Sending HIPAA compliant email with Infusionsoft
by Hoala Greevy Founder CEO of Paubox
Last Friday, we got an email from one our customers that began with:
Is there a way to use Paubox and email marketing automation?
We use Paubox to secure our emails with patients that discuss PHI, and we’re working to automate some of the email communications that we have with patients. We’ve found that solutions like Salesforce and InfusionSoft will sign BAAs and secure PHI that is on the platform, but they have no way of securing the emails that are triggered by the automation campaigns.
Since their office was nearby in San Francisco, I arranged to meet the CEO for coffee later that day.
Email Marketing for Clinical Trials
Here’s what I learned as I got to know the CEO and his startup over coffee:
- They are focused in the clinical trials space
- They are looking to do complex email marketing campaigns that contain protected health information
- Only a few email marketing automation vendors will sign a Business Associate Agreement. Infusionsoft and Salesforce Marketing Cloud are among them.
- None of the email marketing vendors that will sign a BAA actually include support for sending HIPAA compliant email
Email Marketing Automation
Put simply, Marketing Automation refers to software that automates marketing actions.
When it comes to Email Marketing Automation, it refers to software and tactics that allow organizations to nurture prospects with highly personalized, useful, timely, email content that helps convert them to customers.
In a nutshell, patient engagement is any activity or tool a medical professional can use to engage people and get them involved in their own health care.
In the case of U.S. Healthcare, Email Marketing Automation is nearly non-existent.
Here’s why I think this is so:
- Highly personalized, useful content more than likely means protected health information (PHI) is involved
- If an email contains PHI, it falls under HIPAA compliance regulations
- To open and read a HIPAA compliant email, secure email vendors nearly always introduce an incredible amount of friction (e.g., portals, app downloads, plugins, PGP keys, etc)
- Email Marketing is not designed to allow friction. Even the slightest introduction of it will result in the message not even getting opened, let alone read
HIPAA Compliant Email Marketing Automation
With this context in mind, our customer asked me to see if we could figure out how to integrate Paubox with either Infusionsoft or Salesforce Marketing Cloud.
During our Monday staff meeting this week, I learned we recently helped a new customer, Boost Bariatrics, integrate the Paubox Email API with Infusionsoft.
Infusionsoft, now known as Keap, offers a subscription-based, all-in-one sales and marketing SaaS product for small businesses with fewer than 25 employees.
Integrating Infusionsoft with Paubox
Based in Texas, Boost Bariatrics helps grow bariatric programs with marketing automation. The reason Boost Bariatrics chose Infusionsoft was because of its ability to create powerful automations and campaigns. They were unable however, to use Infusionsoft to send encrypted, HIPAA compliant emails. Keep in mind, that’s precisely the issue our Clinical Trials customer is facing.
To get the Paubox Email API working with Infusionsoft, Boost Bariatrics found an intermediary service called WeDeliver. WeDeliver specializes in allowing Infusionsoft users to send email via third party email services like Paubox.
After signing up for WeDeliver and following their documentation, we worked together with Boost Bariatrics to successfully integrate Paubox SMTP Server API with Infusionsoft, with WeDeliver sitting in the middle of the data exchange.