HIPAA compliant email marketing campaigns explained

Featured image

Share this article


woman sitting on couch with tablet

With Americans receiving an average of 2,000 robocalls per second, healthcare organizations face new headwinds around secure patient outreach.

Since many people don’t answer calls from an unrecognized number, how do healthcare marketing managers fulfill patient communication requirements?

To meet this need there is an emerging trend in US healthcare: HIPAA compliant email marketing campaigns.

To get on the same page, we’ll cover some general terms first, and then we’ll segue to the heart of the post: why you should use Paubox’s HIPAA compliant email marketing solution, Paubox Marketing, to grow your healthcare business.

Table of contents:

A refresher on HIPAA compliance

Can I use TowerData and be HIPAA Compliant? - Paubox

The term HIPAA compliance can be thought of in three parts which work together:

  • HIPAA privacy rule
  • HIPAA security rule
  • Business associate agreement

The HIPAA privacy rule created a set of national standards to safeguard Americans’ health information. HIPAA regulations around marketing are defined within the privacy rule.  We explain HIPAA’s definition of marketing in detail in this post.

In short, the privacy rule allows a covered entity to disclose protected health information (PHI) to a business associate if the business associate uses the PHI only within the scope of its engagement with the covered entity.

The HIPAA security rule sets out what protections must be in place to defend electronic PHI (ePHI), which is protected health information stored or transmitted electronically.

A business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required for HIPAA compliance. At a minimum, there are 10 provisions that must be covered by a BAA.

In a nutshell, if you are using a third party (i.e. a business associate) to transmit or host PHI, they are required by law to sign a BAA with you.

HIPAA compliant email and encryption

What does it mean to be a Business Associate? - Paubox

When it comes to email, both covered entities and business associates are required by law to take reasonable steps to protect PHI while it is transmitted and while it is stored. These concepts are known as encryption in-transit and encryption at-rest.

An important fact to know is that once an email reaches the recipient, the obligation of the sender ends and it becomes the recipient’s job to secure any PHI he or she has in his or her inbox.

Read More: HIPAA Compliant Email: A Complete Guide

What makes an email marketing campaign HIPAA compliant?

Doctor searching for best hipaa compliant email service

In order to send HIPAA compliant email newsletters, healthcare providers must:

  • Sign a BAA with their marketing vendor
  • Properly safeguard all data stored at-rest, as it invariably will contain PHI
  • Use a marketing solution that is capable of sending HIPAA compliant email

The most common email marketing tools do not cover these bases. For example, Mailchimp, one of the most popular email marketing tools, will not sign a BAA. And although Campaign Monitor will sign a BAA, it will not let you use the service to send email containing PHI.

In fact, of the 17 email marketing vendors we looked at, only one of them would both sign a BAA and allow customers to actually send HIPAA compliant email marketing. However, the vendor still requires recipients to log into a portal to view their emails (which adds a ton of friction).

To meet this market need, we have developed Paubox Marketing, our HITRUST CSF certified email marketing solution.

To our knowledge, Paubox Marketing is the only solution on the market that allows healthcare providers to send properly encrypted marketing messages which contain PHI like regular emails – with no extra steps for the recipient.

When does an email newsletter have to be HIPAA compliant?

Healthcare organizations have been sending email newsletters for years.

However, the standard marketing tools only allow healthcare providers to send generic communications and massive blasts which contain no personally identifiable information, and therefore they cannot be targeted to individuals.

You cannot use off the shelf products to deliver personalized emails with information specific to your patients’ treatment or health goals. This makes your marketing emails less effective.

In contrast, Paubox Marketing allows you to segment and send secure email including PHI to increase engagement and build your business while remaining HIPAA compliant. What’s more, patients view marketing emails like regular emails without relying on outdated portal notifications which are terrible for the recipient.   

HIPAA compliant email marketing uses

Is GetResponse a HIPAA Compliant Email Marketing Solution? - Paubox

HIPAA compliant email marketing can be used to achieve population health objectives.

For example, digital marketing managers can use Paubox Marketing to:

  • Email current patients for the purpose of maintaining their health and reminding them of recommended screenings
  • Reach out to the general population to mitigate health risks, such as a stroke or diabetes, and encourage people to come to their practice for treatment

In addition, healthcare providers can also use email for secure patient outreach. Some organizations are contractually obligated to provide outreach to their patients, and a HIPAA compliant email newsletter is a viable tool for this.

HIPAA compliant marketing providers

HIPAA Compliant Transactional Email - Paubox

Over the past 12 months, we’ve thoroughly researched the HIPAA compliant email marketing landscape.

In summary, the ample opportunity we see in this space led us to launch our own HIPAA compliant email solution, Paubox Marketing, which allows you to segment and send secure emails using your patient data to drive more engagement and results. All while staying HIPAA compliant.

Related Items:

Try Paubox Marketing for free and make your email marketing HIPAA compliant today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022