the following principles and tips in mind: Cool Off Before Going Off. The worst thing a dentist can do with a bad online review is to immediately post a response in the throes of anger and indignation, however justifiable those emotions may be. Before deciding whether and how to respond, take the time needed for your professionalism and rationality to come back to the fore. Stay Professional and Neutral. Never respond defensively or emotionally. A hostile reply can escalate the issue and further damage your reputation. Even if the review feels unfair, professionalism is key. Acknowledge Without Confirming. Responses should not confirm that the reviewer is or was a patient. Instead, use neutral language such as: “We take all feedback seriously and strive to provide excellent care. We encourage you to contact our office directly to discuss your concerns.” Take the Conversation Offline. Invite the reviewer to call or email the office to resolve the issue privately. This demonstrates attentiveness while protecting confidentiality. Highlight Practice Values. Use responses as an opportunity to reaffirm commitment to patient care. For example: “Our goal is to make every patient feel comfortable and well cared for. We welcome feedback to help us improve.” When Silence May Be Golden Not every negative review needs a reply. If the comment is clearly unreasonable, inflammatory, or fraudulent, sometimes the best response is no response—or a simple flagging of the review for removal. Consider not responding in the following circumstances: Abusive or Fake Reviews. If a review contains profanity, slander, or appears fraudulent, flag it for removal instead of responding. Ongoing Legal Disputes. If the complaint relates to malpractice or litigation, responding publicly can backfire and give the patient more ammunition for their claims. Obvious Spam. Automated or irrelevant reviews do not require acknowledgment. Can You Sue for Defamation? Sure. Will You Win? Probably Not. On more than one occasion, a panicked and indignant dentist or other client of mine has called me to ask whether they could and should sue their former patient for defamation for a harsh online review. The answer, of course, is that you are well within your rights to sue “YourDentalPracticeSucks123” or whoever it is that is trying to take a wrecking ball to your career. You can sue anybody for anything. Whether such a lawsuit will be successful or has any legal basis is another matter entirely. The fact is that even the most scathing negative online review, if susceptible to the principle of “innocent construction” (meaning the allegedly libelous statement is given a non-defamatory interpretation because it is deemed ambiguous) or is composed of opinions rather than demonstrably false allegations of misconduct, will likely not qualify as actionable defamation in most jurisdictions. Furthermore, such lawsuits can expose the offended dentist or other professional to backlash, ridicule, and bad publicity in the fast-moving and fickle world of social media. If you look to hold online review sites and other platforms responsible for false and defamatory information posted by reviewers, you won’t get terribly far. While you may be able to get a website to remove a particularly egregious post, Section 230 of the federal Communications Decency Act largely immunizes such sites from claims based on comments or reviews posted by third-party users. Is It a Subjective Opinion or a Factual Allegation? The most common issue that arises in defamation cases based on online reviews is the question of whether or not a statement was false. Only false statements of fact can form the basis of a defamation claim, not opinions, no matter how histrionic or counterfactual they may be. A statement of fact is one that can be objectively proved or disproved. Consider the two following hypothetical reviews of a dentist: “She was rude, impatient, and treated me disrespectfully. It was perhaps the worst experience I’ve ever had with a dentist in my entire life. She is horrible.” “He stole money from my purse and touched me inappropriately while I was under sedation.” The former is a non-actionable opinion, as the dentist will not be able to objectively prove whether or not she was, in fact, rude, disrespectful, and the cause of one of the worst experiences in the patient’s life. Contrast that with the latter statement that accuses the dentist of specific actions and misconduct that can be proven or disproven with evidence. Proactive Reputation Management The best defense against negative reviews is a steady stream of positive ones. Dentists can encourage satisfied patients to leave feedback by: Sending follow-up emails with review links Placing QR codes in the office for easy access Training staff to request reviews after successful appointments A high volume of positive reviews will dilute the impact of the occasional negative one and provide a more accurate picture of patient satisfaction. As infuriating as negative online reviews can be, it is the rare dentist who can make it through their career without leaving at least one patient dissatisfied or unhappy with their treatment. When a patient shares those feelings with the world, it can be easy to let it get under your skin. But sometimes, restraint can speak louder than a retort. If you have questions or concerns about negative online reviews or reputation management for your dental practice, please contact Grogan Hesse & Uditsky today at (630) 833-5533 or contact us online to arrange for your free initial consultation. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
