HIPPA Security Rule Compliance for Dental Practices: Protecting Your Patients' Data - And Yourself.
Dave Argentar • September 17, 2019
The care that dentists need to provide their patients doesn’t end when they get up from the chair. Dental offices, and the computers, networks, servers, and files maintained within (and outside of) their walls contain patient information that must be kept secure and protected from data breaches and unauthorized disclosure. If your practice doesn’t have the systems, protocols, and policies in place to comply with HIPAA’s multitude of patient privacy and security requirements, even inadvertent and seemingly “harmless” violations can lead to significant financial and legal headaches.
HIPAA security compliance simply cannot be an afterthought for dental practices, nor is it a matter of “set it and forget it.” It requires constant vigilance, proactive planning, and regular audits and updates. This is particularly true when it comes to ensuring the security of electronic health records. Dentists need to commit people, time, and resources to the protection of patient information and should regularly consult with attorneys who can assist them in making their HIPAA compliance efforts robust and effective.
HIPAA Application to Dental Practices
After HIPAA became law in 1996, the U.S. Department of Health and Human Services (HHS) issued a set of national standards governing the use and disclosure of patients’ protected health information (PHI). Commonly known as the Privacy Rule , the Standards for Privacy of Individually Identifiable Health Information apply to “covered entities” as defined in HHS regulations.
The odds that your dental practice is a “covered entity” under HIPAA sit pretty close to 100%. If you send claims, eligibility inquiries and requests, pre-determinations, claim status inquiries, or treatment authorization requests to third parties through electronic means, you must comply with HIPAA.
HIPAA obligations don’t end at the Privacy Rule, which limits how and to whom PHI can be disclosed. Dental practices must also comply with the Security Rule ( Security Standards for the Protection of Electronic Protected Health Information ) as well as the Breach Notification Rule.
The HIPAA Security Rule
While the Privacy Rule addresses who may have access to PHI, the Security Rule sets the standards for ensuring that only those authorized individuals can access that information. One important distinction between the Privacy Rule and Security Rule is that while the former applies to PHI in whatever form – paper, oral, electronic - the Security Rule only covers electronic health records (ePHI). Since dental practices increasingly rely on electronic means to create, store, and transmit records, ensuring that your practice satisfies the Security Rule’s mandates is the centerpiece of any HIPAA compliance program.
The safeguards required under the Security Rule are divided into three categories:
· Administrative – As defined in the rules, these are policies and procedures designed “to manage the selection, development, implementation, and maintenance of security measures to protect electronically protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”
Practices must sufficiently implement and monitor their “performance of security management process, assignment or delegation of security responsibility, training requirements, and evaluation and documentation of all decisions.”
The essence of administrative compliance is people: people who are in charge of security, people who are trained about security, and people who are responsible for administering, monitoring, and auditing security compliance.
· Physical Access Controls – This involves safeguards established to control physical access to data and information and the systems which store them. This includes such essential elements as:
o Facility Access Controls – policies and procedures that limit physical access to all areas and devices where ePHI is stored, such as locked doors, restricted areas, surveillance systems, security guards, etc.
o Workstation Access and Security – policies and procedures that specify the proper functions to be performed on workstations, how employees should perform those functions, and physical workstation security.
o Device and Media Controls – thumb drives, laptops, phones, tablets, and other devices represent a significant vulnerability for unauthorized access to or distribution of ePHI. Dental practices need to establish policies and procedures that govern how hardware and electronic media containing ePHI can enter or exit dental offices. These controls must include disposal, media reuse, accountability, and data backup and storage.
· Technical controls – this involves “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” Firewalls, encryption, data security measures, and other systems put in place to prevent data breaches, cyberattacks, and unauthorized access to ePHI fall into this category.
