New Feature Announcements Archives

Archive for the ‘New Feature Announcements’ Category

How to Make Microsoft 365 HIPAA-Compliant

Friday, November 15th, 2024

For healthcare providers and organizations required to handle sensitive protected health information (PHI), ensuring HIPAA compliance in digital communications is critical.

While technology has improved significantly since the explosion of PCs in the 1990s, seminal Microsoft applications such as Word, Excel, and Outlook are as widely used and popular as ever. The current incarnation, Microsoft 365, is favored by many healthcare companies due to its renowned simplicity and accessibility – but it doesn’t meet HIPAA requirements straight out of the box.

With this in mind, this post will walk you through why Microsoft 365 isn’t inherently HIPAA-compliant, the steps required to achieve compliance, and how the LuxSci Secure Email Gateway provides a simple solution to the often-complex challenge of making Microsoft 365 HIPAA-compliant.

Why Microsoft 365 is Not HIPAA-compliant by Default

Before we detail how to make Microsoft 365 HIPAA-compliant, let us explain why it fails to meet HIPAA regulatory standards out-of-the-box.

Non-Compliant Versions: first and foremost, not all versions of Microsoft 365 even support HIPAA-compliance needs, so your first port of call of determining whether the version deployed within your organization allows for the secure and compliant use of protected health information PHI.
Unverified Encryption: While Microsoft 365 provides the required encryption of data in both transit (when sent to patients and customers) and at rest (when stored in data centers), it’s up to the healthcare company to verify their protocols as per the HIPAA Security Rule.
Insufficient Security Controls: similarly, Microsoft 365 possesses the necessary controls to meet HIPAA compliance but they’re not configured for the secure handling of PHI by default.
No Business Associate Agreement (BAA) by default: unlike notable platforms, such as Mailchimp, Microsoft is willing to sign a BAA: a crucial requirement for HIPAA compliance, as a third party handling your company’s PHI. However, the BAA isn’t active until executed by both parties.

Steps for Making Microsoft 365 HIPAA-compliant

Fortunately, you can use Microsoft 365 for your healthcare email communications and marketing campaigns without suffering the penalties of falling out of HIPAA non-compliance, which include operational obstructions, financial penalties, and damage to your company’s standing within the industry and with patients and customers.

Here’s how to make Microsoft 365 HIPAA-compliant:

1. Purchase a HIPAA-compliant Microsoft 365 subscription

If you don’t already have one deployed, upgrade to a version of Microsoft that’s designed for HIPAA compliance, i.e., features the required security and compliance components.

These include:

Microsoft 365 Business Premium
Microsoft 365 E3
Microsoft 365 E5

Conversely, the following versions do not support HIPAA compliance:

Microsoft 365 Personal/Family
Microsoft 365 Business Basic
Microsoft 365 Apps for Business

2. Sign a BAA

Obtain an BAA, so your and Microsoft’s responsibilities in regards to the handling of sensitive patient data is legally documented.

3. Configure Security Settings to Meet HIPAA Standards

Ensure the appropriate security policies and controls are in place to facilitate the safe and compliant processing of patient data.

This includes the implementation of:

A comprehensive risk analysis, to determine and categorize threats to PHI.
Robust access control policies (e.g., role-based access control (RBAC)) to limit access to personnel who are allowed to handle PHI
Data Loss Prevention (DLP) policies, to detect and restrict the sharing of PHI.
Continuous monitoring, logging, and auditing processes to track the access, modification, and transmission of PHI.

You can read the full instructions for correctly configuring Microsoft 365 to make it HIPAA-compliant in this comprehensive document published by Microsoft.

4. Enable Encryption by Default

A key requirement of making Microsoft 365 HIPAA-compliant is ensuring all emails are encrypted automatically. This is due to the fact that some encrypted emails sent from Microsoft 365 are incompatible with the security settings of the recipient email server. Consequently, the recipient can’t read the encrypted message and they’re unable to engage with your communications – no matter how carefully crafted or personalized.

Fortunately, this can be quickly remediated by configuring Microsoft 365 to route through a HIPAA-compliant email delivery service, like LuxSci, which features automated encryption and makes sure your healthcare emails reach the patients and customers without issue and in compliance.

