7 easy steps to include PHI in marketing emails

image of email marketing icon and woman's hands taking notes
7 steps

Learn how you can send protected health information (PHI) in healthcare email marketing in 7 simple steps in our blog.

Using PHI to personalize healthcare marketing emails can be transformative for your patients. It allows you to talk to them about specific conditions, treatment options and advice. The impact can be life-changing.

However, you cannot send PHI in email unless it’s HIPAA compliant. Read on to learn how to reach your patients through personal and HIPAA compliant email marketing in 7 simple steps.

Read more

7 easy steps to include PHI in healthcare email marketing

1. Use a HIPAA compliant email marketing platform, like Paubox Marketing

2. Send a warm-up email to confirm recipients’ email addresses before you send any PHI

Before sending any marketing messages that include PHI, send everyone on your email list a message asking them to confirm their identity. This is the perfect way to ask them to opt in as well. 

3. Have patients opt in to marketing emails

If you plan on sending emails that fall under HIPAA’s definition of marketing, ensure your patients authorize receiving messages from you by:

  1. Obtaining opt-in authorization for marketing emails, as required by the HHS
  2. Including the CAN-SPAM Act unsubscribe option for all marketing messages

A double opt in is a route to consider to confirm identity and willingness to receive healthcare emails. 

4. Use a “send from” address that an actual human monitors

Do not send email from “[email protected]” or any other email address that someone on your team will not read. 

It is important that people can easily contact you if they are not the person you think they are. The “send from” email address can easily be edited in Paubox Marketing’s admin panel, so configure this properly before sending your first email.

5. Include an unsubscribe button

Having people confirm that they want to receive your emails will ensure that recipients want to hear from you and will be less likely to mark your emails as spam.

In addition, as required by the CAN-SPAM Act, any emails sent with the Paubox Marketing software include an “unsubscribe” button by default.

6. Include your physical address

The CAN-SPAM Act also requires you to include your physical address in your marketing emails. Fortunately, this is a required field in Paubox Marketing, so you will not be able to send an email without it.

7. In the case of Paubox Marketing, include a footer that states the email is secured by a HITRUST CSF certified product

Give your recipients peace of mind, knowing that you are keeping their PHI secured. 

Additional healthcare email marketing resources

Download: Healthcare’s Guide to HIPAA Compliant Email Marketing

Young woman wearing glasses sitting in front of laptop computer while smiling and typing.

Healthcare’s solution to personalized patient email marketing

Paubox Marketing is a breakthrough product for your healthcare MarTech. Now you can finally include PHI in healthcare marketing emails and remain HIPAA compliant. Start getting higher open rates today!

HIPAA compliance and email marketing

Doctor reviewing email

HIPAA compliance and email marketing have traditionally been a source of friction for healthcare marketers. Personalized email is transformative, but the critical security measures governing HIPAA compliance and email create cumbersome obstacles for marketers.

However, thanks to recent advances, healthcare marketers can now take advantage of the most powerful channel available to marketing professionals today: email. Please read our blog to find out more.

Read more

Healthcare email marketing is good for patients and your ROI

The average marketing return on investment (ROI) for email marketing is $42 for every $1 spent. 

While other digital channels have ever-changing algorithms that force marketing departments to pivot tactics, email marketing is the workhorse of dependable modern communication. As a matter of fact, 90% of U.S. adults use email, making it the standard digital communication channel.

But, it’s one workhorse that never really made it out of the stable in healthcare. Instead, to communicate directly with patients, healthcare marketers are saddled with two equally limiting options:

  1. Leverage expensive or outdated channels like direct mail or call center
  2. Direct messaging through patient portals that are so cumbersome and frustrating to use that two-thirds of patients don’t even bother to access their messages 

However, when you understand that the average cost of a data breach involving electronic protected health information (ePHI) is $9.3M, it’s understandable that healthcare puts up with the abysmal but low-risk communication channels at their disposal. 

Protect and grown the health of your organization with Paubox
Protect and grown the health of your organization with Paubox

Here’s some good news. There is a third option.

