LuxSci

17 Questions To Ask Yourself Before You Send A HIPAA-Compliant Marketing Email

Published: March 10th, 2017

You’ve just been told that you need to rethink your entire email marketing system. Your attorney and compliance specialist are both telling that you need implement HIPAA-compliant email marketing.

Your starting point is to break down that goal into two components: business goals and HIPAA compliance. Your email marketing has to achieve your business goals like providing fast customer service and generating more appointments. Next, you need to put HIPAA compliant systems and processes in place.

Use these 17 questions to review your email marketing aligns with your business goals and HIPPA.

HIPAA-compliant email marketing

Image by Nick Youngson

What Results Do You Want From Your Email Marketing?

Let’s get started with creating an email that serves your business goals. Use these questions as a “monthly review” to keep your emails on track.

1. Why am I sending this email?

For the best results, each email you send should have a single purpose. I know what you’re thinking – my customers and patients are smart, they can handle multiple points in a single message. A single goal is the best way to go for your emails.

Why?

Your email is one of dozens or hundreds received by your patients. If your email is long and overly complicated, the reader may skip over it or simply delete it.

2. What is the recipient’s awareness level?

Whether you are selling medical devices, technology or anything else, it is important to understand your prospect’s awareness levels. If you are writing an email to introduce a brand new product, keep it simple and avoid technical jargon. On the other hand, if you’re writing an email to experienced, highly knowledgable readers, going into greater depth makes sense.

3. Is my email’s subject line interesting?

The email subject line is the most important part of your email. It “sells” people on why they should open the message and read what you have to say. Yet many people use terrible, ineffective subject lines and wonder why their emails are failing to produce results. By the way, the sample principle also applies to blog posts – headlines matter.

For the best results, write up three to ten subject lines for your next email. Then step away from your computer for 5-10 minutes. Come back and then choose the subject line that suits you best.

Consider these examples to check your understanding:

Ineffective Email Subject Lines

  1. Blank (i.e. you write nothing in the subject line)
  2. Clinic Newsletter (i.e. tell them more – what’s theme for the month?)
  3. Overusing exclamation marks!!!

Effective Email Subject Lines (These examples are based on a dental practice):

  1. BRAND-NEW dental product released today
  2. How to cut down on your health insurance paperwork
  3. [Case Study] How We Helped 3 Ex-Smokers Get White Teeth

4. For Transactional Emails: Is The Transaction Clear?

Let’s define transactional email:

Transactional emails are usually triggered based on a customer’s action with a company. (Wikipedia)

If you are sending a message to provide a receipt, for example, then make that clear in the subject line and the opening lines of the note. You may want to provide a link to download a secure PDF receipt as well. To distinguish these emails from others, consider adding a phrase such as “(RECEIPT)” in the subject line.

Th clearer you are, the better your results will be.

5. For Transactional Emails: Am I Equipped To Send These In A Timely Way?

Patients and customers expect fast service. That expectation extends to receiving timely updates on order confirmations and receipts. The best way to fulfill this expectation is to use an automated system that sends transactional emails within 24 hours (but preferably within minutes or seconds) of providing the service. If there is a delay in preparing the email – which may happen with complex services – let your patient know there is a delay.

6. For Newsletters: Would The Reader Miss Receiving This Newsletter?

Do you have a favorite magazine that you receive each week or each month? For me, it’s The Economist. If you have a favorite publication, you know the anticipation when you open your mailbox and see the next issue. That’s the feeling you want to generate with your email.

If you never receive replies or comments about your newsletter, that’s a wakeup call to revise your approach. A forgettable newsletter does nothing for your business.

7. For Newsletters: Is It Easy To Share With Others?

Referrals are one of the best ways to grow your business. With the right approach, your email newsletter is an excellent method to encourage referrals.

You can put this principle into action by including links in each issue to encourage recipients to share the newsletter with another person. For example, if you provide a newsletter edition on wellness tips for runners, you could encourage readers to share that issue with their running friends.

8. Have I Tested My Message For Reading Ease?

Do you know one of the reasons that Hemingway was popular? He wrote short sentences or many short phrases. His sentences were easy to understand. There was no jargon, abbreviations or “insider” terms. When in doubt, keep your writing short.

