" email marketing Archives - LuxSci

Posts Tagged ‘email marketing’

Rules for Using PHI in Patient Engagement

Friday, November 11th, 2022

As you know by now, we believe strongly in the benefits of using protected health information (PHI) to create highly targeted and personalized email campaigns. However, before you dive in and kick off your campaigns, you must be aware of the complex compliance requirements governing healthcare organizations’ marketing communications.

using PHI for patient engagement

Reminder: What is PHI?

PHI, or protected health information, is “individually identifiable protected health information.” Protected health information refers specifically to three classes of data:

  1. An individual’s past, present, or future physical or mental health or condition.
  2. The past, present, or future provisioning of health care to an individual.
  3. The past, present, or future payment-related information for the provisioning of health care to an individual.

For protected health information to be “individually identifiable,” the data can be linked to a specific individual (even if this is very indirect). There are 18 types of identifiers for an individual. Any one of these identifiers, combined with “protected health information,” would constitute PHI.

It’s often more complicated than it looks. For example, if you are running email campaigns, an email address is an individual identifier because it can be connected to a specific individual. That, combined with the email content, which often refers to the name of the provider, information about their health conditions, insurance coverage, or upcoming appointments, means that most communications from a healthcare practice could qualify as PHI.

HIPAA Rules for Using PHI in Patient Engagement

HIPAA regulates patient privacy. Healthcare organizations and their associates must obtain consent and implement technical safeguards before starting marketing campaigns.

HIPAA Privacy Rule

According to the U.S. Department of Health & Human Servicesyou must acquire consent to send marketing communications under the HIPAA Privacy Rule. It reads, “With limited exceptions, the Rule requires an individual’s written authorization before a use or disclosure of his or her protected health information can be made for marketing.”

The Privacy Rule defines “marketing” as “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.” This also applies to many patient engagement communications.  

Generally, if the communication is “marketing,” then the communication can only occur if the covered entity obtains an individual’s authorization. Organizations must keep track of who has consented to receive marketing communications and allow them to opt-out at any time. We further discuss the nuances of patient consent for marketing communications here.

HIPAA Security Rule

All covered entities and their Business Associates are subject to the HIPAA Security Rule. If you are working with a vendor (like a marketing consultant, email marketing platform, or ad agency) that will have access to PHI, you need to enforce a Business Associate Agreement.

The HIPAA Security Rule categorizes the necessary safeguards into three categories: Physical, Administrative, and Technical Safeguards. More details about the requirements for each can be found here. Any vendor you choose to work with must follow these regulations. Some basic requirements include the following:

  • Physically protecting data and where it is stored,
  • Training staff on handling PHI, and
  • Setting up technology to protect PHI properly.

Assuming your patient engagement campaigns are primarily occurring via email, at a minimum, you must ensure that the email marketing vendor will:

  • Protect data at rest and
  • Protect data in transmission.

This means utilizing encryption to ensure that PHI cannot be eavesdropped on. Many popular email marketing vendors do not encrypt PHI in transmission. It’s extremely important to choose a provider who can protect PHI following HIPAA regulations.

quasi compliance

The Benefits of Using PHI for Patient Engagement

Once you have established the proper policies and procedures, signed a BAA, and put any technical requirements in place, you can start segmenting and personalizing emails using PHI. Here are some segmentation and personalization ideas to get started.

By applying these techniques and using PHI in your patient engagement strategy, you can:

  • Design targeted patient journeys
  • Deliver better patient outcomes
  • Improve ROI and reduce costs

Contact us today to learn more about how to securely engage patients using PHI.

4 Email Personalization Strategies for Member Engagement

Friday, November 4th, 2022

For many benefits administrators, it’s open enrollment season! During this period, individuals can make changes to their insurance coverage. It’s vital to engage members to educate them about their plans and benefits to increase satisfaction, retain members, and acquire new enrollees. This article presents four email personalization strategies for member engagement.

member engagement strategies

Insurance Information is ePHI

Before we get to strategies for improving engagement, it’s worth reflecting on the regulatory hurdles. According to the Department of Health and Human Services, healthcare payers, insurers, and benefits administrators are covered entities. This means they must abide by HIPAA regulations when transmitting and storing protected health information (PHI).