New patented technology coming out of the gates is giving healthcare the reins to leverage secure email marketing that is HIPAA compliant and provides an excellent end-user experience.  

You can now send personalized messages that contain PHI to patient inboxes without portals, passcodes or plugins. It’s easy for you and your customers. 

HIPAA compliance and email marketing don’t have to be mutually exclusive. 

Download our definitive playbook for HIPAA compliant email marketing and learn how to take advantage of the most powerful marketing channel available today while driving the long-term success of your organization.

Meet patients where theyre at

Additional healthcare email marketing resources

Download: Healthcare’s Guide to HIPAA Compliant Email Marketing

Young woman wearing glasses sitting in front of laptop computer while smiling and typing.

Healthcare’s solution to personalized patient email marketing

Paubox Marketing is a breakthrough product for your healthcare MarTech. Now you can finally include PHI in healthcare marketing emails and remain HIPAA compliant. Start getting higher open rates today!

What does HHS consider healthcare marketing? 

What does HHS consider marketing?
What does HHS consider marketing?

If you need to know what HHS considers healthcare marketing, we have all your answers here.

All emails containing PHI must be HIPAA compliant, and marketing emails must abide by the CAN-SPAM Act as well. However, HHS also requires an extra opt-in step for healthcare marketing emails. Read our blog for a quick guide to the rules and best practices

Read more

Does HHS allow healthcare marketing?

Yes. Covered entities can market to patients, but they must receive prior authorization. 

What is a covered entity?

Covered entities are health plans, healthcare clearinghouses and healthcare providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. 

How does The Privacy Rule define marketing?

  1. A communication about a product or service that encourages recipients of the communication to purchase or use the product or service. 
  2. An arrangement between a covered entity and any other entity where the covered entity discloses protected health information to the other entity in exchange for direct or indirect remuneration.
  3. Communication about a product or service that encourages recipients of the communication to purchase or use the product.

Examples of healthcare-related messages that HHS considers marketing

  1. A communication from a hospital informing former patients about a cardiac facility that can provide a baseline EKG for $39, when the communication is not for the purpose of providing treatment advice. 
  2. A communication from a health insurer promoting a home and casualty insurance product offered by the same company. 
  3. A health plan selling a list of its members to a company that sells blood glucose monitors, which intends to send the plan’s members brochures on the benefits of purchasing and using the monitors. 
  4. A drug manufacturer receives a list of patients from a covered healthcare provider and then uses that list to send discount coupons for a new antidepressant medication directly to the patients. 

Email marketing use cases that are not considered “marketing” by HHS, but still must be HIPAA compliant

  • Sending refill reminders or otherwise communicating about a drug that is currently being prescribed for the individual. 
  • Communicating about an individual’s treatment, including case management or care coordination for the individual, or to recommend alternative treatments, therapies or healthcare providers. 
  • Description of a health-related product or service (or payment for such product or service) that the covered entity has provided to a patient. 

For detailed information on the HHS rules of healthcare marketing, you can visit the HHS Marketing FAQ.

Additional healthcare email marketing resources

Download: Healthcare’s Guide to HIPAA Compliant Email Marketing

Young woman wearing glasses sitting in front of laptop computer while smiling and typing.

Healthcare’s solution to personalized patient email marketing

Paubox Marketing is a breakthrough product for your healthcare MarTech. Now you can finally include PHI in healthcare marketing emails and remain HIPAA compliant. Start getting higher open rates today!

Demystifying PHI for healthcare marketers 

image of hand on keyboard with healthcare icons

Demystifying PHI for healthcare marketers is key to sending impactful email marketing while remaining HIPAA compliant. PHI is protected health information. When in electronic form, it’s often referred to as ePHI.

PHI includes the personal and private patient information entrusted to organizations caring for those clients and patients. Leaked ePHI can be devastating if it gets into the wrong hands. 

As a marketing professional, it’s vital to honor the personal nature of this data. Protecting PHI while communicating information of value is a core value in good healthcare marketing.

