" email marketing Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘email marketing’

Is Mailchimp HIPAA-Compliant?

Friday, January 17th, 2020

“Is Mailchimp HIPAA-compliant?” has echoed through the boardrooms of healthcare organizations countless times. Whenever companies explore their options for email automation and marketing software, the popular provider’s name tends to be one of the first to pop up.

Mailchimp has long been the go-to option for designing emails and newsletters, sending them out, sharing to social networks, tracking results and much more. 

The company offers an integrated marketing platform that helps to simplify how businesses connect with their customers and also enhances their results.

It’s only natural that healthcare organizations are also wondering whether Mailchimp HIPAA-compliant bulk email is possible.

Is Mailchimp HIPAA Compliant?

Sadly, the answer will disappoint most of those in the healthcare sector, as well as other businesses that deal with electronic protected health information (ePHI). Mailchimp is not HIPAA-compliant.

Despite this, there are some promising aspects of Mailchimp’s security that make it seem as though it could be a HIPAA-compliant marketing email option.

These include login pages that are encrypted with TLS, hashed password storage and brute-force protection that prevents attackers from attempting to log in with every possible password combination. The company also conducts regular penetration tests and other security audits.

While these security features are a positive sign for Mailchimp’s service, the platform has a major stumbling block – there’s not a single mention of a business associate agreement (BAA) on the company’s website. 

This is concerning, because a BAA is essential for HIPAA compliance whenever companies share their data or allow it to be processed by another organization.

BAAs are a critical part of HIPAA compliance and failure to have one is considered an immediate HIPAA violation. It doesn’t matter if all security best practices are being followed, and the ePHI is being shared in a manner that’s compliant in every other way – sharing data without a BAA in place is still a violation.

This is because BAAs set out how two organizations can share data, and under what circumstances. BAAs also delineate where the legal responsibilities of each party fall, and who will be culpable if there are any problems.

If a company puts in the extra effort to provide a HIPAA-compliant service, they will generally advertise their compliance so that they can attract more clients from the health sector.

Since Mailchimp doesn’t have any reference to BAAs on its site – not even a single mention buried in its legal section – it’s safe to assume that the only answer to “Is Mailchimp HIPAA-compliant?” is a resounding “No”.

Beyond the absence of a HIPAA BAA, Mailchimp also does not make any provision for encrypting the bulk mail that would be sent out from its platform.  This makes it completely unsuitable for sending email in a context where compliance counts. There are many, many other security nuances also missing from Mailchimp — ones would not be needed unless you have to follow HIPAA or other compliance frameworks.

Mailchimp HIPAA-Compliant Alternatives

All is not lost for healthcare companies that need a HIPAA-compliant bulk email solution or other marketing tools. While they may have to rule out popular options like Mailchimp, there are a number of HIPAA-compliant marketing email services that are specifically designed for organizations that have to abide by the regulations.

At LuxSci, we specialize in providing secure and HIPAA-compliant services. When building our solutions, we take security, regulatory and practical considerations into account from the early planning stages up until the finished product.

Our approach results in tailor-made tools and services like HIPAA-compliant bulk email and secure hosting. These offer healthcare companies the right balance between their security and regulatory concerns, as well as their need for high-performance tech solutions.

LuxSci amongst “Most Secure Email Services”

Wednesday, October 9th, 2019

Not only is LuxSci a world-class provider of secure, HIPAA-compliant email solutions, Techzillo highlights our industry-best customer support! When you partner with Luxsci, you’ll have a dedicated team of REAL PEOPLE to guide you through your implementation, not link to a self-serve article.

…within a brief window of time, a LuxSci support member will get in touch with you over the phone. Why? Well, to walk you through their service and show you the ropes.

Read the Techzillo article here.

 

…and find out more about our HIPAA-compliant, secure email product here.

 

 

 

TLS Exclusive: HIPAA-compliant email marketing just got a whole lot better

Thursday, May 10th, 2018

If you are a healthcare organization and have to abide by HIPAA regulations, you may be struggling with HIPAA-compliant email marketing.  Besides getting patient consent, there is the whole concern that the marketing email messages need to be secured, as in many cases the marketing messages plus the addresses or list being used imply something about the recipients … something ePHI-related.

SMTP TLS Exclusive

It is a best practice to use a HIPAA-compliant email marketing service to send healthcare-related email marketing messages, newsletters, appointment reminder emails, etc.  Such a service signs the required HIPAA Business Associate Agreement with you, takes care of your data, and ensures that your email messages go securely to your recipients.

Read the rest of this post »

Case Study: Securely Email Medical Laboratory Results to Patients

Thursday, February 1st, 2018

We count many medical laboratories among our customers.  They process lab tests for doctors and send the results to the patients via email.

Medical laboratories, while sometimes not HIPAA covered entities themselves, are Business Associates with Hospitals and doctors who are required to abide by HIPAA.  By the “transitive” nature of the HIPAA privacy laws, such Business Associates must take pains to abide by HIPAA security and privacy standards, protecting patient data, and ensuring confidentiality.

Medical labs use large scale secure email sending

In order to send patients their results via email, these labs must use a HIPAA-complaint system that can send email to anyone with an email address.

This post describes how one large medical lab uses LuxSci’s SecureLine to safely deliver lab results to 1000s people every day.

Read the rest of this post »

17 Questions To Ask Yourself Before You Send A HIPAA-Compliant Marketing Email

Thursday, January 18th, 2018

You’ve just been told that you need to rethink your entire email marketing system. Your attorney and compliance specialist are both telling that you need to implement HIPAA-compliant email marketing.

Your starting point is to break down that goal into two components: business goals and HIPAA compliance. Your email marketing has to achieve your business goals like providing fast customer service and generating more appointments. Next, you need to put HIPAA compliant systems and processes in place.

Use these 17 questions to review your email marketing aligns with your business goals and HIPPA.

 

Read the rest of this post »

LUXSCI