Why Choose LuxSci Secure Email Gateway for HIPAA-Compliant Microsoft 365 Email

Despite the capabilities, not to mention comfort and convenience that Microsoft 365 offers, healthcare companies can understandably be wary of using it for patient and customer engagment campaigns using and including PHI – because the configuration required to make it HIPAA-compliant can be intricate and time-consuming.

Fortunately, the LuxSci Secure Email Gateway solution is designed to streamline the process. LuxSci can be directly integrated with your Microsoft 365 implementation to provide robust security features that exceed HIPAA requirements, ensuring compliance for your healthcare engagement efforts while keeping patient and customer data safe.

Features include:

End-to-End Encryption: Protects PHI both in transit and at rest, ensuring end-to-end security regardless of the recipient’s email server.
Comprehensive Audit and Tracking: Detailed auditing and tracking of all Microsoft 365 email communications, making it easy to monitor who accesses what information and when, a crucial component for HIPAA compliance.
Customizable Security Policies: Advanced controls and policies, which enable the configuration of automated safeguards that enforce HIPAA-compliant email practices across your organization.
User-Friendly Design: While maintaining high-security standards, LuxSci’s interface is intuitive, making it easy for your staff to securely communicate with patients without added friction or complexity.
Automatated Secure Sending: Communications containing PHI can be automatically routed through secure channels, so there’s no risk of accidental insecure sending. Consequently, there’s no action required by employees to guarantee encryption and HIPAA compliance.
Best-in-Class Customer Support for Compliance Needs: As the most experienced provider of secure HIPAA-compliant healthcare communications, LuxSci has acquired a reputation for providing the highest standard of support in the industry. Our skilled team provides comprehensive support that helps healthcare providers, payers and suppliers navigate the challenges and complications on the road to full HIPAA compliance.

If you’d like to learn more about making Microsoft 365 HIPAA-compliant with LuxSci Secure Email Gateway, contact us today!

Posted in New Feature Announcements
Comments Off on How to Make Microsoft 365 HIPAA-Compliant

What You Need to Know About PHI Identifiers

Tuesday, November 5th, 2024

It’s hard to understate the benefits of using protected health information (PHI) in your patient engagement efforts. By effectively leveraging PHI, you can create highly-targeted and personalized email marketing campaigns, which have greater potential to connect with your patients and customers – and drive your desired outcomes.

However, before diving in, it’s essential to be aware of HIPAA’s complex compliance requirements and how they govern healthcare organizations’ marketing communications. Chief among these considerations is the concept of PHI identifiers and the role they play in classifying and protecting sensitive patient data. With this in mind, let’s explore HIPAA’s 18 PHI identifiers

What is a PHI Identifier?

Before we detail the 18 different PHI identifiers, it’s crucial to first distinguish between what counts as PHI and what, in reality, is personally identifiable information (PII).

PHI (as well as its digital equivalent or electronic protected health information (ePHI)), is defined as “individually identifiable protected health information” and specifically refers to three classes of data:

An individual’s past, present, or future physical or mental health or condition.
The past, present, or future provisioning of health care to an individual.
The past, present, or future payment-related information for the provisioning of health care to an individual.

In short, for an individual’s PII to be classed as protected health information it must be related to a health condition, their healthcare provision, or the payment of that provision. So, a patient’s email address in isolation, for example, isn’t necessarily PHI. However when combined with any information about their healthcare – such as in a patient engagement email campaign – it would constitute PHI.

Put another way, as HIPAA is designed to enforce standards and best practices in the healthcare industry, it’s concerned with protecting health-related information. While the protection of general PII is of the utmost importance, that’s a significantly larger remit – and, consequently, one that’s shared by a variety of data privacy regulations covering different industries and regions (PCI-DSS, GDPR, etc.).

What are the 18 PHI Identifiers?

With the above background in mind, we now have a clearer understanding of what is classed as PHI and, as a result, what data needs to be de-identified. The HIPAA Privacy Rule provides two methods for the de-identification of PHI: the Expert Determination and Safe Harbour methods.

Expert Determination requires a statistical or scientific expert to assess the PHI and conclude that the risk of it being able to identify a particular patient is very low. Safe Harbour, meanwhile, involves systematically removing or securing specific data types to mitigate the risk of patient identification. It’s from the Safe Harbour method that we get the following 18 PHI identifiers:

Patient Names

Geographical Elements: street address, city, and all other subdivisions lower than the state.