When you’re deeply involved in the details of your business, you may forget just how much specialized jargon and language you use. There’s a simple solution. Use a tool like the Text Readability Consensus Calculator.

9. Have I Tested My Message’s Spam Score?

There are bad actors in the world of email marketing. In fact, a whole novel – “419” by Will Ferguson – has been written about one category of misleading and unethical email. Those abuses have triggered a vast infrastructure of anti-spam tools and technologies.

If you’re not careful, your email marketing may be trapped by these tools. To test if your next message may be perceived as SPAM, use a tool like IsNotSpam.

10. Have I Sent My Message To a Test Email Account?

If you’ve followed all of the advice above, you’re almost ready to hit SEND… There’s just one more test you need to check.

Send a test email to one of your own email accounts. This is the best way to see what if your email is clear and readable once it is received. In particular, make sure you test all of the links in the email. A bad link frustrates customers and costs you sales. Even better, send the test email to somebody else on your team and ask for their opinion about the clarity of the message.

HIPAA-compliant Email Questions

If your organization requires HIPAA-compliant email, use these questions to inspect your email marketing for compliance. Note that we cannot provide legal advice. However, these questions will serve to identify some of the most common points of failure.

11. Do you have security controls to protect access to your email marketing system?

HIPAA-compliant email comes with high expectations for cybersecurity. As a starting point, check your internal security processes for access restrictions. For example, do you restrict access to your email marketing system to those people who truly need access?

Resource: What exactly does HIPAA say about Email Security?

12. Do you have an documented procedure to guide your HIPAA-compliant email marketing?

It’s not a good idea to “wing it” when it comes to HIPAA-compliant email. To protect your organization from compliance mistakes, develop an email marketing procedure. If you’re starting from scratch, use the answers to the questions in this article to create your first procedure.

For additional background, reference our other articles such as What is HIPAA-compliant Email Marketing?

13. Do you have a current HIPAA-compliant privacy policy?

Many companies use a privacy policy template, publish it on their website and move on. That’s not going to cut it for HIPAA-compliant email marketing. You need to specifically describe your approach to fulfilling HIPAA requirements in your policy. As a best practice, make a note to update this policy annually as new government regulations and legislation appear.

Resource: For an example approach, take a look at LuxSci’s efforts to enhance our privacy policy – LuxSci Strengthens Its Privacy Policy.

14. Do you know your organization’s PHI and ePHI?

If you’re unclear on the meaning of these HIPAA terms, it’s time to brush up on your knowledge. Anyone who sends email on behalf of the organization needs to know these terms and what they mean for your email marketing. Tip: Translate “PHI” and “ePHI” requirements into your organization’s context by listing the PHI and ePHI typically handled in your business. Those examples will help your staff navigate HIPAA-compliant email requirements.

Resource: For additional background on this topic, read our articles: What exactly is ePHI? and Can I share my patient list with my marekting company?

15. Do you have a required training process for anyone sending HIPAA-compliant email?

Your HIPAA-compliance program is only as strong as your weakest link. If you hire someone next week who will send email to patients and customers, they need to be trained on HIPAA. It’s a specialized area and you cannot expect new hires to understand these requirements and your approach without training.

16. Do you have effective protection against malware and viruses?

If you needed any encouragement to improve your anti-virus/anti-malware practice, thank HIPAA-compliance requirements. To protect yourself and your customers against threats, start with these two points:

  1. Do you have anti-virus and anti-malware protection running on all of your organization’s devices?
  2. Does your email marketing provider have protection in place to guard against malware and other threats as per HIPAA?

17. Do you have valid HIPAA compliance Business Associate Agreements in place?

It’s normal to outsource activities like email marketing to a service provider. However, you still have responsibility for choosing a professional HIPAA-compliant provider especially in areas like email marketing. Your first step should be to ask whether your email service provider has a HIPAA-compliant business associate agreement in place.

Take Action Today:

Print a copy of this article to your next team meeting to check if your email marketing needs to be HIPAA-compliant. If so, is it compliant now?

Leave a Comment


You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.