Your Practice Could Be Held Responsible for Any HIPAA Violations by a “Business Associate”
Many if not most practices contract at least some of their billing, claims management, and other back-office responsibilities to third-party vendors. If a practice fails to obtain “satisfactory assurances” from a “business associate” that it is HIPAA-compliant before retaining their services, and a PHI breach subsequently occurs, the practice entity may be considered liable for any damages that result
That is why every dental practice that shares PHI with outside contractors enter into a written HIPAA-Compliant Business Associate Agreement with such vendors. These agreements should specify:
·the types of PHI that the practice will provide to the business associate;
·the permissible uses and disclosures of PHI by the business associate;
·the measures that the business associate must implement to protect PHI;
·the actions that the business associate will take in the event of a data breach.
HIPAA Compliance Questions? Call Grogan, Hesse & Uditsky Today
At Grogan, Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you.
If you have questions or concerns about your practice’s compliance with HIPAA, please call us at (630) 833-5533 or contact us online to arrange for your free initial consultation.
Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
Speak to an Attorney
Related Posts
For years, state courts and legislatures have taken a skeptical eye toward non-competition agreements. Judges here in Illinois and elsewhere routinely struck down overly broad and overreaching provisions, while an increasing number of jurisdictions have passed legislation or ordinances banning non-competes outright or limiting their scope and enforceability. During the Biden administration, the federal government injected itself into the heretofore state and local assault on non-competes. Both the Federal Trade Commission (FTC) and the National Labor Relations Board (NLRB) took the position, in a Final Rule and counsel's opinion, respectively, that almost all existing and future non-competes were void and unenforceable. Those actions were immediately challenged in court, and litigation about the FTC's ban resulted in dueling district court rulings, with injunctions issued against its enforcement in some cases, while other judges found the FTC had properly issued the Final Rule. The FTC subsequently appealed federal court rulings in Texas and Florida that invalidated or enjoined, respectively, the FTC's non-compete ban. Then came Election Day 2024. Nationwide Ban Abandoned, but Challenges to Non-Competes Remain Unsurprisingly, for an administration with a penchant for being business-friendly and regulation-averse, the newly comprised FTC quickly changed its tune on a nationwide non-compete ban. A series of moves this year has made it clear that the federal government, at least for the next three years, is abandoning any such blanket efforts. Specifically, the FTC moved in September to dismiss its appeals of two district court decisions that had struck down the Final Rule. Simultaneously, the commission took steps towards acceding to the vacatur of the non-compete ban . At the same time, however, the FTC has also indicated, through recent enforcement actions and warning letters , that it will continue to pursue remedies against employers on a case-by-case basis for the unlawful use of post-employment non-competes under Section 5 of the FTC Act, which prohibits "unfair methods of competition." Those FTC efforts, which are nothing new, mean the battle over the validity of non-compete agreements will continue to be fought largely at the state and local levels. Once again, dental practice owners and other employers will need to tailor their non-competition agreements to comply with the patchwork of jurisprudence, laws, and regulations of the states and localities where they have employees while remaining mindful of anti-competitive overreach that could attract the FTC's attention. With the nationwide non-compete ban dead and buried, but restrictions on and litigation about the enforceability of such agreements very much alive, now is an opportune time for practice owners to consult with experienced employment counsel who can review and revise any existing or contemplated non-competition provision as necessary. If you have questions about your company’s non-competes or would like assistance reviewing or drafting such agreements, please call Grogan Hesse & Uditsky at (630) 833-5533 or contact us online to arrange for your free initial consultation. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