Dates Related to Patient’s ID or Health History: eD.O.B, D.O.D, admission and discharge dates, etc.

Telephone Numbers

Fax Numbers

Email Addresses

Social Security Numbers

Medical Record Numbers

Health Insurance Beneficiary Numbers

Account Numbers

Certificate or License Numbers: as these can confirm an individual’s professional qualifications or credentials, and when combined with PHI, are exploitable by malicious actors.

Vehicle Identifiers: i.e., license plate and serial numbers

Device Identifiers and Serial Numbers: those belonging to smartphones, tablets, or medical devices, because they communicate with healthcare companies during provision and can be linked back to the patient

Digital Identifiers: namely website addresses used by healthcare companies that patients may visit (for healthcare education, event registration, etc.)

Internet Protocol (IP) Addresses: the digital location from where a patient’s device accesses the internet; this can be used to acquire subsequent PHI

Biometric Identifiers: e.g., fingerprints, voice samples, etc.

Full Face Photographs: in additional to other comparable images

Other Unique Numbers, Codes, or Characteristics: not covered by the prior 17 categories

As illustrated by the above list, HIPAA’s list of PHI identifiers is comprehensive, covering all aspects of an individual’s identity and digital footprint. In light of this, when handling patient data it’s crucial to use platforms and digital solutions that have been designed with the secure transmission and storage of PHI in mind.

Harness the Benefits of Using PHI for Better Patient Engagement

As the most experienced provider of HIPAA-compliant communications, LuxSci specializes in secure email, text, marketing and forms for healthcare providers, payers and suppliers. LuxSci’s Secure Healthcare Communications suite offers flexible encryption, customizable security policies, and automated features to ensure HIPAA compliance and the protection of PHI data.

Interested in discovering how LuxSci’s solutions can help you securely engage with your patients and customers?

Posted in Email, Email Marketing, New Feature Announcements, Patient Engagement
Comments Off on What You Need to Know About PHI Identifiers

12 Key Questions to Ask Before Sending HIPAA-Compliant Marketing Emails

Wednesday, October 30th, 2024

So – you’ve just been told that your email marketing program is putting your company at risk of violating HIPAA.

Ok. What now?

If you want to continue your email-based patient engagement efforts – without the risk of the financial, operational, and reputational risk that accompanies the exposure of sensitive patient data, you must implement HIPAA-compliant email marketing practices.

This is comprised of two components: becoming HIPAA-compliant, setting up the required systems and procedures to ensure your PHI (PHI) and EPHI (EPHI) are protected, and your marketing objectives, who you want to reach and what to communicate.

However, you don’t have to let your marketing objectives suffer for the sake of security.

Implementing a HIPAA-compliant marketing program can actually help you achieve better marketing results.

Asking yourself these 12 questions ensures your email marketing campaigns align with your business goals and are HIPAA-compliant.

———

HIPAA-Compliant Marketing Emails

1. Do you have security controls to protect access to your email marketing system?

2. Do you have a documented procedure to guide you HIPAA-compliant email marketing?

3. Can you send encrypted emails?

4. Do you have a complete understanding of your organization’s PHI and ePHI?

5. Do you have a required training process for anyone sending HIPAA-compliant marketing emails?

6. Do you have effective protection against malware?

7. Do you have valid Business Associate Agreements (BAA) in place?

8. Why am I sending this email?

9. Is my email’s subject line standing out?

10. What is the recipient’s brand and product awareness level?

11. Have I tested my message for readability?

12. Have I sent my message to a test email account?

HIPAA-Compliant Marketing Emails

If your organization requires HIPAA-compliant email, start by using these questions to inspect your email marketing for compliance. Note that while we can’t provide legal advice, the below questions will help you identify some of the most common points of vulnerability and non-compliance.

1. Do you have security controls to protect access to your email marketing system?

Email security is an essential component of being HIPAA-compliant. As a starting point, check your internal security processes for access restrictions. This includes:

A robust password policy, i.e., changed frequently (e.g., 30 days), has to contain a mixture of characters, etc.
Multi-factor authentication (MFA), i.e., users verifying their identity in multiple ways, e.g., username/password and sent number codes (text, email, key fob, etc.), biometrics, etc.
Role-based access controls, i.e., granting access to individuals based on the responsibilities of their job role.
Zero Trust Architecture (ZTA), i.e., “never trust, always verify” – where users are required to reconfirm their identity on a case-by-case basis, as opposed to once when logging on, which mitigates session hijacking and similar threats.

