How to Protect Your Personal Privacy as a Doctor, Nurse, or Healthcare Professional
A step-by-step guide for clinicians to remove their home address from the NPI registry and public licensing databases, separate professional and personal online presence, manage medical review platform profiles, and respond when targeted.
Remove your home address from public professional databases
Most clinicians do not realize that the NPI registry and state licensing databases are the root data source for people-search sites. Fixing the source removes your address from hundreds of downstream sites without chasing each one individually.
- The National Provider Identifier (NPI) registry is a public CMS database that lists every licensed provider's name, address, and specialty. The full database is downloadable weekly, which is how people-search sites bulk-import clinician addresses
- Go to nppes.cms.hhs.gov and log in with your CMS credentials to update your entry
- Change both your mailing address and practice location address to your hospital, clinic, or a professional PO Box. Remove any home address that appears
- If you set up your NPI during residency and used a training program or personal address, this is almost certainly still on file and worth correcting immediately
- Changes appear in the public registry within a few days and are picked up by aggregator sites in their next update cycle
- Most state medical and nursing boards publish license holder information publicly. Search for your state's board website and review what address is listed on your public license profile. Most boards allow you to update your listed address to a practice address without affecting your license status
- Several states have enacted shield laws or confidentiality programs for clinicians facing safety concerns, particularly those providing reproductive or gender-affirming care. Contact your board directly to ask whether a confidentiality designation is available
- DEA registration: use your practice or hospital address, not your home address
- After updating official databases, submit opt-out requests to the major people-search sites: Spokeo, WhitePages, BeenVerified, MyLife, and Intelius all have opt-out forms. Updating the source databases prevents your address from reappearing after removal
- For broad removal across many sites at once, services such as Optery and Incogni submit opt-out requests on your behalf across several hundred data brokers
Separate your professional and personal online presence
Your professional identity is deliberately public: patients need to find you. What does not need to be public is your home neighborhood, your family's routine, and the personal accounts where you are not speaking as a clinician. Keeping these separate is the most durable protection.
- Set your personal Instagram, Facebook, and X accounts to private if you use them for anything other than professional communication. Review your follower or friend list and remove anyone you do not personally know
- Use a different email address for personal social media than for professional or patient-facing communications. This prevents cross-linking between your clinical identity and personal accounts
- Review tagged photos and location check-ins. These can reveal your home neighborhood, gym, the school your children attend, and your daily commute, even if your posts themselves contain none of this
- Avoid using the same profile photo across personal and professional platforms. A reverse image search can link accounts that you intend to keep separate
- If you use X or LinkedIn professionally, treat those accounts as public by default and post accordingly. Keep all personal content on private platforms only
- Home address or neighborhood: even mentioning a local neighborhood in a post creates a searchable link between your name and your area
- Children's school, sports teams, or activities: these details are frequently used to locate or pressure clinicians who provide politically targeted care
- Daily routine or commute: posts about your regular coffee shop, running route, or parking situation reveal predictable patterns
- Vehicle details: license plates visible in photos are searchable. Blur them if you share car photos
- Vacation timing: announcing travel while you are away reveals when your home is unoccupied and confirms your physical location is not local
- Family members: avoid tagging or naming immediate family members in public posts, as they become secondary targets in harassment campaigns
Claim and manage your medical review platform profiles
Healthgrades, Zocdoc, RateMDs, Vitals, and WebMD generate profiles for clinicians automatically using the NPI registry and other public sources. You cannot prevent these profiles from existing, but claiming them means you control what information appears on them.
- Search your full name on Healthgrades, RateMDs, Vitals, WebMD, and Zocdoc. You likely have a profile on each, populated automatically from the NPI registry and state licensing data
- Healthgrades: go to healthgrades.com/office/physician-info to claim your profile. Once claimed, you can update your practice address, phone number, and biography, and remove any personal contact information that was pulled in automatically
- Zocdoc: contact their provider support to claim your listing and update contact details to practice information only
- RateMDs and Vitals: both have profile claim processes through their websites. Update your listed address to your practice
- Once you have updated your NPI registry in Section 1, these platforms will eventually pull in the corrected practice address. Claiming your profile accelerates this and prevents interim exposure
- Resist responding to individual negative reviews, particularly those that contain inaccurate claims. Responses that confirm someone was a patient, reference any clinical details, or dispute specifics of a visit can constitute a HIPAA violation, even if your intention is to defend yourself
- If you respond at all, keep it brief, general, and professional: something like "We take all feedback seriously and encourage patients to contact our office directly." Do not confirm or deny that the reviewer was a patient
- Defamatory reviews, those containing false statements of fact presented as true, can be reported to the platform for removal. This is distinct from negative opinions, which platforms generally do not remove. Document the review with a screenshot and timestamp before reporting
- Platforms including Healthgrades and Google have reporting processes for reviews that violate their guidelines. Reports based on harassment, threats, or demonstrably false factual claims are more likely to succeed than reports based on one-star ratings alone
What to do if you are being targeted or harassed online
If harassment moves beyond individual negative reviews to coordinated posting of personal information, threats, or exposure of your home address, the response requires more than platform reporting. Document first, then escalate through the right channels.
- Screenshot everything with timestamps before reporting it, as content is often removed or modified once a report is filed. Use your browser's built-in screenshot tool or a full-page capture extension
- Report to each platform using their harassment and doxxing reporting tools. For posts that reveal your home address or contain credible threats, flag as both harassment and personal information exposure
- Notify your hospital or institution's security team and patient safety officer immediately if posts reveal your home address or constitute physical threats. Most institutions have a protocol for staff safety incidents
- The AMA maintains resources for physicians experiencing online harassment and has passed formal resolutions supporting anti-doxxing protections. Contact your state medical society as well, as some have legal support programs for members facing harassment
- For credible physical threats, file a report with local law enforcement and retain your documentation. Request a report number for your records
- Complete Section 1 (NPI and medical board updates) before harassment begins. Removing your home address from official databases is far easier to do proactively than after it has already been spread
- Consider a PO Box or registered mail address for any public-facing registration that requires a mailing address. Annual cost is low and it permanently removes your home address from those records
- Conduct a Google search of your own full name with your city or specialty every few months. Set up a Google Alert for your name to be notified when new results appear
- Ask your institution's compliance or risk management office whether they offer any doxxing or online harassment response support. Many academic medical centers and large health systems have added this following the increase in clinician targeting
- If you provide reproductive care, gender-affirming care, or other politically targeted services, treat this guide as a baseline rather than a ceiling. Additional resources are available through the AMA, your specialty society, and organizations such as the National Abortion Federation
The privacy risk for healthcare professionals is structurally different from the general public. Your name, specialty, and practice location are meant to be findable. What is not meant to be public is your home address, your family's daily routine, and the personal accounts where you exist outside your clinical role. The NPI registry and state licensing databases are where people-search sites get most of their data on clinicians, which means updating those two sources (Section 1) removes the root cause rather than chasing individual removal requests indefinitely. Claiming your review platform profiles (Section 3) is the step most clinicians skip until harassment has already started. Doing it now, while things are calm, puts you in a far stronger position if they do not stay that way.