As a 17 th -century French playwright, actor, and poet, Molière probably received his fair share of stinging, negative reviews of his work. While we may not know exactly how he felt about such critiques, he did offer some sage advice that dentists should heed when confronted with a patient’s scathing, hurtful, or untrue online review: “ A wise man is superior to any insults which can be put upon him and the best reply to unseemly behavior is patience and moderation .” Human nature being what it is, patience and moderation can be in short supply when a dentist reads a review that casts doubt on their competence, integrity, or professionalism, especially if they believe that the review’s content contains abject falsehoods or misrepresentations. Not only can such online comments make blood boil and bruise the ego, but even one negative review can have a devastating impact on a practice and its reputation. 84% of the public trusts online reviews to help them make consumer decisions, including those involving healthcare providers. According to some surveys, more than 70% of patients say they read reviews before selecting a healthcare provider, and nearly half would not consider a provider with fewer than four stars. Negative reviews can disproportionately influence perception, even if they represent a small fraction of feedback. Given that a single negative review can stand out in an otherwise glowing profile and, if left unaddressed, may deter potential patients, dentists understandably will want to respond, correcting misstatements or otherwise neutralizing the misrepresentations or assertions contained in the review. But those responses, if made reflexively and without careful consideration of legal and ethical boundaries, can make a bad situation worse or make the dentist appear petty and vindictive. Additionally, dentists who do decide to respond to a patient’s negative review publicly may inadvertently reveal confidential patient information in their attempts to refute allegations of poor or substandard care. Such transgressions can have catastrophic licensing and regulatory consequences for dentists. So what should dentists do when faced with a horrible review that every prospective patient can see? As discussed below, responses can, and often should, be made, but with the patience and moderation Molière recommended. Hitting Back v. Hitting HIPAA Perhaps the biggest risk dentists take when publicly responding to a patient’s negative review is inadvertently violating their HIPAA patient privacy obligations. Unlike other businesses, dentists cannot freely discuss the details of a patient’s complaint in a public forum. The HIPAA Privacy Rule prohibits disclosing protected health information (PHI) without patient authorization. Even acknowledging that the reviewer is a patient may constitute a privacy violation. For example, if a patient writes, “I had a terrible root canal here,” the dentist cannot reply with, “We offered you antibiotics, but you refused.” That would be a clear HIPAA violation. Instead, dentists should respond in general terms that neither confirm nor deny treatment specifics. Best Practices for Responding to Negative Reviews When deciding how and whether to respond, dentists should keep the following principles and tips in mind: Cool Off Before Going Off. The worst thing a dentist can do with a bad online review is to immediately post a response in the throes of anger and indignation, however justifiable those emotions may be. Before deciding whether and how to respond, take the time needed for your professionalism and rationality to come back to the fore. Stay Professional and Neutral. Never respond defensively or emotionally. A hostile reply can escalate the issue and further damage your reputation. Even if the review feels unfair, professionalism is key. Acknowledge Without Confirming. Responses should not confirm that the reviewer is or was a patient. Instead, use neutral language such as: “We take all feedback seriously and strive to provide excellent care. We encourage you to contact our office directly to discuss your concerns.” Take the Conversation Offline. Invite the reviewer to call or email the office to resolve the issue privately. This demonstrates attentiveness while protecting confidentiality. Highlight Practice Values. Use responses as an opportunity to reaffirm commitment to patient care. For example: “Our goal is to make every patient feel comfortable and well cared for. We welcome feedback to help us improve.” When Silence May Be Golden Not every negative review needs a reply. If the comment is clearly unreasonable, inflammatory, or fraudulent, sometimes the best response is no response—or a simple flagging of the review for removal. Consider not responding in the following circumstances: Abusive or Fake Reviews. If a review contains profanity, slander, or appears fraudulent, flag it for removal instead of responding. Ongoing Legal Disputes. If the complaint relates to malpractice or litigation, responding publicly can backfire and give the patient more ammunition for their claims. Obvious Spam. Automated or irrelevant reviews do not require acknowledgment. Can You Sue for Defamation? Sure. Will You Win? Probably Not. On more than one occasion, a panicked and indignant dentist or other client of mine has called me to ask whether they could and should sue their former patient for defamation for a harsh online review. The answer, of course, is that you are well within your rights to sue “YourDentalPracticeSucks123” or whoever it is that is trying to take a wrecking ball to your career. You can sue anybody for anything. Whether such a lawsuit will be successful or has any legal basis is another matter entirely. The fact is that even the most scathing negative online review, if