If you need to know what HHS considers healthcare marketing, we have all your answers here.
All emails containing PHI must be HIPAA compliant, and marketing emails must abide by the CAN-SPAM Act as well. However, HHS also requires an extra opt-in step for healthcare marketing emails. Read our blog for a quick guide to the rules and best practices
Does HHS allow healthcare marketing?
Yes. Covered entities can market to patients, but they must receive prior authorization.
What is a covered entity?
Covered entities are health plans, healthcare clearinghouses and healthcare providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.
How does The Privacy Rule define marketing?
- A communication about a product or service that encourages recipients of the communication to purchase or use the product or service.
- An arrangement between a covered entity and any other entity where the covered entity discloses protected health information to the other entity in exchange for direct or indirect remuneration.
- Communication about a product or service that encourages recipients of the communication to purchase or use the product.
Examples of healthcare-related messages that HHS considers marketing
- A communication from a hospital informing former patients about a cardiac facility that can provide a baseline EKG for $39, when the communication is not for the purpose of providing treatment advice.
- A communication from a health insurer promoting a home and casualty insurance product offered by the same company.
- A health plan selling a list of its members to a company that sells blood glucose monitors, which intends to send the plan’s members brochures on the benefits of purchasing and using the monitors.
- A drug manufacturer receives a list of patients from a covered healthcare provider and then uses that list to send discount coupons for a new antidepressant medication directly to the patients.
Email marketing use cases that are not considered “marketing” by HHS, but still must be HIPAA compliant
- Sending refill reminders or otherwise communicating about a drug that is currently being prescribed for the individual.
- Communicating about an individual’s treatment, including case management or care coordination for the individual, or to recommend alternative treatments, therapies or healthcare providers.
- Description of a health-related product or service (or payment for such product or service) that the covered entity has provided to a patient.
For detailed information on the HHS rules of healthcare marketing, you can visit the HHS Marketing FAQ.
Additional healthcare email marketing resources
- HIPAA compliant email marketing: What you need to know
- HIPAA compliant email marketing use cases
- [Webinar] HIPAA definition of marketing explained
- Why is mail scrubbing important for email marketing?
- HIPAA Compliant Email: The Definitive Guide
- Healthcare's Ultimate Guide to Gmail
- What is PHI?