For many associate dentists, the sound of opportunity knocking comes in the form of an offer to become a co-owner of the practice where they work. Rare is the dentist who would reject out of hand the chance to reap the rewards of years of hard work and move from employee to owner. For the practice owner who opens the equity door for their associate, such a “buy-in” can infuse cash and value into the business, laying the foundation for a seamless ownership transition upon their retirement. The key to a successful buy-in is a clear and equitably structured deal that is workable for both parties in terms of how the associate will pay for their equity interest. However, there is no one-size-fits-all approach. The structure of a dental associate buy-in can vary significantly depending on factors such as the associate’s financial capacity, the practice’s value, and the owner’s long-term objectives. Whether you are the associate or the practice owner in such an anticipated transaction, you should consult with an experienced dental practice attorney to understand your options and determine which structure provides you with the most value. Your discussions with your attorney will likely include some or all of these common dental associate buy-in arrangements: Cash Purchase A cash purchase is the most straightforward buy-in model. With either cash on hand or through financing (the more likely scenario), the associate purchases an agreed-upon percentage of the practice (for example, 25% or 50%) for a lump sum based on the appraised value of the practice. That appraisal will likely use metrics such as collections, earnings before interest and taxes (EBIT), or a percentage of annual gross revenue. The main advantage of a cash purchase is its simplicity and immediacy. The associate becomes an owner right away, while the practice owner receives a clean and full payout for the equity sold. However, obtaining the needed financing may be easier said than done for an associate dentist, and a large cash payout may also come with unwanted tax ramifications for the owner. Buy-in documents for a cash purchase should address governance rights, profit distribution, and exit mechanisms. They should also define what happens if an associate departs, how future buyouts are valued, and whether non-compete or non-solicitation covenants apply. Installment Sale An installment sale allows the associate to purchase equity over time, making periodic payments instead of an upfront lump-sum payment. After the practice value is determined, the associate agrees to buy a certain percentage of ownership through regular payments (e.g., monthly or quarterly) over several years. Payments may include interest, and ownership may be transferred incrementally or upon full payment. This is a good option for associates who do not have the means for a full cash buy-in immediately. For owners, this arrangement provides a steady income stream – so long as the associate does not leave before completing payments. That is why the documentation should clearly outline the timing of ownership right transfers and provide robust default remedies, such as forfeiture of prior payments or reversion of ownership interests. Sweat Equity In a sweat equity buy-in, the associate essentially cashes in their years of service, earning ownership over time based on their contribution to the practice’s growth or profitability rather than through an immediate cash investment. In a typical sweat equity arrangement, the associate receives equity credits or options tied to measurable performance benchmarks, such as production levels, collections, or tenure. Once those targets are met, a portion of ownership is granted or sold at a reduced price. This structure enables talented but liquidity-challenged associates to become owners without initial financial strain. It also incentivizes them to grow the practice and stay long-term. Shadow Account (a/k/a Phantom Equity) As I discussed in detail in this post , a shadow account (also known as a phantom equity plan) is an increasingly popular buy-in model, especially when the owner is not yet ready to transfer real equity but wants to reward the associate as if they were an owner. In this model, the associate receives the right to cash payments equal to the value of the shares at a specified later date or distribution event. That value can be established through an appraisal or an agreed-upon formula. The selected events that give an associate a right to a payout can include such things as achieving performance goals, termination, or retirement. There are two types of shadow account/phantom stock plans. In an "appreciation only” plan, the cash payout upon vesting does not include the value of the underlying shares, only the increase in value of that stock since it was granted. In a “full value” plan, the practice pays both the underlying value of the stock and the amount the stock has appreciated while held by the associate. Like actual stock, phantom stock has a defined value and tracks the practice’s performance, but an associate holding phantom stock typically does not have either minority shareholder rights or voting rights in the practice. This makes phantom stock plans attractive for owners who want to provide associates with a sense of equity ownership without giving up any actual control. The practice has broad discretion and flexibility in designing the plan, including valuation formulas and vesting conditions, and the administrative burdens are less than for traditional stock option plans. As noted, the “best” buy-in structure depends on the unique goals of both parties. No matter which model is ultimately adopted, well-crafted documentation, preceded by careful consideration and consultation with counsel, is essential. That is because these deals do more than just transfer ownership - they can lay the foundation for a stable, profitable partnership that preserves the practice’s legacy and rewards everyone’s investment, financial or otherwise. We Focus on You So You Can Focus on Your Patients At Grogan Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Please call us at (630) 833-5533 or contact us online to arrange for your free initial consultation. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices. This blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