2. Do you have a documented procedure to guide you HIPAA-compliant email marketing?

“Winging it” simply doesn’t cut it when it comes to HIPAA-compliant email marketing; you must develop a comprehensive documented process detailing how you intend to safeguard PHI throughout your email marketing campaigns.

This should include:

Specifying the HIPAA-compliant email delivery service you’ll use to execute your marketing campaigns

The processes and controls you’ll use to encrypt data for ePHI at rest and in transit

The access and authentication controls you have in place

How you’ll implement data minimization: only using the minimum necessary PHI in communications – and not including sensitive PHI unless it’s essential.
How you’ll securely dispose of data: Implement a process for securely deleting emails containing ePHI once they’re no longer needed, to comply with retention policies.
Staff training: educating employees involved in email marketing on how to securely handle PHI and other HIPAA requirements.
Incident response plan, i.e., an additional documented plan for how you’ll respond to data breaches and other cyber attacks; this also includes notifying any affected parties as mandated by HIPAA.

If you’re starting from scratch, the information contained in the answers to the questions in this article provides a useful starting point for creating your first procedure.

3. Can you send encrypted emails?

If you are sending highly sensitive data or PHI in your emails, be aware that HIPAA requires the data to be encrypted a rest, i.e., the storage medium where it resides, and in transit, when being sent to recipients.

To the surprise of many healthcare organizations, most major email marketing providers, such as Mailchimp and Constant Contact are unable to provide encryption for data in transit and only protect data in their systems. To avoid falling foul of HIPAA regulations, ensure that the email delivery platform you use to transmit messages containing PHI offers end-to-end encryption.

4. Do you have a complete understanding of your organization’s PHI and ePHI?

Much of the time, when we, as well as healthcare providers, talk about PHI, we’re actually referring to electronic protected health information (EPHI). While PHI is a catch-all term to account for all sensitive health information, in truth, in the digital age, the vast majority is stored electronically in data centers – and the patient data handled is EPHI.

You can discover “PHI” and “ePHI” within the context of your organization’s context by identifying and categorizing the PHI and ePHI typically handled in your business. It’s an absolutely crucial tenet of data protection that you simply can’t protect what you’re not aware of.

Comprehensive PHI categorization will help your staff navigate HIPAA-compliant email requirements.

5. Do you have a required training process in place for anyone sending HIPAA-compliant marketing emails?

Your HIPAA compliance program, as with your company’s overall cybersecurity posture, is only as strong as your weakest link. In light of this, it’s essential to educate the staff within your company who are involved in your healthcare engagement campaigns on the secure use of ePHI and HIPAA-compliant marketing practices.

Additionally, this needs to be reflected in your onboarding process, so new hires are made familiar with HIPAA regulations, should their role require it.

6. Do you have effective protection against malware?

In the unlikely event you need any further encouragement to revisit your company’s anti-malware (viruses, ransomware, Trojans, etc.) measures, there are always HIPAA compliance requirements!

To better protect your sensitive customer data against a slew of increasingly sophisticated cyber threats, start with these three key considerations:

Do you have anti-malware protection running on all of your organization’s devices? Additionally, does this extend to your employee’s personal devices on which they handle PHI?
How frequently do you update your anti-malware solution?
Does your email marketing provider have sufficient protection malware mitigation measures in place, as per HIPAA requirements?

7. Do you have valid Business Associate Agreements (BAA) in place?

It’s normal to outsource activities like email marketing to a third party, but for the service they provide to be HIPAA-compliant, you must have a business associate agreement (BAA) in place.

A BAA documents how two organizations will share PHI and under what circumstances. A BAA also details the legal responsibilities of each party in the event of a serious issue. With a BAA being a core component of HIPAA compliance, failure to have one in place with your email service provider is an immediate HIPAA violation – and one that can result in serious consequences for a healthcare company.

Getting Better Results from HIPAA-Compliant Email Marketing

Now that you’ve confirmed your systems are HIPAA-compliant, let’s move on to making sure your email marketing strategy aligns with your overall business objectives.

