The Regulatory Overlay on ORM
Online reputation management in regulated industries is not just about managing perception—it’s about managing perception within strict legal boundaries. Regulated industries impose constraints that non-regulated businesses don’t face: financial advisors operate under SEC and FINRA marketing rules; healthcare providers operate under HIPAA; attorneys operate under state bar advertising and solicitation rules. In each case, the regulations exist for consumer protection purposes, but they create real constraints on how organizations can communicate about their services, solicit testimonials, and respond to public criticism. Understanding these constraints is the starting point for building compliant ORM strategy.
Financial Services: SEC Marketing Rule Compliance
The SEC’s Marketing Rule (updated 2022) allows investment advisers to use testimonials and endorsements, including client reviews, subject to specific conditions: disclosure when compensation is provided, no cherry-picking of reviews to create false impressions, and clear presentation of material conflicts of interest. Third-party rating sites that use objective methodologies are generally permissible without additional disclosure, but advisors must ensure that the rating criteria are publicly available and that the ratings reflect objective assessment rather than cherry-picked data. FINRA-registered broker-dealers face different, more restrictive rules that require pre-approval of advertising and testimonial content.
Healthcare: HIPAA and State Advertising Rules
HIPAA’s Privacy Rule creates the most significant ORM constraint in healthcare: providers cannot confirm or deny whether a reviewer is a patient, cannot discuss any clinical details in a public response, and cannot use patient-identifying information in marketing without specific written authorization. State advertising rules for healthcare professionals (particularly for physicians, dentists, and attorneys) may additionally restrict claims of specialization without board certification, outcome guarantees, and certain types of comparative advertising. Compliance counsel should review any ORM program for healthcare organizations before implementation.
Legal Services: Bar Rules and the Ethics of Review Management
State bar advertising rules governing attorneys vary significantly but generally prohibit: false or misleading statements, statements that create unjustified expectations about outcomes, claims of specialization without certification, and testimonials that violate confidentiality. Most states permit attorneys to encourage clients to leave reviews, but some prohibit specifically soliciting positive reviews as distinguished from simply inviting feedback. The ethical obligation of confidentiality means that attorney responses to client reviews must be carefully constructed to avoid inadvertently disclosing that the reviewer is or was a client or any information about the representation.
