Reviews

Remove a Google review that contains personal information (fast track)

Reviews exposing medical details, home addresses, phone numbers, or ID information get removed within 3 business days. Here's the exact process and what counts as 'personal information'.

Shubham Kakkad
Shubham Kakkad
Author
July 3, 2026
5 min read
TweetShare
Locked padlock on a keyboard representing privacy

Of all the review removal categories, this is the one Google moves on fastest. A review that contains personal information of you, a staff member, or a third party tends to be the fastest category Google acts on. Google says review evaluation typically takes several days, and in our experience clear personal-information reports are among the more straightforward removals.

The reason is not goodwill. Google’s legal exposure for hosting personally identifiable information (PII) is high, especially under GDPR, CCPA, and HIPAA in healthcare contexts. They want it off the profile as much as you do.

The catch: you have to file it through the correct channel with the correct reason. Pick the wrong category and you are more likely to get a slow denial than a fast removal.

What actually counts as "personal information"

Google’s review content policy treats the following as PII when they appear in a review without consent:

  • Medical information. Specific diagnoses, treatments, prescription details, or health conditions of a named individual.
  • Government ID numbers. SSN, driver’s license, passport, Aadhaar, or any national ID.
  • Financial account information. Credit card numbers, bank account numbers, even partially redacted ones.
  • Home addresses. A reviewer’s home address or someone else’s. (Business addresses are fine.)
  • Personal phone numbers. A staff member’s personal cell, or a customer’s personal number. (Business phones are fine.)
  • Personal email addresses. Same logic.
  • Photos that expose identity. Photos of a person taken without their consent in a private context.

What doesn’t count as PII (so don’t file under this category):

  • Staff member’s first name appearing in a review (“Jenny was rude”). That’s a regular review.
  • The reviewer mentioning their own name. They’re consenting to that disclosure.
  • The business’s own published contact information.
  • A reference to a service or treatment without specific medical claims (“I came in for a cleaning” is fine; “Jane Smith was treated for hepatitis” is not).

If you’re unsure whether something qualifies, the test is: would the information identify a specific individual in a way they didn’t consent to? If yes, file. If borderline, file with explanation.

The exact filing process

  1. Open the Review Management Tool. Find the review on your Business Profile dashboard.
  2. Click the three-dot menu next to the review and select Report review.
  3. Choose the most accurate reason: "Personal information." Not “Spam,” not “Off-topic.” Reporting under the reason that actually matches the violation gives the report the best chance of a clean removal.
  4. Submit. Google logs the report and assesses it; you can track the status in the Reviews Management Tool.

That’s it for the standard path. Google says evaluation typically takes several days. In our experience a clear personal-information report is one of the more reliable removals, though Google never guarantees an outcome.

When the first report is denied

Some personal-info reports come back denied, often when the PII is not obvious from the review text alone or the report did not spell out clearly enough what the personal information is.

If denied, you get one appeal. Go to support.google.com/business/gethelp, select your business, and request a manual investigation. In the message:

  • Quote the specific text from the review that contains PII
  • Explain what kind of PII it is (medical, contact, government ID, etc.)
  • Note the date you filed the original report and identify the review in question
  • If the PII relates to a third party (not the reviewer), explain that the third party hasn’t consented

Manual review takes additional time. In our experience a well-documented appeal that quotes the offending text is rarely denied, though Google does not guarantee a result.

For healthcare practices specifically

Healthcare adds a wrinkle, but it’s worth being precise about what HIPAA does and doesn’t do. The Privacy Rule binds covered entities (the practice) and their business associates. It does not bind a patient writing a review, and it doesn’t make Google liable for hosting one. So a HIPAA claim isn’t a takedown lever against Google. The standard “Personal information” report is still your real removal tool here.

Where HIPAA does matter is your own conduct: a covered entity must never confirm or disclose protected health information in a public reply, even to correct the record. That’s the trap most practices fall into.

In that case:

  1. File the standard "Personal information" report.
  2. Simultaneously, document the review for your HIPAA compliance file.
  3. Do not respond publicly in a way that confirms the person was a patient or discloses any treatment detail.
  4. Loop in your healthcare attorney for your own compliance and response strategy, and to advise on any other legal removal avenues via the legal removals form. Engage counsel for compliance, not as a HIPAA takedown theory aimed at Google.

For most reviews the standard report does the job. The point of involving counsel is protecting the practice’s own compliance, not pressuring Google.

What not to do

  • Don’t reply to the review naming the PII in your response. That spreads the disclosure further. Reply briefly: “We’ve reported this review to Google for containing personal information and will respond to the underlying feedback once it’s removed.”
  • Don’t contact the reviewer to demand they edit it. Some platforms allow this, but on Google it usually ends with the reviewer adding more specifics in retaliation.
  • Don’t file a different category first ("Spam" or "Off-topic") in the hope it gets removed faster. The reverse is true: PII reports are the fastest category at Google.

The 24-hour rule

If the PII in the review is genuinely sensitive (medical, government ID, financial details), don’t wait. File within 24 hours of seeing it. The longer it’s public, the higher the exposure risk for whoever is identified, and the more cached / indexed copies start appearing elsewhere on the web. Cached copies on third-party sites are much harder to remove than the original Google review.

For everything else (home addresses, personal contact info), within a week is fine.

This article is general information, not legal or medical advice. Always file through Google’s official channels, and consult your own attorney or compliance team for HIPAA and other regulatory questions. Removal outcomes are decided by Google and are not guaranteed.


This post is one piece of a bigger playbook. The full guide covers all 16 common Google Business Profile crises in one place: The GBP cheat sheet.

Got a review with PII you can’t get removed? Send us the link and we’ll take a look.

Ready to own your map?

Free 30-minute audit. Live screenshare of your visibility, competitor signals, and the plan to surpass them.