For years, state courts and legislatures have taken a skeptical eye toward non-competition agreements. Judges here in Illinois and elsewhere routinely struck down overly broad and overreaching provisions, while an increasing number of jurisdictions have passed legislation or ordinances banning non-competes outright or limiting their scope and enforceability. During the Biden administration, the federal government injected itself into the heretofore state and local assault on non-competes. Both the Federal Trade Commission (FTC) and the National Labor Relations Board (NLRB) took the position, in a Final Rule and counsel's opinion, respectively, that almost all existing and future non-competes were void and unenforceable. Those actions were immediately challenged in court, and litigation about the FTC's ban resulted in dueling district court rulings, with injunctions issued against its enforcement in some cases, while other judges found the FTC had properly issued the Final Rule. The FTC subsequently appealed federal court rulings in Texas and Florida that invalidated or enjoined, respectively, the FTC's non-compete ban. Then came Election Day 2024. Nationwide Ban Abandoned, but Challenges to Non-Competes Remain Unsurprisingly, for an administration with a penchant for being business-friendly and regulation-averse, the newly comprised FTC quickly changed its tune on a nationwide non-compete ban. A series of moves this year has made it clear that the federal government, at least for the next three years, is abandoning any such blanket efforts. Specifically, the FTC moved in September to dismiss its appeals of two district court decisions that had struck down the Final Rule. Simultaneously, the commission took steps towards acceding to the vacatur of the non-compete ban . At the same time, however, the FTC has also indicated, through recent enforcement actions and warning letters , that it will continue to pursue remedies against employers on a case-by-case basis for the unlawful use of post-employment non-competes under Section 5 of the FTC Act, which prohibits "unfair methods of competition." Those FTC efforts, which are nothing new, mean the battle over the validity of non-compete agreements will continue to be fought largely at the state and local levels. Once again, dental practice owners and other employers will need to tailor their non-competition agreements to comply with the patchwork of jurisprudence, laws, and regulations of the states and localities where they have employees while remaining mindful of anti-competitive overreach that could attract the FTC's attention. With the nationwide non-compete ban dead and buried, but restrictions on and litigation about the enforceability of such agreements very much alive, now is an opportune time for practice owners to consult with experienced employment counsel who can review and revise any existing or contemplated non-competition provision as necessary. If you have questions about your company’s non-competes or would like assistance reviewing or drafting such agreements, please call Grogan Hesse & Uditsky at (630) 833-5533 or contact us online to arrange for your free initial consultation. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
As a 17 th -century French playwright, actor, and poet, Molière probably received his fair share of stinging, negative reviews of his work. While we may not know exactly how he felt about such critiques, he did offer some sage advice that dentists should heed when confronted with a patient’s scathing, hurtful, or untrue online review: “ A wise man is superior to any insults which can be put upon him and the best reply to unseemly behavior is patience and moderation .” Human nature being what it is, patience and moderation can be in short supply when a dentist reads a review that casts doubt on their competence, integrity, or professionalism, especially if they believe that the review’s content contains abject falsehoods or misrepresentations. Not only can such online comments make blood boil and bruise the ego, but even one negative review can have a devastating impact on a practice and its reputation. 84% of the public trusts online reviews to help them make consumer decisions, including those involving healthcare providers. According to some surveys, more than 70% of patients say they read reviews before selecting a healthcare provider, and nearly half would not consider a provider with fewer than four stars. Negative reviews can disproportionately influence perception, even if they represent a small fraction of feedback. Given that a single negative review can stand out in an otherwise glowing profile and, if left unaddressed, may deter potential patients, dentists understandably will want to respond, correcting misstatements or otherwise neutralizing the misrepresentations or assertions contained in the review. But those responses, if made reflexively and without careful consideration of legal and ethical boundaries, can make a bad situation worse or make the dentist appear petty and vindictive. Additionally, dentists who do decide to respond to a patient’s negative review publicly may inadvertently reveal confidential patient information in their attempts to refute allegations of poor or substandard care. Such transgressions can have catastrophic licensing and regulatory consequences for dentists. So what should dentists do when faced with a horrible review that every prospective patient can see? As discussed below, responses can, and often should, be made, but with the patience and moderation Molière recommended. Hitting Back v. Hitting HIPAA Perhaps the biggest risk dentists take when publicly responding to a patient’s negative review is inadvertently violating their HIPAA patient privacy obligations. Unlike other businesses, dentists cannot freely discuss the details of a patient’s complaint in a public forum. The HIPAA Privacy Rule prohibits disclosing protected health information (PHI) without patient authorization. Even acknowledging that the reviewer is a patient may constitute a privacy violation. For