Emails about an individual’s insurance coverage and eligibility, plan types and offerings, health status, and financial information are considered PHI and must be protected accordingly. We’ve written extensively about the HIPAA requirements for email elsewhere, but in brief, this means that emails containing PHI need to be encrypted and archived appropriately. Do not proceed with the following strategies until a HIPAA-compliant email solution is implemented correctly.

 

4 Email Personalization Strategies for Member Engagement

Segmentation and personalization are the keys to crafting messages that appeal to your audience. Particularly when it comes to healthcare coverage, there is no one-size fits all approach. Personalization techniques allow marketers to create highly relevant emails that the audience will find beneficial.

Age-Related Changes

In the US health insurance market, insurance coverage is often tied to age. As individuals reach new stages of life, there is an opportunity for them to change their insurance coverage. For example, insurers and benefits administrators can create targeted messaging to:

  • 26-year-old individuals about to enter the healthcare marketplace and
  • 65-year-old individuals who qualify for Medicare

It would not make sense to send these messages to a sizeable non-segmented email list because they would be irrelevant to the majority of recipients. By segmenting your email list by age and creating targeted messaging, you will receive a better response and return on investment from your email campaigns.

Plan and Benefit Educational Opportunities

There are many different types of health insurance coverage and benefit plans. Educating enrollees on their plan benefits makes them more likely to utilize their coverage and be satisfied with their plan. For example, if eligible members are not taking advantage of a dental benefit, it may be wise to create an email campaign that educates them on what they can access with their benefits.

Geography-Specific Messaging

There are often differences in enrollment periods, eligibility, and benefits in the US market on a state-by-state basis. Creating personalized messages based on the recipient’s residence makes the messages more relevant. For example, sending recipients the accurate enrollment date based on their residence is essential to getting people to sign up!

Health Status Messaging

You can also use information you know about your members to craft messages that can help improve their health. For example, it may be possible to know who is overdue for an annual appointment, and email messages can help them reschedule care. Similarly, several standard preventative screenings are tied to age and gender, like annual mammograms for women at 40 years old. By sending an email to all members who meet that criteria reminding them to get screened, it can improve population health and reduce costs.

Conclusion

Today’s consumers prefer email communications from businesses and brands. Personalizing your approach can improve your campaign performance and deliver significant results. If you want help improving your enrollment outreach with HIPAA-compliant email, contact LuxSci.

Frequently Asked Questions: HIPAA and Email Marketing

Thursday, October 27th, 2022

HIPAA is a complicated law that offers a lot of guidance but does not require the use of any specific technologies to protect patient privacy. This causes a lot of confusion when it comes to HIPAA-compliant marketing campaigns. This article addresses some frequently asked questions about HIPAA-compliant email marketing and what you need to do to be on the right side of the law.

Do generic practice newsletters still count as PHI?

In many cases, even generic email newsletters can be considered PHI because they are sent to lists of current patients. Email addresses are individually identifiable and combined with the email content; it may imply that they are patients of the practice. For example, say you send a “generic” newsletter to the patients of a dialysis clinic. An eavesdropper may be able to infer that the recipients receive dialysis. Therefore the email is PHI and should be protected.

In some cases, it can be complicated to determine what is PHI and what is not. Using a HIPAA-compliant marketing solution is best to avoid ambiguity and ensure you are secure.

What are email marketing best practices for organizations using Mailchimp?

The best practice is not to use Mailchimp! Mailchimp is NOT HIPAA-compliant and will not sign a Business Associate Agreement to protect your data. The best way to begin an email marketing program is to select a fully HIPAA-compliant vendor. Simply put, this means that emails are encrypted in transit, and stored data is also encrypted. 

 

quasi compliance

What is an Email API?

API is an acronym that stands for “Application Programming Interface.” An email API gives applications (like CRMs, CDPs, or EHRs) the ability to send emails and retrieve analytics. Email APIs are often used to send transactional or bulk marketing emails. Trigger-based emails are ideal for sending with an email API. In this situation, emails are sent when pre-determined conditions in the application are met. For example, an order confirmation is a transactional, trigger-based email. A person buys a product online, the transaction is processed, and an email is sent to the buyer with their transaction details. The email is sent automatically with an email API. When a new patient has an upcoming appointment, an email API could be used to send a reminder email and offer rescheduling options. Email APIs enable the automation of common email workflows.

