by Hoala Greevy Founder CEO of Paubox
Article filed in

Value-Based Care: A New Paradigm for HIPAA Email Marketing

by Hoala Greevy Founder CEO of Paubox

As digital transformation percolates through US healthcare, value-based care is gaining traction as a popular alternative to the traditional fee-for-service model.

Value-based care started in 2008, when the Centers for Medicare & Medicaid Services (CMS) began emphasizing value-based, quality healthcare over the quantity of provider visits.

The US government is moving toward paying providers based on the quality (rather than the quantity) of care they give patients. This is part of CMS’s larger strategy to reform how health care is delivered and paid for.

The focus is on better care for individuals and better overall health for the population – at a lower cost.

In other words, the value-based care model reimburses healthcare providers based on the quality and cost of a patient’s care. Reimbursement criteria could include immunization rates, Medicare spending per patient, or a patient’s feedback on their experience.

After a score is calculated, CMS will either reimburse the provider on top of their typical fee-for-service payments, or penalize their Medicare revenue.

The net effect is this: Healthcare providers stand to lose millions of dollars a year if they score poorly with secure patient outreach and communication.

With so much at stake in a value-based care model, healthcare organizations still face the daunting task of making sure their patient outreach remains HIPAA compliant. This is especially true when it comes to HIPAA Compliant Email.

Try Project Orca for free and make your email marketing HIPAA compliant today.

The Arrival of HIPAA Compliant Email Marketing

In order to provide HIPAA Compliant Email marketing, two high-level requirements must be addressed:

  • Is the email data encrypted at-rest?
  • Is the email data encrypted in transit?

Most email marketing vendors today are cloud-based. That means that they store customer data in their cloud while customers access the service through a web browser. HubSpot, Mailchimp, and Constant Contact are examples of popular cloud vendors.

Healthcare organizations should be diligent in requiring their cloud-based email marketing vendors to sign a Business Associate Agreement (BAA). At a minimum, the BAA holds vendors accountable for storing their customers’ data encrypted at-rest.

Research has shown however, that a majority of email marketing vendors will not sign a BAA. In fact, Marketo, Mailchimp, HubSpot, Return Path, Zoho, and Campaign Monitor all fall into the category of being unable to sign a BAA with their customers.

For the few vendors that will sign a BAA, the next question is whether their service is capable of sending encrypted email. Let’s use Constant Contact as an example.

In their HIPAA Knowledge Base, we can see that while Constant Contact will sign a BAA, they do not allow their customers to actually send PHI via their platform:


“[You] Should not use our systems for transmitting highly sensitive PHI (for example: mental health, substance abuse, or HIV information). Our application was not built for electronic medical records (EMR). If you have such information to send, please do not use Constant Contact.”

In a nutshell, even though Constant Contact will sign a BAA, its customers are not actually allowed to use PHI to effectively market to their patient base.

Until recenlty, the only email marketing vendor that offered both a BAA and the ability to send encrypted email was Oracle Eloqua.

Upon taking a closer look at their documentation however, Eloqua appears cumbersome to setup and use. For example, it appears that recipients need to receive two emails in order to read a single email. Quite confusing indeed.

Project Orca

We can clearly see the momentous shift to value-based care in healthcare is driving a need for a proper HIPAA email marketing solution.

After months of diligent research and listening to customer feedback, we decided to build Project Orca, which is our solution to the need we see in the market for HIPAA Compliant Email Marketing.

Since its release on Christmas day, we’ve used customer feedback to drive its product roadmap.

As a result, we’ve added the following features to Project Orca:

We are intent on delivering superior value to our customers by using customer feedback as our product roadmap.

Try Project Orca for free and make your email marketing HIPAA compliant today.
Copy link
Powered by Social Snap