HIPAA Policies Dentists Should Be Aware of When Marketing to Patients

By -

Marketing your dental practice is a vital and necessary strategy to attract, acquire and retain patients. It’s the most effective way to reach your practice growth and revenue goals while increasing your brand awareness. 

Dentists and other medical professionals, however, are bound by a different set of policies and guidelines that direct what you can and can’t do in terms of marketing. Keep in mind the policies that impact your decisions and marketing strategies.

HIPAA Compliance 

The HIPAA Privacy Rule “ensures the individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality health care.” When marketing your practice, keep HIPAA compliance in mind at all times. Protecting your patients should always be your first priority. 

Below are some do’s and don’ts to follow for advertising, patient reviews and your general brand identity.

Google Advertising and HIPAA

Keep in mind that in advertising, your goal is to maintain the anonymity of your patients and the person who would see the ad online. These recommendations below are focused on Google advertising but can be applied to Bing and other search engines. At Whiteboard Marketing, we primarily focus on Google because it holds 86% of the market share of worldwide search. Google advertising is an important part of your new patient conversion strategy and we highly recommend investing in it. 


  • Run search advertising campaigns. A Google search ad is the ad you typically see at the top or bottom of the results page when a patient searches for a “dentist near me” or “dental implants Columbus, Ohio.”

Google serp results "dentist near me" search

Run Google map ads. An ad on the Google search map populates when a patient searches for similar terms. These ads are general search and do not reveal the identity of the searcher, so they are considered HIPAA compliant.

google maps results


  • Utilize remarketing advertising as part of your ad strategy, as it is not HIPAA compliant. Google remarketing ads allow you to show ads to people who have visited your website. Essentially, once a prospective patient has visited your website and then searches for something else online, an ad will “follow” the patient and continue showing as he or she searches the web. These remarketing ads are a violation of HIPAA because they follow a prospective patient across their search activity, which could impact their anonymity.

Facebook Advertising and HIPAA

Similar to Google advertising, there is a lot of freedom in choosing the right type of Facebook ad for your practice. Facebook provides opportunities to get more clicks to your website, call your office, promote your practice to the local community and even get more followers. Facebook also allows you to advertise on Instagram directly through the Facebook Ads Manager, which is a great way to reach a younger demographic if that is your patient base.

Regarding Facebook and HIPAA, the policies to be aware of are focused on the demographics or audience you advertise to, rather than the actual type of ads.


Run Facebook advertising campaigns. As mentioned above, there are many options to choose from, depending on your goals. Facebook doesn’t limit the type of ads you can run.

Facebook advertising dental campaign

  • Add the option to run your ads on Instagram if your patient base fits that demographic.
  • Boost your Facebook posts.

Dental implants Facebook campaign

  • Choose your audience demographics by selecting the age range, male/female ratio and distance from the practice. Depending on how well you understand your patient base, you can also select lifestyle interests, such as running, families, etc.
  • Create a lookalike audience to reach prospective patients who are just like your current patients. When you add a special code, or “pixel” to your website, Facebook then has the ability to create an audience that looks most like the people visiting your website. Lookalike audiences are HIPAA compliant because the audience that is created is a group of prospective patients that “look like” the website visitor, not the actual website visitor.


  • Create a custom audience. Creating a custom audience requires you to upload your patient list to Facebook so you can advertise directly to them while they are on their Facebook or Instagram pages. This is a direct violation of HIPAA because you are uploading patient details to a third-party site. Creating a custom audience of your patient list does not “ensure the proper protection of the individuals’ health information.”

Patient Reviews and HIPAA

Online patient reviews can mean the difference between a prospective patient choosing your practice or the competitor down the street. Whether a patient is referred to your practice by a peer, friend or family member or is searching online for a “dentist near me,” 86% make the choice by reading a dentist’s online reviews. Proactively asking for patient reviews and responding to them should be a big part of your practice marketing strategy. 


  • Ask patients to review your practice.

Ways to ask for reviews infographic

  • Respond to all reviews, positive and negative.

How to monitor and respond to dental reviews infographic

  • Thank the patient for his or her feedback.

Reviews widget example on dental website

  • Provide general information about your practice policies, philosophy, etc.

Negative dental review response in action

  • Let the patient know he or she can contact your office directly to discuss the feedback.

Examples of a HIPAA compliant response:

  • Thank you so much for your kind words!

Dental review response example

  • We really appreciate your feedback. 
  • We appreciate your kind words about our team! We really do strive to make our patients feel comfortable and cared for when visiting our office.
  • Please contact our office directly to talk about your feedback.

The Five Rules of Responding to a Negative Dental Review infographic

  • We take every review seriously and appreciate your feedback.

Negative dental review response example

  • At XX Dentistry, we review our financial policy/appointment cancellation policy/etc. with every patient to ensure they understand their responsibility and payment options. 
  • At XX Dentistry, our priority is the safety, health and well-being of every patient and we are committed to the quality of care we provide. Because of this, we recommend treatment options based on what we think is the best oral health decision for each individual patient.

Responding to a negative review example

  • At XX Dentistry, we respect all of our patients’ time and busy schedules. Sometimes, we may experience a patient emergency that puts us behind. We focus on getting back on schedule as quickly as possible.
  • At XX Dentistry, we take every review seriously. Due to HIPAA, we are not able to address your feedback specifically. Please contact our office at xxx-xxx-xxxx to discuss your concerns.


  • Acknowledge the person is a patient specifically.
  • Refute the patient’s claims directly or discuss the patient’s treatment, payments or other personal information, even if the patient includes those details in the review.
  • Argue with the patient.
  • Decide not to respond.

Examples of a non-HIPAA compliant response:

  • We understand you are in pain, but we are not able to prescribe any additional medication to you at this time. 
  • We’re so sorry you had to wait for your appointment, Betsy. We experienced a patient emergency that caused our entire schedule to be delayed.
  • We appreciate your feedback. However, after you canceled your appointment three times in a row with no notice, we decided to no longer accept you as a patient. 
  • Tom, we understand your concerns about our payment policy. However, we simply asked you to pay your outstanding balance before starting any new treatment. We also reviewed financing options with you to help you afford your care. 

Need Help Developing a HIPAA-Compliant Marketing Plan? 

Keep in mind, we are a dental practice marketing firm, not attorneys. Our recommendations are based on our own research, education and experience marketing for dentists. 

If you have specific legal questions about these policies, we recommend you contact your practice attorney or state dental association directly to provide deeper answers. If you have questions regarding dental practice marketing, contact us today.