susceptible to the principle of “innocent construction” (meaning the allegedly libelous statement is given a non-defamatory interpretation because it is deemed ambiguous) or is composed of opinions rather than demonstrably false allegations of misconduct, will likely not qualify as actionable defamation in most jurisdictions. Furthermore, such lawsuits can expose the offended dentist or other professional to backlash, ridicule, and bad publicity in the fast-moving and fickle world of social media. If you look to hold online review sites and other platforms responsible for false and defamatory information posted by reviewers, you won’t get terribly far. While you may be able to get a website to remove a particularly egregious post, Section 230 of the federal Communications Decency Act largely immunizes such sites from claims based on comments or reviews posted by third-party users. Is It a Subjective Opinion or a Factual Allegation? The most common issue that arises in defamation cases based on online reviews is the question of whether or not a statement was false. Only false statements of fact can form the basis of a defamation claim, not opinions, no matter how histrionic or counterfactual they may be. A statement of fact is one that can be objectively proved or disproved. Consider the two following hypothetical reviews of a dentist: “She was rude, impatient, and treated me disrespectfully. It was perhaps the worst experience I’ve ever had with a dentist in my entire life. She is horrible.” “He stole money from my purse and touched me inappropriately while I was under sedation.” The former is a non-actionable opinion, as the dentist will not be able to objectively prove whether or not she was, in fact, rude, disrespectful, and the cause of one of the worst experiences in the patient’s life. Contrast that with the latter statement that accuses the dentist of specific actions and misconduct that can be proven or disproven with evidence. Proactive Reputation Management The best defense against negative reviews is a steady stream of positive ones. Dentists can encourage satisfied patients to leave feedback by: Sending follow-up emails with review links Placing QR codes in the office for easy access Training staff to request reviews after successful appointments A high volume of positive reviews will dilute the impact of the occasional negative one and provide a more accurate picture of patient satisfaction. As infuriating as negative online reviews can be, it is the rare dentist who can make it through their career without leaving at least one patient dissatisfied or unhappy with their treatment. When a patient shares those feelings with the world, it can be easy to let it get under your skin. But sometimes, restraint can speak louder than a retort. If you have questions or concerns about negative online reviews or reputation management for your dental practice, please contact Grogan Hesse & Uditsky today at (630) 833-5533 or contact us online to arrange for your free initial consultation. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
On July 4, 2025, the One Big Beautiful Bill Act (OBBBA) was signed into law. One may question whether this sprawling piece of legislation deserves to be called “beautiful,” but it undoubtedly earns the “big” in its name, especially for small businesses like dental practices. That is because it contains several provisions that could have a significant impact on the tax obligations of practices and their owners. Most notably, the OBBBA solidifies significant tax reforms and exemptions that were part of the 2017 Tax Cuts and Jobs Act (TCJA). Here are seven aspects of the OBBBA that are of particular interest to dental practices and their owners. 1. Permanent Qualified Business Income (QBI) Deduction The 20 percent small business tax deduction (also known as the section 199a deduction) for sole proprietorships, partnerships, S-corporations, and LLCs, which was scheduled to expire at the end of 2025, is made permanent and extends the amount of income subject to the phase-out rules. Specifically, the income threshold for single taxpayers is expanded by $25,000 and for joint filers by $50,000. The bill also includes a new minimum deduction of $400 for taxpayers with at least $1,000 of qualified business income from one or more actively conducted trades or businesses in which they materially participate. 2. Expanding Section 179 Expensing The bill increases the Small Business Expensing Cap from $1.22 million to $2.5 million. It also brings back and makes permanent “bonus depreciation,” which allows for an immediate write-off of 100 percent (versus 40 percent) of the cost of new qualified property acquired after January 19, 2025, such as equipment, vehicles, and software. 