Learn how to keep PHI safe while also reaching out to your patients with personalized HIPAA compliant email marketing here.

Read more

What is PHI exactly? 

  • An individual’s past, present or future physical/mental health or condition
  • The provision of healthcare to the individual
  • The past, present or future payment for the provision of healthcare to the individual

Download: Healthcare’s Guide to HIPAA Compliant Email Marketing

Demystifying PHI for healthcare marketers

Sensitive patient information getting into the wrong hands is a gross breach of trust and can devastate those whose information is leaked. That’s where HIPAA comes in. The spirit of the law is designed to safeguard the public from harm such as blackmail, fraud, reputation damage and the psychological damage of violating personal privacy. 

How can I tell what information is PHI? 

In a nutshell, PHI is any characteristic that can uniquely identify individuals during the course of their care. There are 18 unique patient identifiers that HHS recognizes as PHI. 

The 18 unique identifiers of PHI

  1. Names
  2. Social security numbers
  3. Vehicle identifiers
  4. Addresses
  5. Medical record numbers
  6. Device identifiers
  7. Email addresses
  8. Health plan beneficiary numbers
  9. Web URLs
  10. Telephone numbers
  11. Account numbers
  12. IP addresses
  13. Fax numbers
  14. Certificate/license numbers
  15. Finger or voice prints
  16. Photographic images
  17. Any other characteristic that can uniquely identify an individual
  18. All elements of dates (except years) related to an individual birth, admission, discharge, age and death

Can you see why a marketing professional would steer clear of personalized email messages?

The U.S. Department of Health and Human Services’ (HHS) Security Rule stipulates “appropriate administrative, technical and physical safeguards” must be in place to ensure “the confidentiality, integrity and availability of” ePHI. 

Can being a member of an email marketing list be considered a unique identifier?

Yes. Because a segmented list can indicate that the recipients have the condition discussed in the email. A segmented list falls under, “Any other characteristic that can uniquely identify an individual.”

Can I send PHI in my current email marketing software?

To date, the vast majority of email marketing software products do not have the level of encryption needed to be HIPAA compliant. As an unencrypted email journeys to its destination, it can be intercepted and read in plain text by hackers and some government entities. Email messages must be encrypted to be secured and HIPAA compliant. 

When email reaches the recipient’s inbox it is their responsibility to secure any PHI in their inboxes. The sender is not responsible for PHI at the recipient’s inbox. *This is important to note!

How to send healthcare marketing newsletters

A great way to help patients improve their health through better treatment compliance is by sending email newsletters with advice, treatment options and encouragement for their specific condition. There are two ways to do this.

  1. Send it to your entire practice so a group with a specific condition is not recognized, or 
  2. Use a HIPAA compliant email solution, like Paubox Marketing, that ensures segmented newsletters are HIPAA compliant and secure.

You must have a business associate agreement (BAA) with any vendor that has access to your patients’ personal information, and that includes email marketing providers. 

A BAA is a signed document where the business associate takes on the responsibility of keeping your clients’ information safe and explaining how it will do so. In addition, it outlines the steps it will take in case of a breach. 

Why email in healthcare is powerful 

Imagine the power of easily connecting with individuals and groups through email containing protected health information. This approach is a tremendous improvement for healthcare providers and a powerful asset for under-resourced employees. In the past, healthcare was at a considerable disadvantage because solutions that addressed issues of HIPAA compliance and security in email communication were either non-existent or provided a woefully inadequate user experience. 

Finally, new technology has opened the door for frictionless email communications that are HIPAA compliant, provide maximum security and are HITRUST CSF certified. 

Additional healthcare email marketing resources

Young woman wearing glasses sitting in front of laptop computer while smiling and typing.

Healthcare’s solution to personalized patient email marketing

Paubox Marketing is a breakthrough product for your healthcare MarTech. Now you can finally include PHI in healthcare marketing emails and remain HIPAA compliant. Start getting higher open rates today!

