Back to all posts
Marketing 9 min read · May 18, 2025

How We Built a 4.9-Star Google Reputation (Without Violating HIPAA)

MD

Dr. Meera Desai

Cosmetic dentist · Brand strategist

When I took over marketing for our 5-clinic DSO network in early 2024, we had 85 reviews across all five locations. That is an average of 17 per clinic. Our best location had a 4.2. Our worst had a 3.5 — and it showed in the conversion data. The clinics with higher review counts were booking 2.3x more new-patient calls per thousand ad dollars spent.

We needed more reviews. But here is the problem: dental practices cannot ask for reviews the way a restaurant or a salon can. HIPAA's minimum-necessary rule means you cannot use patient PHI to send review requests without specific consent. And the FTC has been increasingly aggressive about penalising businesses that incentivise reviews without clear disclosure. So the playbook had to be clean.

The data that convinced us

Before I get into tactics, here is why this matters. Google's own data shows that businesses with 100+ reviews see 4.6x more profile views and 3.8x more direction requests than businesses with fewer than 25. A 2024 BrightLocal study of dental practices specifically found that:

  • Practices with 50+ reviews and a 4.5+ rating generated 3.2x more phone calls from Google Business profiles
  • Each 0.1-star improvement in rating correlated with a 3-5% increase in click-through rate from local search results
  • The first 10 reviews had the highest marginal impact — going from zero to 10 reviews increased new-patient inquiries by an estimated 270%

For our network, the internal data was consistent. Our 4.8-star clinics had a 12% new-patient conversion rate from Google traffic. Our 3.8-star clinic had 5.7%. That gap alone was costing us roughly $29,000 per year in unrealised revenue at the underperforming location.

The compliance-first framework

Here is the framework we built. I am sharing it fully because I believe transparent review practices are better for everyone — patients, practices, and the platforms themselves.

1. Capture the moment of peak satisfaction

The single most effective time to ask for a review is within 5 minutes of a patient's best moment. For us, that moment was right after smile-reveal (for cosmetic cases), or immediately post-treatment when the patient was visibly relieved the procedure went well. We trained our front-desk team to simply say: "We would love it if you shared your experience. Would you be open to leaving a Google review?" If yes, they handed the patient a card with a direct link. No email capture required. No PHI stored.

2. The QR code on the checkout counter

Every checkout counter, every treatment room, every patient restroom — we put a small acrylic stand with a QR code that opens our Google review page. No pressure. No data collection. Just an invitation. We tracked QR scans using UTM parameters and found that about one in 40 scans resulted in a review.

3. The post-care automated nudge

This is where the platform matters. When a patient completes a treatment journey — say, a crown seating or a hygiene visit — our patient engagement platform sends a post-care check-in message automatically. At the end of that message: "How was your experience? [Tell Google] [Tell Us Directly]". The patient must opt into clicking the Google link. No assumption of consent.

"The automated nudge generated 3.4x more reviews than our manual QR code strategy. The reason: timing. The automated message arrives 2 hours after the appointment, when the patient is home and has their phone in hand. The QR code relies on them pausing on their way out the door."

Handling negative reviews

We received 17 negative reviews during the 8-month period. Every single one was an opportunity to demonstrate our commitment to patient care. Our response protocol:

  • Within 24 hours: Public response acknowledging the feedback, apologising for the specific experience, and inviting a private conversation. No defensiveness. No PHI disclosure in the public reply.
  • Within 48 hours: Private follow-up via the contact information the patient provided (not via Google's messaging, which has privacy limitations). Offer a complimentary revisit to address their concern.
  • Result: 6 of 17 negative reviewers updated their review (upward) after the follow-up. One deleted their review entirely.

The 8-month outcome

85→640+

Total reviews

4.9★

Network average

2.8x

New-patient call rate

The most important thing I want other dentists to take from this: you do not need to buy reviews, incentivise them, or use shady third-party reputation farms. A clean, compliance-first review strategy that captures patients at their moment of peak satisfaction — and makes it trivially easy to share — will outperform any shortcut.

Dr. Meera Desai

Automate your review generation

RetainOS sends HIPAA-compliant post-care check-ins with review requests at exactly the right moment — no manual follow-up needed.