3. Qualified Small Business Stock The OBBBA modifies the Qualified Small Business Stock (QSBS) provisions contained in Section 1202 of the Internal Revenue Code by increasing the amounts that can be excluded from gross income, raising the size limit for QSBS investments, and shortening the holding period so investors can take advantage of the provision's benefits earlier than before. Specifically: For QSBS issued after OBBBA's July 4, 2025, effective date, the per-taxpayer gain exclusion cap for the sale of QSBS is raised from $10 million to $15 million, with that threshold being adjusted for inflation starting in 2027. The exclusion amount will now be $15 million or 10x the basis in the stock, whichever is greater. The aggregate gross assets a C corporation may have for its stock to qualify as a qualified small business is now $75 million – up from $50 million - for stock issued after July 4, 2025, with the new limit to be adjusted for inflation beginning in 2027. For QSBS acquired after July 4, 2025, the holding period required to qualify for the QSBS gain exclusion drops from five years to three years. After three years, a 50% exclusion is available, increasing to 75% after four years, and reaching 100% exclusion after five years. 4. Enhancing the Employer-provided Childcare Credit Section 45F of the tax code, which is designed to incentivize businesses to invest in childcare, now provides qualifying small businesses (gross receipts of $25 million or less for the preceding five years) with a maximum tax credit of up to $600,000 per year on up to 50 percent of qualified childcare expenses provided to employees. This credit is effective beginning in 2026. 5. Employer-provided Student Loan Repayment Assistance The OBBBA makes the employer-provided student loan repayment benefit permanent, allowing employers to contribute up to $5,250 per year towards employees' student loans, tax-free for both the employer and employee. This annual limit will be adjusted for inflation starting in 2026, ensuring the benefit keeps pace with rising education costs. 6. Permanent, Inflation-Indexed Estate & Gift Tax Exemption The OBBBA permanently increases the unified federal estate and lifetime gift tax exemption to $15 million per individual ($30 million for married couples), indexed for inflation starting in 2026. If the TCJA’s exemption provisions had expired, the threshold would have dropped to approximately $7 million per individual. This stability allows ultra-high-net-worth individuals to accelerate lifetime gifting and fund trusts efficiently. Techniques such as SLATs (Spousal Lifetime Access Trusts) are now more powerful planning tools given the increased exemption scope. The generation-skipping transfer (GST) tax exemption is now also aligned with the $15 million per individual exemption, also indexed for inflation. 7. SALT Deduction Raised – For Some The law increased the state and local tax (SALT) deduction cap from $10,000 to $40,000; however, this cap is not universally available. If your modified adjusted gross income (MAGI) exceeds certain thresholds, the $40,000 cap will be phased out. For single filers, the phase-out starts at $250,000 MAGI. For joint filers, the phase-out starts at $500,000 MAGI. The deduction is reduced by 30% of the amount exceeding these thresholds until it reaches the original $10,000 cap for the highest earners. The income thresholds for the phase-out will increase by 1% annually from 2026 to 2029. If you have questions about the OBBBA and what it means for you and your practice, please contact Grogan Hesse & Uditsky today at (630) 833-5533 or contact us online to arrange for your free initial consultation. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
For years, state courts and legislatures have taken a skeptical eye toward non-competition agreements. Judges here in Illinois and elsewhere routinely struck down overly broad and overreaching provisions, while an increasing number of jurisdictions have passed legislation or ordinances banning non-competes outright or limiting their scope and enforceability. During the Biden administration, the federal government injected itself into the heretofore state and local assault on non-competes. Both the Federal Trade Commission (FTC) and the National Labor Relations Board (NLRB) took the position, in a Final Rule and counsel's opinion, respectively, that almost all existing and future non-competes were void and unenforceable. Those actions were immediately challenged in court, and litigation about the FTC's ban resulted in dueling district court rulings, with injunctions issued against its enforcement in some cases, while other judges found the FTC had properly issued the Final Rule. The FTC subsequently appealed federal court rulings in Texas and Florida that invalidated or enjoined, respectively, the FTC's non-compete ban. Then came Election Day 2024. Nationwide Ban Abandoned, but Challenges to Non-Competes Remain Unsurprisingly, for an administration with a penchant for being business-friendly and regulation-averse, the newly comprised FTC quickly changed its tune on a nationwide non-compete ban. A series of moves this year has made it clear that the federal government, at least for the next three years, is abandoning any such blanket efforts. Specifically, the FTC moved in September to dismiss its appeals of two district court decisions that had struck down the Final Rule. Simultaneously, the commission took steps towards acceding to the vacatur of the non-compete ban . At the same time, however, the FTC has also indicated, through recent enforcement actions and warning letters , that it will