by Chloe Bowen
Article filed in

HIPAA Email Marketing with Project Orca: Best Practices

by Chloe Bowen

HIPAA Email Marketing with Project Orca: Best Practices

Paubox specializes in HIPAA compliant email with zero-step encryption for both senders and recipients. Our newest product, Project Orca, allows you to go one step further.

With Project Orca healthcare providers can not only send direct emails to patients, but to also send HIPAA compliant email marketing campaigns which include protected health information (PHI).

In an effort to ensure success for our clients, here is some advice on what to do before you start including patient data in your communications with patients or potential patients.

Use a “send from” address that is monitored by a real human

Do not send email from “no-reply@yourdomain.com” or any other email address that will not be read by someone on your team.

Our customers have told us that they are concerned about the accuracy of the email addresses they have on file for their patients, so it’s important that recipients are easily able to get in contact with you to let you know if this happens.

The “send from” email address can easily be edited in Project Orca’s admin panel, so be sure to configure this properly before you send your first email.

Send a warm up email to confirm recipients’ email addresses before you send any PHI

Paubox recommends that you send everyone on your email list a message asking them to confirm their identity before you send any marketing which includes personally identifiable information.

Here is a basic templated email that you can feel free to duplicate and edit to fit your needs:


Hello [First Name],

You have previously indicated that you would like to correspond with [Healthcare Provider Name] via email regarding your healthcare. Our records indicate that this email address belongs to [First Name] [Last Name].

If you are not [First Name] [Last Name], please reply to this email and we’ll update our records accordingly.


Project Orca makes it easy to include smart text in a message, which allows customers to insert audience field data (such as first and last name) without the need to learn any programming syntax.

Include an unsubscribe button

Having people confirm that they want to receive your emails will ensure that recipients actually want to hear from you, and they will be less likely to mark your emails as spam.

In addition, as required by The CAN-SPAM Act, any emails sent with the Project Orca marketing tool include an “unsubscribe” button by default.

Include your physical address

The CAN-SPAM Act also requires you to include your physical address in your marketing emails. Fortunately this is a required field in Project Orca, so you will not be able to send an email without it.

HIPAA is often seen as a roadblock to implementing many digital marketing strategies, but it doesn’t have to be. Powered by Paubox’s HITRUST CSF certified API, Project Orca is the best tool for sending HIPAA compliant email marketing available today.


Related Items:
Try Project Orca for free and make your email marketing HIPAA compliant today.
Copy link
Powered by Social Snap