Tips for keeping this valuable addition compliant with the law.
Email marketing can be a valuable addition to your healthcare practice to improve patient outcomes, increase revenue, and position yourself as a leader in your field. Healthcare email marketing use cases range from reminding people about annual screenings, sharing new developments in your field, updating patients about changes to your practice—and many more.
All email marketers must abide by the CAN-SPAM Act, which sets a national standard for the regulation of unsolicited and unwanted junk email. The HIPAA Privacy Rule has additional requirements regarding how covered entities can market to patients.
In this article we will explain how you can take advantage of this powerful marketing strategy while staying on the right side of the law.
The Federal Trade Commission (FTC), Bureau of Consumer Protection provides a CAN-SPAM Act compliance guidewhich summarizes the ruling for email marketers.
Here are the main points of the CAN-SPAM to consider when sending email marketing campaigns.
HIPAA defines marketing as “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.” In general, HIPAA requires written authorization before a covered entity can use PHI for marketing purposes.
If your bulk emails are considered marketing by HIPAA’s definition, in most cases you must receive prior authorization before sending them.
Some examples of communications that require patient authorization are:
There are many types of communication that HIPAA does not consider marketing which therefore do not require prior authorization to discuss with patients.
It is not marketing when:
The HIPAA Security Rule sets specific standards for the confidentiality, integrity, and availability of electronic PHI (ePHI) and the technical and non-technical protections that covered entities must implement to secure it.
In regards to email marketing, encryption is the best option for ensuring HIPAA compliant email.
However, email encryption is not enough to ensure HIPAA compliance. Any email marketing platform you partner with must sign a business associate agreement (BAA) with you.
Unfortunately, most mainstream email marketing solutions will not sign a BAA, which is a nonstarter for healthcare providers. This includes such well known platforms such as Mailchimp and HubSpot, among many others.
However, there are alternatives. For more details on which platforms are safe and effective for healthcare providers to use, we have analyzed the HIPAA compliance of the top 20 email marketing solutions here.
As long as you abide by the CAN-SPAM Act, obtain prior authorization when required, and use a HIPAA compliant email marketing platform, you can use email marketing to grow your business and improve patient outcomes.
Although you might see HIPAA as a roadblock to implementing an email marketing strategy, it doesn’t have to be.