example, if a patient writes, “I had a terrible root canal here,” the dentist cannot reply with, “We offered you antibiotics, but you refused.” That would be a clear HIPAA violation. Instead, dentists should respond in general terms that neither confirm nor deny treatment specifics. Best Practices for Responding to Negative Reviews When deciding how and whether to respond, dentists should keep the following principles and tips in mind: Cool Off Before Going Off. The worst thing a dentist can do with a bad online review is to immediately post a response in the throes of anger and indignation, however justifiable those emotions may be. Before deciding whether and how to respond, take the time needed for your professionalism and rationality to come back to the fore. Stay Professional and Neutral. Never respond defensively or emotionally. A hostile reply can escalate the issue and further damage your reputation. Even if the review feels unfair, professionalism is key. Acknowledge Without Confirming. Responses should not confirm that the reviewer is or was a patient. Instead, use neutral language such as: “We take all feedback seriously and strive to provide excellent care. We encourage you to contact our office directly to discuss your concerns.” Take the Conversation Offline. Invite the reviewer to call or email the office to resolve the issue privately. This demonstrates attentiveness while protecting confidentiality. Highlight Practice Values. Use responses as an opportunity to reaffirm commitment to patient care. For example: “Our goal is to make every patient feel comfortable and well cared for. We welcome feedback to help us improve.” When Silence May Be Golden Not every negative review needs a reply. If the comment is clearly unreasonable, inflammatory, or fraudulent, sometimes the best response is no response—or a simple flagging of the review for removal. Consider not responding in the following circumstances: Abusive or Fake Reviews. If a review contains profanity, slander, or appears fraudulent, flag it for removal instead of responding. Ongoing Legal Disputes. If the complaint relates to malpractice or litigation, responding publicly can backfire and give the patient more ammunition for their claims. Obvious Spam. Automated or irrelevant reviews do not require acknowledgment. Can You Sue for Defamation? Sure. Will You Win? Probably Not. On more than one occasion, a panicked and indignant dentist or other client of mine has called me to ask whether they could and should sue their former patient for defamation for a harsh online review. The answer, of course, is that you are well within your rights to sue “YourDentalPracticeSucks123” or whoever it is that is trying to take a wrecking ball to your career. You can sue anybody for anything. Whether such a lawsuit will be successful or has any legal basis is another matter entirely. The fact is that even the most scathing negative online review, if susceptible to the principle of “innocent construction” (meaning the allegedly libelous statement is given a non-defamatory interpretation because it is deemed ambiguous) or is composed of opinions rather than demonstrably false allegations of misconduct, will likely not qualify as actionable defamation in most jurisdictions. Furthermore, such lawsuits can expose the offended dentist or other professional to backlash, ridicule, and bad publicity in the fast-moving and fickle world of social media. If you look to hold online review sites and other platforms responsible for false and defamatory information posted by reviewers, you won’t get terribly far. While you may be able to get a website to remove a particularly egregious post, Section 230 of the federal Communications Decency Act largely immunizes such sites from claims based on comments or reviews posted by third-party users. Is It a Subjective Opinion or a Factual Allegation? The most common issue that arises in defamation cases based on online reviews is the question of whether or not a statement was false. Only false statements of fact can form the basis of a defamation claim, not opinions, no matter how histrionic or counterfactual they may be. A statement of fact is one that can be objectively proved or disproved. Consider the two following hypothetical reviews of a dentist: “She was rude, impatient, and treated me disrespectfully. It was perhaps the worst experience I’ve ever had with a dentist in my entire life. She is horrible.” “He stole money from my purse and touched me inappropriately while I was under sedation.” The former is a non-actionable opinion, as the dentist will not be able to objectively prove whether or not she was, in fact, rude, disrespectful, and the cause of one of the worst experiences in the patient’s life. Contrast that with the latter statement that accuses the dentist of specific actions and misconduct that can be proven or disproven with evidence. Proactive Reputation Management The best defense against negative reviews is a steady stream of positive ones. Dentists can encourage satisfied patients to leave feedback by: Sending follow-up emails with review links Placing QR codes in the office for easy access Training staff to request reviews after successful appointments A high volume of positive reviews will dilute the impact of the occasional negative one and provide a more accurate picture of patient satisfaction. As infuriating as negative online reviews can be, it is the rare dentist who can make it through their career without leaving at least one patient dissatisfied or unhappy with their treatment. When a patient shares those feelings with the world, it can be easy to let it get under your skin. But sometimes, restraint can speak louder than a retort. If you have questions or concerns about negative online reviews or reputation management for your dental practice, please contact Grogan Hesse & Uditsky today at (630) 833-5533 or contact us online to arrange for your free initial consultation. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