In pursuit of this, the following questions serve as a handy “monthly review” for refining the effectiveness of your email-based patient outreach efforts .

8. Why am I sending this email?

First and foremost, for the best results, each email you send should have a single, clearly defined purpose.

I know what you’re thinking – “my customers and patients are smart, they can handle multiple points in a single message.” And while that’s true, at whatever point your email reaches a recipient, they’re already juggling several different priorities at once. While they’re capable of juggling multiple points in a message – they’re unlikely to want to; when it comes to email marketing, a single goal is the best way to go.

Similarly, it’s important to remember that your email is one of dozens – or hundreds – received by your patient that day. So, if your message is long and overly complicated, the reader will likely skip over or delete it.

9. Is my email’s subject line standing out?

Following on the above point, is your email subject line impactful enough to stand out amidst the pile of messages that will land in the patient’s inbox that day? The email subject line is the most important part of your email because it’s responsible for persuading the reader to open your message.

Despite this, many marketers still use terrible, ineffective subject lines and wonder why their emails are failing to produce results!

For the best results, write up three to ten subject lines for your next email, step away for 5-10 minutes, and then choose the headline you determine as best.

Consider these examples to check your understanding:

Ineffective Email Subject Lines

Blank (no subject): writing nothing in the subject line
Clinic Newsletter (tell them more, e.g., the subject or theme for the month)
Overusing exclamation marks!!!

Effective Email Subject Lines (examples based on a dental practice)

BRAND-NEW Dental Product Released Today
How to Cut Down on Your Health Insurance Paperwork
[Case Study] How We Helped 3 Ex-Smokers Get White Teeth

10. What is the recipient’s brand and product awareness level?

Whether promoting medical devices, new digital solutions technology, or any healthcare product or service, understanding the prospect’s awareness level is essential.

If your email is designed to introduce a brand-new product, stick to high-level features and benefits while avoiding technical jargon and granular product details. Conversely, if you’re writing an email to experienced, highly knowledgeable readers, going into greater depth makes sense.

Advanced list management and segmentation tools, as offered by Luxsci Secure Marketing, are key for ensuring the communications you send match the reader’s awareness level.

11. Have I tested my message for readability?

Do you know one of the reasons that Hemingway was popular? He was skilled at writing short phrases and phrases. Consequently, his writing was easy to understand and appealed to a wide variety of people. When in doubt, keep your writing short and free of jargon, abbreviations and “insider” terms.

When you’re deeply involved in the details of your business, it’s so easy to overlook just how much specialized jargon and language you frequently use. However, if you want your communications to engage with patients and customers, they need to be as accessible as possible.

Fortunately, there are simple solutions to this, with tools like the Text Readability Calculator that are designed to quickly enhance the readability of your emails.

12. Have I sent my message to a test email account?

Finally, if you’ve followed all of the above advice, you’re almost ready to hit SEND…there’s just one more thing you need to check.

Determine how your email will look to recipients, including its clarity, and readability by simply sending a test email to one of your own email accounts once it is received.

In particular, pay attention to how the subject line looks and test all the links in the email to ensure they take the reader through to the intended destination, such as a product or service page. A broken link will only frustrate the recipient – who was interested enough to click through, no less – and lower your conversion rate.

Better still, send the test email to a colleague somebody and ask for their opinion about the quality of the message and whether it creates the desired impression.

Demystifying HIPAA-Compliant Email Marketing

As the most experienced HIPAA-compliant email provider, LuxSci specializes in providing secure and HIPAA-compliant solutions for companies aiming to send hundreds of thousands – or millions – of emails. Our hypersegmentation tools allow you to precisely target an unlimited number of patient sub-populations to maximize the efficacy of your messaging.

Are you interested in discovering how LuxSci’s secure email marketing platform will streamline your healthcare engagement efforts?

Posted in Email, Email Marketing, New Feature Announcements
Comments Off on 12 Key Questions to Ask Before Sending HIPAA-Compliant Marketing Emails

How to Improve Patient Engagement with Secure Communications

Tuesday, October 29th, 2024

As people demand more personalized experiences from their healthcare companies and providers, patient engagement is increasingly emerging as a top priority. With increasing demands for digital-first interactions and more connected healthcare journeys from their patients and customers, healthcare organizations must evolve their communication strategies to meet these new expectations. In fact, more than ever, today’s healthcare patients and customer expect the same efficient and personalized experiences that they have with other businesses, including retail and financial services.