continue to pursue remedies against employers on a case-by-case basis for the unlawful use of post-employment non-competes under Section 5 of the FTC Act, which prohibits "unfair methods of competition." Those FTC efforts, which are nothing new, mean the battle over the validity of non-compete agreements will continue to be fought largely at the state and local levels. Once again, dental practice owners and other employers will need to tailor their non-competition agreements to comply with the patchwork of jurisprudence, laws, and regulations of the states and localities where they have employees while remaining mindful of anti-competitive overreach that could attract the FTC's attention. With the nationwide non-compete ban dead and buried, but restrictions on and litigation about the enforceability of such agreements very much alive, now is an opportune time for practice owners to consult with experienced employment counsel who can review and revise any existing or contemplated non-competition provision as necessary. If you have questions about your company’s non-competes or would like assistance reviewing or drafting such agreements, please call Grogan Hesse & Uditsky at (630) 833-5533 or contact us online to arrange for your free initial consultation. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
As a 17 th -century French playwright, actor, and poet, Molière probably received his fair share of stinging, negative reviews of his work. While we may not know exactly how he felt about such critiques, he did offer some sage advice that dentists should heed when confronted with a patient’s scathing, hurtful, or untrue online review: “ A wise man is superior to any insults which can be put upon him and the best reply to unseemly behavior is patience and moderation .” Human nature being what it is, patience and moderation can be in short supply when a dentist reads a review that casts doubt on their competence, integrity, or professionalism, especially if they believe that the review’s content contains abject falsehoods or misrepresentations. Not only can such online comments make blood boil and bruise the ego, but even one negative review can have a devastating impact on a practice and its reputation. 84% of the public trusts online reviews to help them make consumer decisions, including those involving healthcare providers. According to some surveys, more than 70% of patients say they read reviews before selecting a healthcare provider, and nearly half would not consider a provider with fewer than four stars. Negative reviews can disproportionately influence perception, even if they represent a small fraction of feedback. Given that a single negative review can stand out in an otherwise glowing profile and, if left unaddressed, may deter potential patients, dentists understandably will want to respond, correcting misstatements or otherwise neutralizing the misrepresentations or assertions contained in the review. But those responses, if made reflexively and without careful consideration of legal and ethical boundaries, can make a bad situation worse or make the dentist appear petty and vindictive. Additionally, dentists who do decide to respond to a patient’s negative review publicly may inadvertently reveal confidential patient information in their attempts to refute allegations of poor or substandard care. Such transgressions can have catastrophic licensing and regulatory consequences for dentists. So what should dentists do when faced with a horrible review that every prospective patient can see? As discussed below, responses can, and often should, be made, but with the patience and moderation Molière recommended. Hitting Back v. Hitting HIPAA Perhaps the biggest risk dentists take when publicly responding to a patient’s negative review is inadvertently violating their HIPAA patient privacy obligations. Unlike other businesses, dentists cannot freely discuss the details of a patient’s complaint in a public forum. The HIPAA Privacy Rule prohibits disclosing protected health information (PHI) without patient authorization. Even acknowledging that the reviewer is a patient may constitute a privacy violation. For example, if a patient writes, “I had a terrible root canal here,” the dentist cannot reply with, “We offered you antibiotics, but you refused.” That would be a clear HIPAA violation. Instead, dentists should respond in general terms that neither confirm nor deny treatment specifics. Best Practices for Responding to Negative Reviews When deciding how and whether to respond, dentists should keep the following principles and tips in mind: Cool Off Before Going Off. The worst thing a dentist can do with a bad online review is to immediately post a response in the throes of anger and indignation, however justifiable those emotions may be. Before deciding whether and how to respond, take the time needed for your professionalism and rationality to come back to the fore. Stay Professional and Neutral. Never respond defensively or emotionally. A hostile reply can escalate the issue and further damage your reputation. Even if the review feels unfair, professionalism is key. Acknowledge Without Confirming. Responses should not