HIPAA email marketing with Paubox Marketing: Best practices
by Chloe Bowen Chief of Staff
With Paubox Marketing healthcare providers can not only send direct emails to patients, but to also send HIPAA compliant email marketing campaigns which include protected health information (PHI).
In an effort to ensure success for our clients, here is some advice on what to do before you start including patient data in your communications with patients or potential patients.
Send a warm up email to confirm recipients’ email addresses before you send any PHI
Paubox recommends that you send everyone on your email list a message asking them to confirm their identity before you send any marketing which includes personally identifiable information.
Here is a basic templated email that you can feel free to duplicate and edit to fit your needs:
Hello [First Name],
You have previously indicated that you would like to correspond with [Healthcare Provider Name] via email regarding your healthcare. Our records indicate that this email address belongs to [First Name] [Last Name].
If you are not [First Name] [Last Name], please reply to this email and we’ll update our records accordingly.
Paubox Marketing makes it easy to include smart text in a message, which allows customers to insert audience field data (such as first and last name) without the need to learn any programming syntax.
Have patients opt in to marketing emails
HIPAA has a specific definition for marketing. We explain in detail in this post.
If you are using Paubox Marketing to send true marketing emails, such as email newsletters or promotional material, make sure your patients authorize receiving messages from you.
If you have a button on your website to subscribe to your email list for example, you must inform your patients that they will be receiving emails related to marketing activities, and remind them why they opted in for your emails (i.e. news from your practice, promotional gifts or discount coupons, etc.).
Use a “send from” address that is monitored by a real human
Do not send email from “firstname.lastname@example.org” or any other email address that will not be read by someone on your team.
Our customers have told us that they are concerned about the accuracy of the email addresses they have on file for their patients, so it’s important that recipients can easily contact you if they are not in fact the person you think they are. Anyone who has an email account that is easily misspelled will tell you that they have received emails from people thinking they are someone else.
The “send from” email address can easily be edited in Paubox Marketing‘s admin panel, so be sure to configure this properly before you send your first email.
Include an unsubscribe button
Having people confirm that they want to receive your emails will ensure that recipients actually want to hear from you, and they will be less likely to mark your emails as spam.
In addition, as required by The CAN-SPAM Act, any emails sent with the Paubox Marketing marketing tool include an “unsubscribe” button by default.
Include your physical address
The CAN-SPAM Act also requires you to include your physical address in your marketing emails. Fortunately this is a required field in Paubox Marketing, so you will not be able to send an email without it.
HIPAA is often seen as a roadblock to implementing many digital marketing strategies, but it doesn’t have to be. Paubox Marketing, our HITRUST CSF certified solution, is the best tool for sending HIPAA compliant email marketing available today.