In this article, we explore two key strategies for improving patient and customer engagement: employing a multi-channel approach and personalization. We’ll show you how each concept improves your communication strategy, while ensuring HIPAA compliance at the same time.

The Growing Importance of Patient Engagement

Today’s healthcare industry is undergoing significant changes – some might even call it outright disruption. With new and varied services like Telehealth, Remote Care, In-Home Care, Connected Care, Value-Based Care, and more, clear and targeted communication has never been more vital for effectively improving patient engagement and driving greater levels of participation in an individual’s healthcare journey.

Another key thing to bear in mind is that today’s patients and customers already have increasing expectations for convenient, personalized, and secure interactions with their healthcare providers. According to a report from McKinsey & Company, over 70% of patients prioritize the ability to communicate with their healthcare providers, payers and suppliers through their preferred channels. However, these preferences vary significantly across age groups, highlighting the importance of a multi-channel communication strategy; let’s explore those preferences now.

Patient Engagement Preferences by Age Group

The chart below, compiled from recent research findings, highlights the varying communication channel preferences by age group, helping healthcare companies craft their engagement strategies accordingly:

Channel	Gen Z (18-25)	Millennials (26-40)	Baby Boomers (57-75)
Phone	10%	35%	55%
Email	20%	35%	45%
Text	40%	45%	15%
Patient Portals	30%	45%	25%
Face-to-Face	15%	25%	60%

By understanding these differences, healthcare organizations can implement and continually refine multi-channel marketing strategies that cater to the unique preferences of each demographic group. Key takeaways include:

Baby Boomers (57 – 75 years old) still prefer phone calls (55%) and face-to-face interactions (60%), though there is preference in email (45%) for certain types of communication, such as appointment reminders and post-care instructions.
Millennials (26 – 40 years old) tend to favor asynchronous methods that fit into their busy schedules, i.e., phone, text, and email. This age group is tech-savvy, with half also using patient portals for managing their healthcare options.
As digital natives, Gen Z patients lean heavily toward digital channels, with text messaging (40%) and patient portals (30%) as top choices. They, more than any other group, expect fast, responsive communication, which makes secure, real-time digital options essential.

Catering to patients’ communication channel preferences ensures they feel better heard and, as a result, more valued. This will result in them becoming more involved in their healthcare journey, leading to higher rates of satisfaction, being more receptive to new services or products, and, most importantly, better health outcomes.

Multi-Channel Communication: Meeting Patients Where They Are

Healthcare providers, payers and suppliers need a multi-channel strategy, that incorporates email, text, patient portals, and phone calls to match the different communication preferences of their diverse patient and customer bases.

A single-channel, or siloed, approach is far less effective, as each demographic interacts with healthcare providers in unique ways. In light of this, offering communication options across multiple channels makes it easier to reach patients – and for them to participate in their healthcare journeys on their preferred terms.

Benefits of multi-channel communication include:

Increased Engagement: Patients and customer are more likely to respond and engage through their preferred communication method, whether that’s by text, email, portal or over the phone.
Improved Satisfaction: receiving timely, personalized updates makes patients feel more connected and satisfied with care.
Better Adherence to Care Plans: patients who receive reminders or follow-ups through their preferred channels are more likely to adhere to care plans, attend appointments, and follow medical advice.
Upselling and Cross-Selling Opportunities: when healthcare providers and suppliers connect with patients and customers over the channel of their choice they are more likely to reach their target audience and attract qualified prospects for new services and products, as well as upgrades to existing ones.

Take Personalization Further by Using PHI in Communications

After unprecedented numbers of people were forced to adapt to digital solutions during the COVID-19 pandemic, personalization is no longer optional or “a nice to have” – but an expectation among patients and customers. The healthcare industry is no exception to this with personalized communications greatly enhancing efficiency and driving favorable outcomes.

Securely harnessing protected health information (PHI) is critical to effective personalization across a broad range of use cases, including care management, marketing and preventative care. It’s important to appreciate, however, that personalization in healthcare engagement goes beyond merely addressing patients by their names; it includes tailoring messages, reminders, renewals, recommendations, and offers based on their medical history, treatment plans, personal characteristics (age, gender, etc.), and ongoing health needs.