confirm that the reviewer is or was a patient. Instead, use neutral language such as: “We take all feedback seriously and strive to provide excellent care. We encourage you to contact our office directly to discuss your concerns.” Take the Conversation Offline. Invite the reviewer to call or email the office to resolve the issue privately. This demonstrates attentiveness while protecting confidentiality. Highlight Practice Values. Use responses as an opportunity to reaffirm commitment to patient care. For example: “Our goal is to make every patient feel comfortable and well cared for. We welcome feedback to help us improve.” When Silence May Be Golden Not every negative review needs a reply. If the comment is clearly unreasonable, inflammatory, or fraudulent, sometimes the best response is no response—or a simple flagging of the review for removal. Consider not responding in the following circumstances: Abusive or Fake Reviews. If a review contains profanity, slander, or appears fraudulent, flag it for removal instead of responding. Ongoing Legal Disputes. If the complaint relates to malpractice or litigation, responding publicly can backfire and give the patient more ammunition for their claims. Obvious Spam. Automated or irrelevant reviews do not require acknowledgment. Can You Sue for Defamation? Sure. Will You Win? Probably Not. On more than one occasion, a panicked and indignant dentist or other client of mine has called me to ask whether they could and should sue their former patient for defamation for a harsh online review. The answer, of course, is that you are well within your rights to sue “YourDentalPracticeSucks123” or whoever it is that is trying to take a wrecking ball to your career. You can sue anybody for anything. Whether such a lawsuit will be successful or has any legal basis is another matter entirely. The fact is that even the most scathing negative online review, if susceptible to the principle of “innocent construction” (meaning the allegedly libelous statement is given a non-defamatory interpretation because it is deemed ambiguous) or is composed of opinions rather than demonstrably false allegations of misconduct, will likely not qualify as actionable defamation in most jurisdictions. Furthermore, such lawsuits can expose the offended dentist or other professional to backlash, ridicule, and bad publicity in the fast-moving and fickle world of social media. If you look to hold online review sites and other platforms responsible for false and defamatory information posted by reviewers, you won’t get terribly far. While you may be able to get a website to remove a particularly egregious post, Section 230 of the federal Communications Decency Act largely immunizes such sites from claims based on comments or reviews posted by third-party users. Is It a Subjective Opinion or a Factual Allegation? The most common issue that arises in defamation cases based on online reviews is the question of whether or not a statement was false. Only false statements of fact can form the basis of a defamation claim, not opinions, no matter how histrionic or counterfactual they may be. A statement of fact is one that can be objectively proved or disproved. Consider the two following hypothetical reviews of a dentist: “She was rude, impatient, and treated me disrespectfully. It was perhaps the worst experience I’ve ever had with a dentist in my entire life. She is horrible.” “He stole money from my purse and touched me inappropriately while I was under sedation.” The former is a non-actionable opinion, as the dentist will not be able to objectively prove whether or not she was, in fact, rude, disrespectful, and the cause of one of the worst experiences in the patient’s life. Contrast that with the latter statement that accuses the dentist of specific actions and misconduct that can be proven or disproven with evidence. Proactive Reputation Management The best defense against negative reviews is a steady stream of positive ones. Dentists can encourage satisfied patients to leave feedback by: Sending follow-up emails with review links Placing QR codes in the office for easy access Training staff to request reviews after successful appointments A high volume of positive reviews will dilute the impact of the occasional negative one and provide a more accurate picture of patient satisfaction. As infuriating as negative online reviews can be, it is the rare dentist who can make it through their career without leaving at least one patient dissatisfied or unhappy with their treatment. When a patient shares those feelings with the world, it can be easy to let it get under your skin. But sometimes, restraint can speak louder than a retort. If you have questions or concerns about negative online reviews or reputation management for your dental practice, please contact Grogan Hesse & Uditsky today at (630) 833-5533 or contact us online to arrange for your free initial consultation. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