Does HIPAA permit providers to send unencrypted emails with PHI to patients?

Encryption is an addressable standard under the HIPAA Security Rule, but that does not mean it’s optional. The HIPAA Privacy Rule does not explicitly forbid unencrypted email. Still, it does state that “other safeguards should be applied to reasonably protect privacy, such as limiting the amount or type of information disclosed through the unencrypted email.”

The Department of Health and Human Services (HHS) has clarified this by stating that “covered entities are permitted to send individuals unencrypted emails if they have advised the individual of the risk, and the individual still prefers the unencrypted email.” Some organizations use waivers to inform patients of the risks and acquire permission to send unencrypted emails.

However, we do not recommend this for several reasons. One, keeping track of waivers over time and recording status changes and updates is challenging. Two, signed waivers do not insulate you from the consequences of a HIPAA breach. And finally, using waivers to send unencrypted emails doesn’t eliminate your other HIPAA obligations. Using a HIPAA-compliant solution is more manageable and eliminates ambiguity.

Do patients have a right to exercise their right of access to their own PHI by receiving it via unencrypted email?

Yes, but they must be fully informed of the risks and sign waivers acknowledging them. The caveats in the previous answer apply. It’s always better to encrypt emails. 

Is Microsoft 365/Exchange 365 encryption sufficient for marketing emails?

Microsoft 365 can be configured with Office Message Encryption (OME) to comply with HIPAA. However, it is not well-suited to send marketing emails. OME primarily relies on portal pickup encryption, in which the message is stored securely on a server and requires the recipient to log in to the portal to read the email. If you are a marketer trying to increase open and response rates, the portal adds a barrier to access that many will not cross. Light-PHI marketing messages are best sent using TLS encryption. TLS-encrypted messages arrive in the recipient’s inbox just like a regular email and do not require a user to log in to read the message.

tls vs portal pickup

Conclusion

HIPAA can be difficult to understand, but choosing the right tools and properly vetting your vendors makes it easy to execute HIPAA-compliant email marketing campaigns. If you are interested in learning more about LuxSci’s easy-to-use, Secure Marketing platform, please get in touch with our sales team.

Retain Patients with Personalized Communications

Tuesday, October 11th, 2022

Expectations of healthcare providers have dramatically changed in the last decade. The introduction of technology and the widespread adoption of digital communications in other industries have increased the pressure on healthcare providers to provide a similar experience. In fact, a recent survey commissioned by Redpoint found a significant gap in the experience healthcare consumers expect to receive from their provider and what is actually provided. To improve the patient experience, a personalized communications approach is necessary.

Patients Want A Personalized Healthcare Experience

Healthcare providers manage a lot of patient data. As audience segmentation and personalization techniques become more common in other industries like e-commerce and personal care, consumers are beginning to expect the same experiences from their healthcare providers. For example, media streaming services make personalized recommendations for new shows based on what you have previously watched. People like these features because it helps them discover new content they may not know about. Patients are beginning to expect a similar personalized experience from their healthcare provider. If a patient wants to control their diabetes diagnosis, communications from a medical provider with helpful resources are not only desired but are starting to become expected.

patient preferences survey

Personalized Communications Affect Patient Retention

Unlike streaming services, healthcare is extremely personal. If a media company recommends a show you don’t like, it’s minorly irritating. On the other hand, if your practice sends irrelevant email communications, it impacts the patient experience and may cause patients to leave. To that end, the Dynata survey found that the patient experience and personalization were two of the top reasons that patients leave a healthcare practice.

patient satisfaction survey

What would you prefer- frequent emails about products and services you don’t want, or consistent emails that relate to your goals and interests? It’s an easy decision. No one likes to be annoyed by pointless emails. Using information about your patients’ health status and goals to craft personalized messages increases patient satisfaction and improves engagement.

How to Personalize the Patient Experience

Traditionally, HIPAA compliance requirements have made it difficult for healthcare providers to personalize email communications. When marketers use patient data to segment audiences and personalize content, the communications must be protected according to HIPAA regulations. Many email marketing tools cannot meet these stringent encryption and security requirements. By selecting tools that meet HIPAA’s technical requirements (like LuxSci’s Secure Marketing and Secure High Volume Email) and by properly training employees, healthcare marketers can employ the same segmentation and personalization techniques to reach their audience with relevant communications.

