Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

3 min read

How the CAN-SPAM Act relates to healthcare email marketing

How the CAN-SPAM Act relates to healthcare email marketing

In 2003, Congress enacted the Controlling the Assault of Non-Solicited Pornography and Marketing ( CAN-SPAM Act) to set a national standard for the regulation of unsolicited and unwanted junk email, also known as spam. The Federal Trade Commission (FTC), Bureau of Consumer Protection has provided a CAN SPAM Act compliance guide which summarizes the ruling. Keep in mind that as a covered entity, you must receive prior authorization to send any communication which HIPAA considers to be marketing.

SEE ALSO: HIPAA Definition of Marketing Explained

If you use Paubox Marketing as your healthcare email marketing solution, the platform takes care of many of the CAN SPAM Act requirements automatically, and the rest are easy for an honest business to follow.  Plus, you have the added comfort of knowing you are partnering with a HIPAA compliant business associate whose product runs on HITRUST CSF certified technology. SEE ALSO: Why Paubox Marketing is the Best HIPAA Email Marketing Solution Available Below we will explain the main points of the CAN-SPAM act for healthcare that you should keep in mind when sending email marketing to your patients or other contacts.


Provide the option to unsubscribe

Email recipients must be able to easily opt out if they want to.  All opt-out requests must be honored within 10 days. Luckily, any email you send with Paubox Marketing includes an unsubscribe button at the bottom.  If a recipient unsubscribes, they are removed from your subscription list immediately.


Provide your physical address

You must include a physical mailing address or P.O. Box where you can receive mail in every promotional email you send. Again, Paubox Marketing will take care of this for you.  You simply enter your address once on your account page, and it will then be included in the footer of every email.


Keep your header honest

Your email must clearly and accurately identify the business that is sending the email in the “from,” “reply to” and “routing information” sections of the email. Someone would only change the routing information if he or she was consciously trying to send dubious content, so you don't have to worry about that part. With Paubox Marketing, your website domain is registered on our secure platform, which is what allows you to send HIPAA compliant email to your patients without relying on portals or passwords.  Any marketing emails must be sent from an email address at your registered domain, so your "from" and "reply to" emails will always be legitimate.


Keep your subject line honest

This one is up to you to enforce.  Do not be deceitful, misleading or inaccurate with your subject lines in an attempt to get people to open your email.  Your subject line should contain a short explanation of the email contents. Best practices for an honest, yet impactful subject line include keeping it short, offering value and creating a sense of urgency.  If you're looking for inspiration, there are plenty of helpful guides available online.


If it's an advertisement, identify the message as such

The CAN-SPAM Act covers any email whose primary purpose is the advertisement or promotion of a commercial product or service.  Not all emails you send with Paubox Marketing will necessarily be "marketing" emails under the CAN SPAM or HIPAA definition of the term. For example, since Paubox Marketing allows you to segment and send personalized email messages that contain protected health information ( PHI), you might use the platform to send people test results, or recommend a procedure based on a patient's age. However, if you do send an advertisement (such an email newsletter, or offering a patient referral code for example), you must identify the message as such. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement. You can simply include a line at the bottom of your email such as, "This promotion is brought to you by Name of Business" as one very basic example.


Third party responsibility

If you are using a third party to create and manage your business’s emails, it is ultimately your responsibility to ensure that the emails are compliant with the CAN-SPAM Act. Ask to see each email before it is released and check to ensure that all aspects of the CAN-SPAM Act are being followed.



The CAN-SPAM Act was put in place to protect consumers, but by adhering to its policies, it also creates a transparent and honest relationship between your healthcare business and the people on your email list.  In addition, the more authentic your email looks and the easier it is to opt-out, the less likely your emails are to be flagged as spam or junk. Anti-spam regulations take aim at fraudulent, misleading, illegal and inappropriate uses of email, which is not what a reputable healthcare provider will be trying to do.  It’s relatively easy for your legitimate medical practice advertising and hospital marketing to observe the rules of the CAN-SPAM Act for healthcare.


Try Paubox Marketing for free and make your email marketing HIPAA compliant today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.