Examples of PHI-driven personalization include:

Appointment Reminders: personalized reminders based on the patient’s treatment plan can reduce no-show rates.
Post-Procedure Follow-Ups: securely sending follow-up instructions and health updates specific to the patient’s condition leads to better adherence and recovery rates.
Targeted Preventative Care Campaigns: using patient data to create campaigns around vaccinations, screenings, annual tests, or chronic disease management helps address individual health needs.
Marketing campaigns: delivering targeted campaigns to highly segmented groups of patients and customers, e.g., offers for the latest in-home blood pressure monitor for patients suffering from hypertension.

However, using PHI in communications requires strict adherence to HIPAA regulations and a broad set of data security safeguards and best practices. LuxSci’s Secure Healthcare Communications Suite enables healthcare organizations to safely use PHI in digital communications, ensuring compliance for email, text, marketing and data collection forms, while providing all the required functionality for personalizing your communications to create the desired impact.

Why Secure Healthcare Communication is Crucial

Data breaches in the healthcare industry are consistently on the rise, and, unfortunately, they show no signs of abating. In fact, between 2009 and 2023, healthcare data breaches resulted in the exposure of more than a half billion patient records. Healthcare companies are prime targets for cyberattacks, because of the sensitivity of the data they possess and the critical importance of their services.

Consequently, the fines for healthcare companies that fail to sufficiently protect PHI and fall victim to data breaches can extend into the millions. The reputation damage, however, can be far more costly, with it often being beyond repair.

LuxSci is the most experienced provider of HIPAA-compliant email and secure healthcare communication solutions, working with organizations of all sizes: from local and regional practices to large healthcare systems, providers and suppliers, including Athenahealth, Delta Dental, 1800 Contacts, and Rotech Healthcare.

Our comprehensive HIPAA-compliant communications platform includes:

HIPAA-Compliant Email: send millions of secure emails every month with our Secure High Volume Email solution, or make your Google Workspace or Microsoft 365 email HIPAA-compliant with our Secure Gateway Product
Secure Text Messaging: reach patients quickly and securely with appointment reminders, health updates, and other communications via text. Connect them directly into their patient portals via their desktop or mobile device —with no application installation required.
Secure Marketing: proactively connect with your customers with HIPAA-compliant email marketing campaigns for increased engagement, lead generation and sales.
Secure Forms: safely collect, store, access and analyze PHI data from patients to optimize workflows and generate insights that allow you to refine your long-term strategies.

If you’d like to learn more about how to take your patient and customer engagement to the next level, all while remaining compliant with HIPAA regulations, contact us today!

Posted in New Feature Announcements
Comments Off on How to Improve Patient Engagement with Secure Communications

New Email Tracking Features Deliver More Accurate Engagement Insights

Monday, October 14th, 2024

Today, we’re excited to announce two new reporting features designed to help healthcare organizations improve reporting accuracy and the overall effectiveness of their email campaigns. The new features offer deeper insights into Apple Mail and Google email performance by distinguishing between opens and clicks performed by human actions and automated events — and by giving users control over how these events are reflected in LuxSci email campaign reporting.

Let’s dive into what these features are and how they can help you get more precise data from your healthcare email marketing and communications efforts.

Feature 1: Enhanced Open and Click Tracking – Human vs. Automated

One of the biggest challenges in email tracking today is the rise of automated systems that pre-load images and scan links in emails. Automated systems can trigger open or click events without the recipient actually interacting with the email, leading to inflated and misleading open/click rates.

With LuxSci’s new enhanced open and click tracking, you can now tell whether Apple Mail and Google emails (Gmail and Google Workspace) were opened or a link was clicked by a human or by an automated system. This crucial distinction allows you to have a much clearer picture of actual user engagement.

Here’s how it works:

When emails are sent with open tracking enabled, a small tracking image (also known as a pixel) is embedded in the email. When that image is loaded, the system tracks the email as “opened.”
Similarly, links in the email are encoded to track clicks. If a recipient clicks a link, it triggers a “clicked” event, but these events can also be triggered by automated systems.
LuxSci’s enhanced open and click tracking feature analyzes these events and reports whether the actions were performed by a human or an automated system, helping you sift through false positives.

