Dental practices carry a unique burden: HIPAA (US), DPA 2018 (UK) and GDPR art. 9 (EU) prevent you from even confirming that the reviewer is a patient. A wrong reply can trigger a five-figure OCR fine on top of the review damage. We file HIPAA-safe, attested-not-disclosed removals against non-patients, wrong-clinic confusion, billing-dispute-as-clinical claims, named-provider defamation and competitor sabotage. BAA signed before any file exchange. Billed only after successful removal.
HIPAA BAA signed · 24-hour eligibility answer · Independent GPs, DSOs and 400-clinic groups

The single biggest reason dental practices lose review disputes is that they respond publicly with information that acknowledges the reviewer as a patient. That is a HIPAA breach under 45 CFR §164.508 whether or not the reviewer is actually a patient. Our workflow is built specifically to avoid this trap.
A practice representative attests under penalty of perjury that the reviewer is not in the patient database. Google accepts this. You never transmit PHI. 34% first-pass removal on our 2025-26 dental log.
HIPAA Business Associate Agreement (US) or GDPR art. 28 processor DPA (UK/EU) signed at engagement. Any incidental PHI is handled under the same rules as your IT vendor.
For reviews Google leaves live, we draft the HIPAA-safe reply. 87% of prospective patients read owner responses (Weave Dental State-of-Reviews 2024) — a safe reply is often as valuable as a removal.
Sources: 45 CFR §164.508; HHS OCR enforcement round-ups 2023-2024 (seven dental practice fines); UK DPA 2018 Sched. 1; GDPR art. 9 and 28.
Every accepted case maps to one of these six patterns. Reviews that do not match are declined in writing before any invoice is raised.
| Pattern | HIPAA-safe evidence and typical outcome |
|---|---|
| HIPAA / GDPR-Health self-disclosure by the reviewer | Practice cannot even confirm the reviewer is a patient without written authorization (HIPAA 45 CFR §164.508; UK: DPA 2018 special-category data; EU: GDPR art. 9). But Google removes reviews that expose the reviewer's OWN treatment details when combined with identifiable practice info — and this is the safest ground for a dentist to argue, because you never need to disclose PHI. |
| Never a patient of record | Reviewer's name, DOB and contact do not appear in your Dentrix, Eaglesoft, Open Dental, Curve, Practice-Web or SoftDent patient database. Google's Contributed Content policy on Fake Engagement covers this. Attest in the Redressal Form; do NOT attach the patient database. |
| Wrong-clinic confusion (DSO / group practices) | Patient reviews clinic A while treated at clinic B under the same brand. Common for DSOs like Aspen Dental, Heartland, MB2 Dental, Bupa Dental, {my}dentist. Location-mismatch removal path resolves in 6-9 days. |
| Insurance / billing dispute misclassified as clinical | "They ripped me off" complaints that turn out to be Delta Dental / Cigna / BUPA / NHS claim denials. Google treats billing-only disputes as commercial complaints removable when the practice provides the EOB (Explanation of Benefits) timeline without disclosing PHI. |
| Competitor sabotage / burner accounts | Reviewer profile shows 1-stars against nearby competing dental practices and 5-stars for one specific rival. Cross-practice pattern packs are what actually moves Google Trust & Safety for healthcare verticals. |
| Reviewer named a specific dentist by full name in a defamatory way | Named-provider defamation engages GDC (UK), state dental board (US) and Ordre des dentistes (FR) rules on public commentary. Provider consent lets us file under specific defamation law, not just Google policy. |
The dental queue applies Google's six global policy categories plus healthcare-specific interpretations refreshed in 2024. Filings that acknowledge patient status trigger HIPAA exposure independent of the review itself.
No black-box promises. HIPAA-safe at every step, verifiable from your own Google Business Profile dashboard, every fee triggered after removal.
You send review URLs and, if you consent, a hashed patient-record check. We NEVER see raw PHI. Our intake is designed by a former OCR HIPAA auditor; standard BAA (Business Associate Agreement) signed before any file exchange. UK: DPA 2018 Article 28 processor agreement. EU: GDPR art. 28 DPA.
The Redressal Form allows the practice representative to attest under penalty of perjury that the reviewer is not in the patient database, without ever transmitting the database. This is the entire game in dental. First-pass removal rate on attested-non-patient filings in our 2025-26 dental log: 34%.
For reviews that Google leaves up, we draft the public reply that thanks the reviewer for feedback without acknowledging patient status. A HIPAA-safe reply is often as valuable as removal because 87% of prospective patients read owner responses (Weave Dental State-of-Reviews 2024).
When a review names a specific dentist and makes false factual claims (e.g. "Dr. X is not licensed", "Dr. Y left equipment inside me"), we escalate under US state defamation law + FTC 16 CFR §465, UK Defamation Act 2013 s.1, or the local equivalent. Named-provider defamation removals reach 71% within 4 weeks.
Live-link screenshot from your own Google Business Profile dashboard. $449 (or local equivalent) per removed review, billed only after removal is confirmed. If we fail, you pay nothing. BAA maintained throughout.
A weak filing against a real patient erodes your removal-rate baseline for months, can trigger a Google Business Profile suspension, and — worst of all — a public reply that identifies the reviewer as a patient is a HIPAA breach even if the review is fake.
Honest 1-star reviews from real patients are protected commercial speech. A HIPAA-safe reply, not a removal filing, is the right move.
That reply is a HIPAA breach and any removal filing highlights it. We may still remove the review, but the OCR risk is now separate from the review.
Opinion is protected. Removal requires a false statement of fact, not a service judgement.
Genuine adverse outcomes belong in a formal state-board / GDC / Ordre complaint, not a Google removal filing. We refer you to a healthcare attorney instead.
No advance, no attempt fee, no monthly minimum. Local currency equivalents apply (£359 UK, €449 EU, C$599 Canada, A$649 Australia, ₹19,999 India, R$2,499 Brazil), plus VAT/GST where applicable. BAA / GDPR art. 28 DPA included. Volume pricing from 50 reviews per quarter for DSO groups.
Sibling pages and background reading from the BGR Review team.