Omnichannel marketing is a relatively new strategy that can help healthcare marketers achieve success. Marketers need to leverage a variety of marketing tactics to reach and communicate with their patients. Omnichannel marketing involves the integration of digital channels and traditional media to provide a consistent and personalized experience across all channels to drive marketing success.
Read the rest of this post »
When designing an email infrastructure to send high volumes of email, you need to determine your email throughput needs. Throughput refers to how much data can be transferred within a specific time frame. It is a practical measure that is influenced by many factors including server power, network speeds, concurrent connections and more. This article will explain some of the factors that you can control to help you design an email sending infrastructure that fits your business needs.
Read the rest of this post »
Medical laboratories use LuxSci’s secure services to email lab test results to patients. Although medical laboratories are not always HIPAA Covered Entities themselves, they are Business Associates with hospitals and doctors who are required to abide by HIPAA. By the “transitive” nature of the HIPAA privacy laws, Business Associates must abide by HIPAA security and privacy standards, protect patient data, and ensure confidentiality.
In order to send patients their results via email, these labs must use a HIPAA-compliant system that can send email to anyone with an email address. We work with labs to securely send Covid-19 test results, cancer screening results, and many other kinds of medical test results via email.
This post describes how one large medical lab uses LuxSci’s Secure High Volume Email sending service to safely deliver lab results to thousands of people every day.
Read the rest of this post »
Understanding your email open rates is critical for the long-term success of your marketing strategy. If you aren’t monitoring key metrics, you won’t know if your campaigns are effective. Reviewing KPIs regularly helps you understand how to tweak your strategy to meet your business goals.
While you are likely already tracking key metrics, you may not know that there are some caveats to the accuracy of email open rates and click tracking data. Understanding these caveats will help you properly interpret your results.
You have no control over the email software that your recipients use or how they set it up. Some users will have their email client configured so that it will block images or HTML in their email content.
Users do this for security reasons or because they don’t want to be tracked. Either way, it’s bad news for the accuracy of your email open rate figures and click tracking data. Under normal circumstances, this type of data is collected via a beacon that is embedded in every email you send out. These beacons are tiny images that recipients don’t notice. They work by triggering a request for the image data from a server, which results in the server obtaining data about the recipient.
If a recipient blocks images or HTML, these beacons won’t load. This means that the tracking data isn’t collected by the server. Marketers will not have any insight into their activity. Even if the recipient does read the message, it won’t be included in email open rate figures. This results in email open rates that may in reality be slightly higher than your data shows.
Some email programs may automatically open messages without user intervention. This can result in false positives. As a result, a user may be counted as having opened your email, when in reality it was just their software. These false positives will affect the accuracy of your email open rate, suggesting that the individual opened the message when they actually didn’t.
These false positives can be caused by some email filtering services which pre-load images to scan them for security purposes. Gmail has also been known to automatically pre-load images, affecting the accuracy of your email open rate.
Some recipients may use spam filters that are configured to click email links to verify whether an email is safe. While this is great for protecting the recipient, it does pose a problem for email marketers. These automatic clicks from the spam filters may artificially inflate your email open and click rates.
If you look through your metrics, you may be able to determine which are automatic clicks caused by spam filters. If you see that multiple links are clicked in rapid succession, it is a solid indicator that the filter is scanning the email, rather than the recipient clicking a link themselves.
Email client providers may offer protective measures that stop beacons from being able to collect metrics for the sender. The most prominent offering to do so is Apple’s Mail app, which began providing Mail Privacy Protection as part of iOS 15. This gives users the option to protect their email activity and prevent marketers from knowing when they open an email. It also masks their IP address, which stops their IP from being linked to their other online activity.
While many users may like this privacy feature, it does cause problems for email marketers. If more users opt-in to these privacy features, marketers may have to rely on metrics other than open rates.
As Virtual Private Networks (VPNs) become more popular, the accuracy of your location data may be affected. This is because VPNs allow users to spoof their locations. The data may indicate that a user is in Texas, but in reality, he or she could be in Vietnam using a Texas-based VPN server.
You need to be aware of this limitation when planning your email marketing strategy, and allow for the fact that your location-based targeting may not be 100 percent accurate.