Feature 2: Suppressing Automated Events in Your Reporting

In addition to tracking the source of open and click events, LuxSci’s second new feature gives you the option to exclude automated events from Apple Mail and Google email from your email engagement statistics altogether. This setting, available in account-wide outbound email settings, is a powerful tool for ensuring the accuracy of your reports and understanding true user engagement.

Here’s how it works:

Automated opens and clicks can be removed from email reporting for better accuracy. For example, if a security bot clicks a link, that event will be logged, but it won’t mark the email as “clicked” in your statistics.
Your open, click, and click-through rates can be set to only reflect real human actions, making these metrics much more reliable for evaluating campaign performance and actual patient engagement.

Why These Features Matter for Healthcare Email Marketing

For healthcare organizations, reliable metrics are essential. Emails often carry critical information related to patient care, transactions, or marketing, and understanding who is engaging with your content is critical to ongoing improvement and long-term success. At the same time, automated actions can inflate your open and click rates, leading to inaccurate conclusions about your email performance.

LuxSci’s new features give you the power to:

Track email engagement with precision: Know the difference between human engagement and automated actions, so your metrics reflect reality.
Customize your reporting: Decide whether you want to include or suppress automated events in your reports.
Improve deliverability strategies: By analyzing which emails are genuinely opened or clicked by real people, you can fine-tune your email campaigns to maximize their effectiveness.

Ready to Enhance Your Email Tracking?

Take control of your email deliverability insights with LuxSci’s newest email tracking tools. Whether you want to gain deeper insights into recipient behavior or eliminate noise from automated systems, these features are designed to help you improve your email reporting, performance and engagement.

For current LuxSci customers, you can learn more about these features in the Support Library, under Support, when you are logged into your account.

If you’re new to LuxSci, reach out today and we’d be happy show you the power of our secure, HIPAA-complaint healthcare communications solutions, including high volume email, text, forms and marketing solutions. Contact us here.

Posted in Email, New Feature Announcements, Patient Engagement
Comments Off on New Email Tracking Features Deliver More Accurate Engagement Insights

Archive for the ‘New Feature Announcements’ Category

How to Make Microsoft 365 HIPAA-Compliant

Why Microsoft 365 is Not HIPAA-compliant by Default

Steps for Making Microsoft 365 HIPAA-compliant

1. Purchase a HIPAA-compliant Microsoft 365 subscription

2. Sign a BAA

3. Configure Security Settings to Meet HIPAA Standards

4. Enable Encryption by Default

Why Choose LuxSci Secure Email Gateway for HIPAA-Compliant Microsoft 365 Email

What You Need to Know About PHI Identifiers

What is a PHI Identifier?

What are the 18 PHI Identifiers?

Harness the Benefits of Using PHI for Better Patient Engagement

12 Key Questions to Ask Before Sending HIPAA-Compliant Marketing Emails

HIPAA-Compliant Marketing Emails

HIPAA-Compliant Marketing Emails

1. Do you have security controls to protect access to your email marketing system?

2. Do you have a documented procedure to guide you HIPAA-compliant email marketing?

3. Can you send encrypted emails?

4. Do you have a complete understanding of your organization’s PHI and ePHI?

5. Do you have a required training process in place for anyone sending HIPAA-compliant marketing emails?

6. Do you have effective protection against malware?

7. Do you have valid Business Associate Agreements (BAA) in place?

Getting Better Results from HIPAA-Compliant Email Marketing

8. Why am I sending this email?

9. Is my email’s subject line standing out?

10. What is the recipient’s brand and product awareness level?

11. Have I tested my message for readability?

12. Have I sent my message to a test email account?

Demystifying HIPAA-Compliant Email Marketing

How to Improve Patient Engagement with Secure Communications

The Growing Importance of Patient Engagement

Multi-Channel Communication: Meeting Patients Where They Are

Take Personalization Further by Using PHI in Communications

Why Secure Healthcare Communication is Crucial

New Email Tracking Features Deliver More Accurate Engagement Insights

Feature 1: Enhanced Open and Click Tracking – Human vs. Automated

Feature 2: Suppressing Automated Events in Your Reporting

Why These Features Matter for Healthcare Email Marketing

Ready to Enhance Your Email Tracking?

Follow LuxSci

Categories