Conclusion

Personalizing email communications is just one way to improve patient marketing and retention. Contact us today to learn more about how to reach your patients with secure email communications.

5 Ways to Improve Your Dental Practice Email Marketing

Thursday, October 6th, 2022

Email marketing is a highly effective way to communicate the latest news about your dental practice to patients. However, stale newsletters and practice announcements are not enough to keep patients engaged with their oral health. Take your dental practice email marketing to the next level with these tips to improve your messaging. 

1) Choose an email marketing platform that allows you to use ePHI

Identifying the tools to market your practice is often trickier than it appears. Dental practices must abide by HIPAA regulations, affecting how they can transmit information about their services to their patients. Any vendor that handles PHI on behalf of a dental practice must sign a Business Associate Agreement outlining how patient data will be stored, transmitted, and disposed of. Don’t choose a vendor who is unfamiliar with HIPAA’s stringent requirements.

Also, watch out for quasi-compliance. Some self-identified “HIPAA-compliant” email vendors can protect data at rest but not in transmission, rendering their services moot. What’s the point of using a HIPAA-compliant email marketing service that doesn’t allow you to transmit relevant information?

quasi compliance

Some organizations try to avoid HIPAA regulations by having patients sign consent forms to waive their rights under HIPAA. However, this is unwise for several reasons. Even if patients agree, it does not remove the organization’s obligations to secure PHI under the law. If protected health information is improperly accessed, it is still a breach and can lead to severe financial and reputational consequences. Plus, keeping track of waivers and keeping email lists up to date is a major hassle. It’s much easier to do the right thing under the law.

2) Encrypt marketing emails to comply with HIPAA

Many marketing emails imply a relationship between patients and providers and, as such, can often be classified as protected health information. PHI must be encrypted in transit and at rest to comply with HIPAA. Ensure your email marketing platform encrypts every email automatically instead of relying on your marketing team to secure sensitive data.

However, not all email encryption is created equal. TLS encryption meets HIPAA transport encryption requirements and provides a better user experience. Emails encrypted with TLS are sent directly to the patient’s inbox and are opened just like a regular email. This means that marketing emails sent with TLS encryption are more likely to be opened than those sent to a patient portal which requires users to login to read the email.

tls vs portal pickup

Learn more about the differences between TLS and Secure Portal Pickup.

3) Use PHI to send personalized emails that are relevant to your customers

Once you’ve selected a tool that complies with HIPAA email encryption transmission requirements, use patient data to create highly relevant messaging. Some organizations try to get around HIPAA requirements by sending very generic marketing content. However, these tactics do not deliver results. Marketers in other industries have found that using customer data to segment their audience allows them to create highly relevant messaging that delivers better open and click rates. 

personalization stats

Dental marketers can use PHI to segment and personalize emails and delivers results for both your practice and your patients. Healthcare marketing emails can be personalized as long as the proper safeguards and precautions are in place to protect patient privacy and meet compliance requirements.

4) Use email marketing to engage patients 

Healthcare consumerism is rising, and patients are willing to change providers if they are unsatisfied with their experience. Educating and informing current and potential patients about your services is essential to improving new customer acquisition and patient retention. Many patients now prefer to receive communications about their health status, upcoming appointments, and relevant offers via email. 

online marketing stats

Adapting your communications to fit patient preferences is an easy change that can go a long way to increase patient satisfaction.

5) Track the results and use data to improve messaging

Unlike other traditional marketing channels, email marketing campaigns deliver a wealth of data that can be used to inform your strategic plans. Unlike social media, email isn’t subject to the whims of the latest algorithm change. Reviewing performance over time makes it possible to tell what is popular and unpopular with your customer base. Email marketing is so effective at delivering a positive return on investment because it is straightforward to track what is resonating and what is not. 

Conclusion

Using HIPAA-compliant email marketing tools allows dental practices to achieve better marketing results via segmentation and personalization without sacrificing patient privacy. LuxSci’s Secure Marketing platform was designed to help organizations connect with their patients without violating HIPAA.