25 HIPAA tips for healthcare marketers in 25 minutes

Access the webinar replay

Paubox Marketing at HCIC in Miami

Paubox staff at HCIC
The Paubox team – Brittany Woo, Anne-Marie Sullivan and Brenna Sohl – met up with Greg Gossett, Founder and CEO of HealthAware.  HealthAware provides health risk assessments and patient engagement solutions to raise disease awareness and persuade healthcare interaction.

Paubox Marketing was on display for healthcare marketers gathering in Miami last week during a fantastic HCIC 2022 event. Our team was excited to share the much-needed solution developed specifically for healthcare email marketing. Now organizations can send HIPAA compliant emails personalized with protected health information (PHI) to patient segments without portals, plugins or extra logins. Many Paubox Marketing members have seen open rates of over 70% and increased patient engagement, which lead to better outcomes.

Read on to learn more about the healthcare marketing experts at the conference, how HCIC 2022 and the incredible lineup of speakers are creating better patient outcomes through content, analytics and expertise, and how Paubox Marketing can be a powerful addition to your MarTech stack.

Read more
Kathy Divis, president and co-founder of Greystone.net. Great event, Kathy!

The best of healthcare marketing

Greystone.net put on an outstanding event that brought together a community dedicated to improving patient outcomes and experiences through technology, expertise and partnerships. Paubox‘s Brittany Woo presented “5 Best Practices for HIPAA Compliant Email Marketing.” In addition, other industry-leading experts like Stuart Dill, SVP of Marketing and Engagement at Vanderbilt University Medical CenterAmanda Todorovich, Executive Director for the Cleveland Clinic; and Jay Schwedelson, President and CEO of Worldata, to name a few, gave insightful presentations to improve and elevate healthcare marketing for better patient experiences and outcomes.

SEE ALSO: HIPAA Compliant Email: The Definitive Guide

Jay Schwedelson came to present right off the heels of a successful inaugural Guru Conference 2022 and HubSpot’s Inbound Conference. Brenna and I were at both and highly recommend them. Make sure to subscribe to Jay’s Inside Scoop and hit Guru Conference next year!

What is HCIC?

HCIC brings healthcare marketing leaders across the full array of marketing specialties together to refocus marketing and digital efforts while lifting up marketing teams and organizations after a tough couple of years. It is a phenomenal conference for marketers to learn, collaborate and advance healthcare’s digital transformation. This year’s conference was at the beautiful JW Marriott Miami Turnberry Resort & Spa.

HCIC brings in today’s top healthcare marketing experts

Do you like piña coladas? Paubox has a tradition of giving away airfare for two to Hawaii at events. Our Founder and CEO, Hoala Greevy, founded Paubox in Hawaii before moving the company headquarters to San Francisco. Paubox also supports native Hawaiian students going into STEM through the Kahikina Stem Scholarship.

The power of story to communicate and heal

Stories are powerful teachers that connect us across generations and geographies. Jen Jenkins, Web Content Manager at the University of Utah Health, and Angie Toomsen, AVP, Brand and Creative for Stamats, gave an outstanding presentation on weaving stories through intentional design and content for impactful and positive marketing.

SEE MORE: HIPAA definition of marketing explained

5 best practices for HIPAA compliant email marketing

Brittany Woo of Paubox and Tony Cox, CIO of Henderson Behavioral Health, presented on 5 Best Practices of HIPAA Compliant Email Marketing. And Tony just got married. Congratulations from all your friends at Paubox, Tony. We are so happy for you!

Brittany Woo of Paubox sharing information with the healthcare marketing community.

Email marketing drives the strongest ROI of any marketing channel, returning $42 on average for every $1 spent, and it’s an essential tool for building personalized marketing journeys that drive results. The Paubox session highlighted how to effectively integrate personalized email tactics in your marketing strategy while navigating HIPAA regulations around PHI. The session broke out five essential best practices that can turn email marketing into a productive and profitable marketing channel for any healthcare marketing team. In particular, the presenters covered:

  • Why personalized email is critical, along with best practice tips
  • Navigating HIPAA requirements for email marketing
  • Best practice email templates for engaging patients, donors and other target audiences

Connecting patients to community and improving outcomes

This year’s two significant takeaways from HCIC are the undeniable momentum toward using analytics to improve patient care and outcomes and the push to build meaningful support communities, such as what the innovative disrupter InTandem Health is bringing to the table.

