Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

3 min read

HIPAA compliant email marketing campaigns explained

HIPAA compliant email marketing campaigns explained

With Americans receiving an average of 2,000 robocalls per second, healthcare organizations face new headwinds around secure patient outreach. Since many people don't answer calls from an unrecognized number, how do healthcare marketing managers fulfill patient communication requirements?

To meet this need there is an emerging trend in US healthcare: HIPAA compliant email marketing campaigns. To get on the same page, we'll cover some general terms first, and then we'll segue to the heart of the post: why you should use Paubox's HIPAA compliant email marketing solution, Paubox Marketing, to grow your healthcare business.


Table of contents:


A refresher on HIPAA compliance


Can I use TowerData and be HIPAA Compliant? - Paubox


The term HIPAA compliance can be thought of in three parts which work together:


  • HIPAA privacy rule
  • HIPAA security rule
  • Business associate agreement


The HIPAA privacy rule created a set of national standards to safeguard Americans' health information.  HIPAA regulations around marketing are defined within the privacy rule.  We explain HIPAA's definition of marketing in detail in this post.

In short, the privacy rule allows a  covered entity to disclose protected health information (PHI) to a business associate if the business associate uses the PHI only within the scope of its engagement with the covered entity.

The HIPAA security rule sets out what protections must be in place to defend electronic PHI (ePHI), which is protected health information stored or transmitted electronically. A business associate agreement (BAA) is a written contract between a covered entity and a business associate.

It is required for HIPAA compliance. At a minimum, there are 10 provisions that must be covered by a BAA. In a nutshell, if you are using a third party (i.e. a business associate) to transmit or host PHI, they are required by law to sign a BAA with you.


HIPAA compliant email and encryption


What does it mean to be a Business Associate? - Paubox


When it comes to email, both covered entities and business associates are required by law to take reasonable steps to protect PHI while it is transmitted and while it is stored. These concepts are known as encryption in-transit and encryption at-rest.

An important fact to know is that once an email reaches the recipient, the obligation of the sender ends and it becomes the recipient’s job to secure any PHI he or she has in his or her inbox.


Read More: HIPAA Compliant Email: A Complete Guide


What makes an email marketing campaign HIPAA compliant?


Doctor searching for best hipaa compliant email service


In order to send HIPAA compliant email newsletters, healthcare providers must:


  • Sign a BAA with their marketing vendor
  • Properly safeguard all data stored at-rest, as it invariably will contain PHI
  • Use a marketing solution that is capable of sending HIPAA compliant email


The most common email marketing tools do not cover these bases. For example, Mailchimp, one of the most popular email marketing tools, will not sign a BAA. And although  Campaign Monitor will sign a BAA, it will not let you use the service to send email containing PHI.

In fact, of the 17 email marketing vendors we looked at, only one of them would both sign a BAA and allow customers to actually send HIPAA compliant email marketing. However, the vendor still requires recipients to log into a portal to view their emails (which adds a ton of friction).

To meet this market need, we have developed Paubox Marketing, our HITRUST CSF certified email marketing solution.

To our knowledge, Paubox Marketing is the only solution on the market that allows healthcare providers to send properly encrypted marketing messages which contain PHI like regular emails – with no extra steps for the recipient.


When does an email newsletter have to be HIPAA compliant?


Healthcare organizations have been sending email newsletters for years. However, the standard marketing tools only allow healthcare providers to send generic communications and massive blasts which contain no personally identifiable information, and therefore they cannot be targeted to individuals.

You cannot use off the shelf products to deliver personalized emails with information specific to your patients' treatment or health goals. This makes your marketing emails less effective.

In contrast, Paubox Marketing  allows you to segment and send secure email including PHI to increase engagement and build your business while remaining HIPAA compliant.

What's more, patients view marketing emails like regular emails without relying on outdated portal notifications which are terrible for the recipient.   


HIPAA compliant email marketing uses


Is GetResponse a HIPAA Compliant Email Marketing Solution? - Paubox


HIPAA compliant email marketing can be used to achieve population health objectives. For example, digital marketing managers can use Paubox Marketing to:


  • Email current patients for the purpose of maintaining their health and reminding them of recommended screenings
  • Reach out to the general population to mitigate health risks, such as a stroke or diabetes, and encourage people to come to their practice for treatment


In addition, healthcare providers can also use email for secure patient outreach. Some organizations are contractually obligated to provide outreach to their patients, and a HIPAA compliant email newsletter is a viable tool for this.


HIPAA compliant marketing providers


HIPAA Compliant Transactional Email - Paubox


Over the past 12 months, we've thoroughly researched the HIPAA compliant email marketing landscape. In summary, the  ample opportunity we see in this space led us to launch our own HIPAA compliant email solution, Paubox Marketing, which allows you to segment and send secure emails using your patient data to drive more engagement and results. All while staying HIPAA compliant.


Related Items:
Try Paubox Marketing for free and make your email marketing HIPAA compliant today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.