by Chloe Bowen
Article filed in

HIPAA Email Marketing with Paubox Marketing: Best Practices

by Chloe Bowen

HIPAA Email Marketing with Project Orca: Best Practices

Paubox specializes in HIPAA compliant email with zero-step encryption for both senders and recipients. Our newest product, Paubox Marketing, allows you to go one step further.

With Paubox Marketing healthcare providers can not only send direct emails to patients, but to also send HIPAA compliant email marketing campaigns which include protected health information (PHI).

In an effort to ensure success for our clients, here is some advice on what to do before you start including patient data in your communications with patients or potential patients.

Send a warm up email to confirm recipients’ email addresses before you send any PHI

Paubox recommends that you send everyone on your email list a message asking them to confirm their identity before you send any marketing which includes personally identifiable information.

Here is a basic templated email that you can feel free to duplicate and edit to fit your needs:


Hello [First Name],

You have previously indicated that you would like to correspond with [Healthcare Provider Name] via email regarding your healthcare. Our records indicate that this email address belongs to [First Name] [Last Name].

If you are not [First Name] [Last Name], please reply to this email and we’ll update our records accordingly.


Paubox Marketing makes it easy to include smart text in a message, which allows customers to insert audience field data (such as first and last name) without the need to learn any programming syntax.

Have patients opt in to marketing emails

HIPAA has a specific definition for marketing.  We explain in detail in this post.

If you are using Paubox Marketing to send true marketing emails, such as email newsletters or promotional material, make sure your patients authorize receiving messages from you.

If you have a button on your website to subscribe to your email list for example, you must inform your patients that they will be receiving emails related to marketing activities, and remind them why they opted in for your emails (i.e. news from your practice, promotional gifts or discount coupons, etc.).

Use a “send from” address that is monitored by a real human

Do not send email from “no-reply@yourdomain.com” or any other email address that will not be read by someone on your team.

Our customers have told us that they are concerned about the accuracy of the email addresses they have on file for their patients, so it’s important that recipients can easily contact you if they are not in fact the person you think they are. Anyone who has an email account that is easily misspelled will tell you that they have received emails from people thinking they are someone else.

The “send from” email address can easily be edited in Paubox Marketing‘s admin panel, so be sure to configure this properly before you send your first email.

Include an unsubscribe button

Having people confirm that they want to receive your emails will ensure that recipients actually want to hear from you, and they will be less likely to mark your emails as spam.

In addition, as required by The CAN-SPAM Act, any emails sent with the Paubox Marketing marketing tool include an “unsubscribe” button by default.

Include your physical address

The CAN-SPAM Act also requires you to include your physical address in your marketing emails. Fortunately this is a required field in Paubox Marketing, so you will not be able to send an email without it.

HIPAA is often seen as a roadblock to implementing many digital marketing strategies, but it doesn’t have to be. Powered by Paubox’s HITRUST CSF certified API, Paubox Marketing is the best tool for sending HIPAA compliant email marketing available today.

Try Paubox Marketing for free and make your email marketing HIPAA compliant today.
Copy link
Powered by Social Snap