How to Run an Email Strategy that is HIPAA Compliant

How to Run an Email Strategy that is HIPAA Compliant

These days, privacy is everything. 

Everyone from Facebook to Apple is making changes to protect the privacy of their users, and more importantly — their customers. 

Leading the way for privacy is the Health Insurance Portability and Accountability Act, or HIPAA. Thanks to this, our sensitive medical information is kept private from anyone who doesn’t need to know. 

HIPAA has been around for a long time, and it’s here to stay. So how can you follow the law and still share important information with a relevant audience?

Start with Strategy

First thing’s first — we aren’t lawyers nor are we medical providers. We’re marketers.

We work with healthcare professionals to help identify what areas of their practice need support and what their unique KPIs are.

As a team, we identify what topics a healthcare provider specializes in and what topics folks are looking for in searches.

From there, it’s important to build up resources and website content for each KPI to serve those looking for information. Once the content is built, it’s time to share it with the world.

Emails are a great vehicle for distributing content, news or resources to your audience.

Building a strong audience is key for distributing the information you’ve worked so hard to build. So the question becomes: How do you run an email marketing strategy that’s HIPAA compliant?

Build Your Audience

First of all, communication with your existing patients regarding their treatment plan or personal information is best done privately on a secured network.

So how do you share your services and resources with potential future patients?

Content in any form — for any audience — is best served to those who ask for it. The best way to build your audience is to let people ask for it with a voluntary sign-up form. 

Utilize a paid lead ad, for example, or embed a form on your website allowing folks to opt in voluntarily to receive information they deem relevant for themselves.

It’s best practice to have a double opt-in process to confirm the contact understands what they’re signing up for, and to let them know they’ll be receiving information from you in the future. This process should include an opportunity to opt out and an overview of how their information will be used.

Remember that little thing called privacy we’re concerned about?

List building is the first and most important building block in any email strategy. Every single person in your database shouldn’t receive every single email you send. It’s important to segment the audience you’ve collected into different categories.

Have options for a blog feed, monthly newsletter, special offers or another specific email type. Let your audience segment themselves within your sign-up form. This will help you cater each email’s content to the appropriate audience.

Reach Your Audience

Now that you’ve got your audience established, it’s time to send some email.

Welcome emails

Sending a welcome email to contacts once they have signed up to join your list is a good place to start. It can be simple and look something like this:

healthcare subscription welcome email

Within your email marketing tool, there should be the option to create an automated email workflow that’s triggered by a form submission when a contact joins your mailing list.

Monthly newsletters

A monthly newsletter with new information about your practice is a great way to keep subscribers engaged month-to-month.

This can include any updates on new providers, overviews of different treatments offered, upcoming events or other educational resources developed as part of the monthly strategy. Here are some other examples of HIPAA-compliant emails.

  • Introducing a new facility/location
  • Introducing new treatment information
  • Highlighting new or existing staff members
  • Updating subscribers on a new insurance information
  • Sharing new blog posts or service content

Once a contact becomes a patient, any communication regarding their specific treatment plan should be done internally, and they should not be marked as a patient within your email marketing tool.

That being said, the same email best practices applied to any type of email marketing still apply to healthcare-specific email marketing, but there are a few things to keep in mind to make sure your email remains HIPAA compliant.

  1. Avoid any use of your contacts’ personal information — even so much as their first name. Keep the message general and inclusive. 
  2. Shy away from trying to “sell” them something, or any indication you’re marketing to them. Stick to purely providing information. Leave the next step up to the person receiving your email.
  3. Above all, don’t be deceptive. Be clear with your message and intent.

Learn More About Healthcare Email Marketing

We’re no stranger to email marketing, and you shouldn’t be a stranger to your audience either.

Healthcare emails have an average open rate of 23% — which is higher than almost all other industries — so it’s time that you capture that engagement for your own practice.

Win the Inbox With Email Marketing »