Find out more about HIPAA compliant email marketing with Paubox

  • HIPAA compliant, personalized marketing campaigns
  • Guaranteed encryption for marketing emails
  • Securely send protected health information (PHI)
  • Emails delivered directly to the inbox
  • Design editor with drag-and-drop tools and smart text
  • Automated email campaigns
  • Optimized email deliverability
  • Target audiences based on your custom field data
  • Secure calendar invites
  • Send unlimited emails

Meaningful patient engagement through email

Paubox humanizes your patient emails with PHI-personalized content while remaining HIPAA compliant

HCIC 2022: 5 Best Practices for HIPAA Compliant Email Marketing

What you’ll learn

This session, hosted by the healthcare email marketing experts at Paubox, will highlight 5 essential best practices that can turn email marketing into a productive and profitable marketing channel for any healthcare marketing team. You’ll learn:

  • The importance of personalization in email marketing and tips for delivering it
  • HIPAA requirements related to email and how to navigate them
  • Best practice email templates for engaging patients, donors and other target audiences

Access the webinar replay

Our Zoom social mixer for Paubox Marketing

Our Zoom social mixer for Paubox Marketing

Yesterday we held a Zoom social mixer that focused on Paubox Marketing, our HIPAA compliant email marketing solution.

The premise for a Zoom social mixer is simple, we gather customers and prospects together online and we make sure we deliver a beverage or food of their choice. There’s quite a bit of legwork involved, as we’re often sending deliveries to three or four time zones.

See also: Our playbook for Zoom social mixers

Paubox Marketing Zoom Social Mixer

As we’ve done since our first zoom social mixer, we ask each attendee two questions: “what do you want to drink or eat?” and “where do we send it?”

As we’ve continuously improved, we’ve also queried our guests what they’d like to talk about. This has been a wise move, as our regular attendees now view our Zoom social mixers as opportunities to network with peers, discuss trends, and learn new things.

During yesterday’s Paubox Marketing Zoom social mixer, we covered the following:

  • A marketing stunt we did at HIMSS 2016 in Las Vegas.
  • Lilly Ohno, our Product Marketing Manager, did a comprehensive demo of some the new features we’ve recently added to Paubox Marketing.
  • We got positive feedback on the user experience (UX) of our new email marketing composer, as well as some interest in pre-populating Paubox Marketing with stock photos.
  • One of our customers, who had to leave early, had this to say in Zoom chat: “Unfortunately I cannot stay the rest of the time but have really enjoyed Paubox, how responsive you are, the excellent services you provide, and the friendliness of your employees. Thank you for putting this on, and I hope there will be another in the future!”
  • When Lilly showcased our new drip marketing features, there were several requests to show more advanced options, such as creating custom drip workflows based on particular links being clicked in a campaign.
  • When it comes to providing a sort of form or widget so that visitors to a site can sign up for a newsletter and get directly added to a Paubox Marketing list, about half the attendees thought it would be handy and half did not have a need for it.
  • There was a question of wanting to know what types of people are clicking on certain links, which could either be gleaned via the Paubox Marketing Analytics API endpoint or by download CSV reports.
  • There are continued requests to offer more granular user permissions for Paubox Marketing user roles. This is quite interesting to me, the various scenarios our customers and prospects are asking for.
  • When we queried the group for their need for a seamless, secure version of Paubox for HIPAA compliant texting, there was particular interest amongst the group. One of our customers remarked, “If you did that, some people at the top would be very happy with that.”

Paubox Marketing

Prior to its launch, healthcare providers were stuck with generic messaging because it was impossible to personalize email with patient information without violating HIPAA regulations.

Now you can send your patients personalized messages that include PHI using our HIPAA compliant email marketing service, Paubox Marketing.