While the above caveats complicate email open rate accuracy and click tracking for all marketers, those in the health sector face an even more complicated challenge. They need to be able to obtain useful data without violating HIPAA regulations.
Thankfully, LuxSci’s Secure Marketing tool is designed specifically for email marketing in the health industry. It offers features that allow you to measure your email open rates and click tracking, all while helping your organization meet its HIPAA compliance needs. Talk to us today to find out how Secure Marketing can help solve your business challenges.
If you are subject to HIPAA regulations- think twice before sending off that marketing email blast to your customers. If your emails contain ePHI, stop and make sure you are using a HIPAA-compliant email marketing platform before sending.
Not all email marketing platforms were designed with HIPAA compliance in mind. In fact, it can be difficult to figure out which vendors will allow you to send HIPAA-compliant emails on their platforms. We created this list of five questions to help you screen potential vendors for compliance.
It’s a simple question, but if the vendor does not mention anything about HIPAA or HITRUST certification on their website, it’s a good indicator that they are not secure enough to be compliant. As you probably know, HIPAA regulations can be onerous, and many companies do not have the time, expertise, or desire to update their technology. On the other hand, if they have taken the time and spent the money to invest in the serious security steps needed for HIPAA compliance, you should be able to find something about it in their marketing.
If you are sharing ePHI with a vendor (including lists of patient names and email addresses), you must have a BAA in place that outlines their responsibilities to protect your ePHI. If a vendor will not sign a BAA with you, it is an obvious sign that you cannot use their platform for HIPAA-compliant email marketing.
However, even if a vendor will sign a BAA, it does not mean that you can use their platform and comply with HIPAA. Read the fine print! Some companies have very restrictive BAAs that severely limit the functionality of the platform and prevent you from sending emails. We call these vendors “quasi” compliant. The only comply with HIPAA, if you abide by strict rules that prevent you from actually using their solution.
For an example, take Constant Contact. They will sign a BAA. However, they explicit state in their BAA that you:
“Should not use our systems for transmitting highly sensitive PHI (for example: mental health, substance abuse, or HIV information). Our application was not built for electronic medical records (EMR). If you have such information to send, please do not use Constant Contact.”
Constant Contact does not encrypt outbound emails, making it a poor choice for a HIPAA-compliant email marketing vendor. Depending on your email use cases, you could be unable to send any emails on their platform. Even worse, if you mistakenly send emails that contain ePHI you will be held liable for violating HIPAA, not Constant Contact, because you violated the terms of the BAA.
Encryption is an addressable standard as part of the HIPAA Security Rule. Encryption is highly recommended to protect ePHI in all digital communications. Many email marketing platforms have adopted encryption methods that are secure enough to protect ePHI while it remains in their systems. However, that’s not enough to comply with HIPAA. You should specifically ask about their ability to encrypt outbound emails. Data in transit is extremely vulnerable to malicious actors, and therefore you need to encryption to protect emails containing ePHI. If a vendor does not provide encryption for outbound marketing emails then you should not consider using them.
If a vendor says that they do encrypt outgoing messages, it’s important to consider these additional questions.
As a marketer, you want your emails to directly reach the recipient with as little friction as possible. If the recipient has to login to another platform to read the email, it’s unlikely to be read. A good HIPAA-compliant email marketing platform will use TLS encryption to send marketing messages directly to inboxes that support it. Emails sent with TLS encryption appear just like any other message directly in the recipient’s inbox.
However, there may be scenarios when you need to use more secure encryption methods. We recommend finding an email marketing vendor that is flexible and will let you select the right method of encryption for any type of message. For example, you may want to use a portal-based encryption method to send highly sensitive messages. Either way, make sure your vendor can support your needs with the right type of email encryption.
Finally, the most important question to ask is: can I include highly sensitive patient information in an email? If you cannot, you can’t use the full power of the email marketing platform to create targeted, personalized and relevant messages. At best, you can only send generic office newsletters. If you want to create the types of marketing emails that will drive ROI and improve patient engagement, utilize your patient data for personalization and segmentation.
LuxSci’s Secure Marketing platform was built from the ground up with HIPAA compliance in mind. If you would like to learn more about how to create compliant email marketing campaigns utilizing ePHI, please let us know.