On July 4, 2025, the One Big Beautiful Bill Act (OBBBA) was signed into law. One may question whether this sprawling piece of legislation deserves to be called “beautiful,” but it undoubtedly earns the “big” in its name, especially for small businesses like dental practices. That is because it contains several provisions that could have a significant impact on the tax obligations of practices and their owners. Most notably, the OBBBA solidifies significant tax reforms and exemptions that were part of the 2017 Tax Cuts and Jobs Act (TCJA). Here are seven aspects of the OBBBA that are of particular interest to dental practices and their owners. 1. Permanent Qualified Business Income (QBI) Deduction The 20 percent small business tax deduction (also known as the section 199a deduction) for sole proprietorships, partnerships, S-corporations, and LLCs, which was scheduled to expire at the end of 2025, is made permanent and extends the amount of income subject to the phase-out rules. Specifically, the income threshold for single taxpayers is expanded by $25,000 and for joint filers by $50,000. The bill also includes a new minimum deduction of $400 for taxpayers with at least $1,000 of qualified business income from one or more actively conducted trades or businesses in which they materially participate. 2. Expanding Section 179 Expensing The bill increases the Small Business Expensing Cap from $1.22 million to $2.5 million. It also brings back and makes permanent “bonus depreciation,” which allows for an immediate write-off of 100 percent (versus 40 percent) of the cost of new qualified property acquired after January 19, 2025, such as equipment, vehicles, and software. 3. Qualified Small Business Stock The OBBBA modifies the Qualified Small Business Stock (QSBS) provisions contained in Section 1202 of the Internal Revenue Code by increasing the amounts that can be excluded from gross income, raising the size limit for QSBS investments, and shortening the holding period so investors can take advantage of the provision's benefits earlier than before. Specifically: For QSBS issued after OBBBA's July 4, 2025, effective date, the per-taxpayer gain exclusion cap for the sale of QSBS is raised from $10 million to $15 million, with that threshold being adjusted for inflation starting in 2027. The exclusion amount will now be $15 million or 10x the basis in the stock, whichever is greater. The aggregate gross assets a C corporation may have for its stock to qualify as a qualified small business is now $75 million – up from $50 million - for stock issued after July 4, 2025, with the new limit to be adjusted for inflation beginning in 2027. For QSBS acquired after July 4, 2025, the holding period required to qualify for the QSBS gain exclusion drops from five years to three years. After three years, a 50% exclusion is available, increasing to 75% after four years, and reaching 100% exclusion after five years. 4. Enhancing the Employer-provided Childcare Credit Section 45F of the tax code, which is designed to incentivize businesses to invest in childcare, now provides qualifying small businesses (gross receipts of $25 million or less for the preceding five years) with a maximum tax credit of up to $600,000 per year on up to 50 percent of qualified childcare expenses provided to employees. This credit is effective beginning in 2026. 5. Employer-provided Student Loan Repayment Assistance The OBBBA makes the employer-provided student loan repayment benefit permanent, allowing employers to contribute up to $5,250 per year towards employees' student loans, tax-free for both the employer and employee. This annual limit will be adjusted for inflation starting in 2026, ensuring the benefit keeps pace with rising education costs. 6. Permanent, Inflation-Indexed Estate & Gift Tax Exemption The OBBBA permanently increases the unified federal estate and lifetime gift tax exemption to $15 million per individual ($30 million for married couples), indexed for inflation starting in 2026. If the TCJA’s exemption provisions had expired, the threshold would have dropped to approximately $7 million per individual. This stability allows ultra-high-net-worth individuals to accelerate lifetime gifting and fund trusts efficiently. Techniques such as SLATs (Spousal Lifetime Access Trusts) are now more powerful planning tools given the increased exemption scope. The generation-skipping transfer (GST) tax exemption is now also aligned with the $15 million per individual exemption, also indexed for inflation. 7. SALT Deduction Raised – For Some The law increased the state and local tax (SALT) deduction cap from $10,000 to $40,000; however, this cap is not universally available. If your modified adjusted gross income (MAGI) exceeds certain thresholds, the $40,000 cap will be phased out. For single filers, the phase-out starts at $250,000 MAGI. For joint filers, the phase-out starts at $500,000 MAGI. The deduction is reduced by 30% of the amount exceeding these thresholds until it reaches the original $10,000 cap for the highest earners. The income thresholds for the phase-out will increase by 1% annually from 2026 to 2029. If you have questions about the OBBBA and what it means for you and your practice, please contact Grogan Hesse & Uditsky today at (630) 833-5533 or contact us online to arrange for your free initial consultation. We focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