  • Grow your business. Send targeted, personalized messages that resonate with your audience.
  • Increase patient engagement. Drive engagement by including PHI in your HIPAA compliant email campaigns to create personalized and relevant messaging.
  • Track results. Access real-time analytics to track marketing campaign performance.
  • Improve patient outcomes. Ensure that patients don’t miss vital treatment by sending email reminders and recommendations for additional services.

Paubox Marketing is HITRUST CSF certified and is free to use for up to 100 contacts.

The free plan also includes a business associate agreement.

Start for free today

Why is mail scrubbing important for email marketing?

rubber duck mail scrub

Mail scrubbing is important for email marketing success. It is the process of periodically removing inactive and non-engaged contacts from your email list. 

It is recommended that marketers scrub their email list a few times per year to help them maintain a good reputation and improve campaign performance. 

Keep reading to learn more about mail scrubbing and why it’s important. Plus, find out how HIPAA compliant email marketing can take healthcare providers’ efforts to the next level. 

Read more

Mail scrubbing is important to email marketing

One key advantage of mail scrubbing is improved deliverability. If a high percentage of emails are bouncing, that can affect your ability to reach the right people. It can even lead to penalties by email providers.

Mail scrubbing will ensure that more of your emails are getting to subscribers’ inboxes. Taking the time to remove any bounced email addresses will ultimately reduce those high bounce rates. 

Improve your email marketing metrics

Another benefit of mail scrubbing is better metrics. When inactive subscribers stay on your list, this negatively affects your click-through and open rates. By eliminating the subscribers who never engage with your campaigns, you will only be emailing people who you know are actually interested in your business.

Additionally, mail scrubbing will lead to more accurate reporting. When your email list is filled with unengaged subscribers, this can skew your metrics. Therefore, it can be difficult to truly determine how your email marketing strategy is performing. 

When you have a smaller list that’s genuinely interacting with your content, your statistics will be more precise. You can then confidently use that data to direct your future initiatives. 

When do you know it’s time to scrub your email marketing list?

One crucial sign that it’s time to scrub your email list is a drop in your open and click-through rates. If these numbers are regularly below the average rates for your industry, your list quality might need a closer look. 

Another red flag to look for is an increase in spam complaints, which can ultimately harm your organization’s reputation. This suggests that you may be sending irrelevant emails or not meeting your subscribers’ expectations in some other way. Whatever the case may be, those subscribers are better off removed from your list. 

On a similar note, try to pay attention to any jumps in unsubscribes. A greater amount of unsubscribes is also a warning that your content may not be aligning in some way with subscribers’ preferences. 

Boost healthcare email marketing results with Paubox Marketing

Mail scrubbing is an important practice, but it’s not a foolproof way to improve your marketing efforts. Healthcare providers can go one step further to create more meaningful connections with a HIPAA compliant email marketing platform. That’s where Paubox Marketing comes in. 

3 ways Paubox Marketing will help your healthcare email marketing

Prior to its launch, healthcare providers were stuck with generic messaging because it was impossible to personalize email with patient information while complying with HIPAA email rules. With Paubox Marketing, you can: 

  1. Boost patient engagement. Including protected health information (PHI) in your HIPAA compliant email campaigns allows you to create targeted and relevant messaging.
  2. Increase visibility. Paubox Marketing maximizes email deliverability, so emails avoid spam folders, and real-time dashboards identify the most impactful campaigns.
  3. Improve patient outcomes. Ensure that patients don’t miss vital treatment by sending email reminders and recommendations for additional services.

Paubox Marketing is HITRUST-CSF certified and free to use for up to 100 contacts. The free plan also includes a business associate agreement.

Additional healthcare email marketing resources

Young woman wearing glasses sitting in front of laptop computer while smiling and typing.

Healthcare’s solution to personalized patient email marketing

Paubox Marketing is a breakthrough product for your healthcare MarTech. Now you can finally include PHI in healthcare marketing emails and remain HIPAA compliant. Start getting higher open rates today!