" email marketing HIPAA Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘email marketing HIPAA’

Is SendGrid HIPAA-Compliant?

Wednesday, October 30th, 2019

If your health organization has been investigating its options for promotional email services, you may be wondering, “Is SendGrid HIPAA compliant?” The popular service is used to send 50 billion emails each month, with major clients including Uber, Spotify and Yelp.

SendGrid offers convenient marketing campaign tools alongside its own email API, and its solutions help to both save time and offer scalability. But is SendGrid an appropriate tool for those that need to send HIPAA-compliant bulk email?

Is SendGrid HIPAA-Compliant?

“No, we are not.”

SendGrid makes this extremely clear on its Is SendGrid HIPAA-compliance page. The company should be commended for being so upfront about this. Some of its rivals take a bit of poking around to figure out whether their services can be used to protect ePHI within the confines of HIPAA regulations.

The company does not provide HIPAA-compliant marketing email software with appropriate safeguards for sensitive patient data. SendGrid goes on to say that, “We do not offer any encryption or security measures…beyond those included in the SMTP RFC, which was not designed with HIPAA compliance in mind.”

If that wasn’t enough to convince you, SendGrid’s Terms of Service certainly should:

If You are (or become) a Covered Entity or Business Associate (as defined in HIPAA) or a Financial Institution (as defined in GLBA), you agree not to use the Service for any purpose or in any manner involving Protected Health Information (as defined in HIPAA) or Nonpublic Personal Information (as defined in GLBA).

If you got lost in the legalese and you’re still wondering “Is SendGrid HIPAA compliant?” the paragraph is essentially just a fancy reiteration of the company’s earlier response of, “No, we are not.”

As one final nail in the coffin, SendGrid’s website has no current mentions of its willingness to sign a business associate agreement (BAA). BAAs are essential for HIPAA compliance whenever one company uses the service of another to transmit, store or process their ePHI in any way.

These agreements lay down the ground rules for how data will be shared, the protection measures that will be put in place, and which party is legally responsible in different circumstances. If a company is unwilling to sign one of these agreements, then it’s impossible to use its service to process ePHI and still remain HIPAA-compliant.

SendGrid HIPAA-Compliant Alternatives

Because SendGrid is not a HIPAA-compliant marketing email service, your organization will need to look for other options that provide secure bulk email solutions. At LuxSci, we specialize in HIPAA-compliant technologies that protect data and can meet the stringent regulatory requirements.

From our High Volume secure email sending service to our HIPAA-compliant web hosting, we design all of our offerings to make it as easy as possible for our clients to comply with the laws, without compromising on usability or effectiveness.

Email Open and Click Tracking for Everyone

Tuesday, April 2nd, 2019

Have you ever sent an email message and then wondered:

  • Did they open your email message?  
  • Did they click on any of the links that you included?  
  • Which links?  
  • Was the message forwarded on and opened by other people?  
  • When did they read it?

Typical email marketing platforms, like LuxSci’s Spotlight Mailer, include features that expose this information for the email marketing campaigns sent through them.   However, not all email marketing systems include email open and click analysis.  And, what about sending email via other means, e.g., through WebMail, Outlook, iPhone, API, basic SMTP relaying, etc.   Most outbound email systems that are not explicitly geared towards email marketing do not provide any means to learn the answers to these important questions.

With LuxSci’s new email open and click tracking options, LuxSci will add codes to your messages so that you can gather then answers to such business critical questions for any messages sent through LuxSci:

  • WebMail
  • API
  • SMTP Relaying — i.e., Outlook, Mac Mail, iOS, Android, and other all programs that connect via SMTP

Open and click tracking is included as a standard feature with LuxSci email hosting, LuxSci high volume secure sending, and LuxSci smart hosting.

HOW DOES IT WORK?

When LuxSci email open tracking is enabled, LuxSci adds a small image to the end of the HTML part of every message sent to every recipient.  When the recipient opens this message, that image is requested from LuxSci’s servers and we record the “email open” event.   This includes the date/time it was opened, the recipient of that message, and the IP address / physical location where the message was opened.

When LuxSci email click tracking is enabled, LuxSci modifies the links in all HTML parts of every message sent to every recipient.  When the recipient clicks on any of these links, they are taken first to LuxSci.  We record the click event. This includes the URL clicked, date/time it was clicked, the recipient of that message, and the IP address / physical location where the link was clicked.  Then, LuxSci redirects your recipient to the actually intended web address.  This happens so fast that most people never notice the tracking.

HOW TO I ENABLE OPEN AND CLICK TRACKING?

Open and/or click tracking can be enabled in LuxSci on an account-wide, domain-wide, or per-user basis; you can customize its usage to match your business needs.

To enable account-wide, for all messages sent by all users in your account, go to:

  • Account Settings > Email
  • Scroll down to “Open Tracking” and “URL Click Tracking”
  • Toggle the settings to “On” and press “Save Changes”

To enable domain-wide, for all messages sent by all users whose email addresses belong to a specific domain, go to:

  • Account Settings > Domains
  • Click on the domain in question (if you have multiple in your account).
  • Click on “Outbound Email Settings” on the left
  • Scroll down to “Open Tracking” and “URL Click Tracking”
  • Toggle the settings to “On” and press “Save Changes”

To enable for all messages sent by a specific user, go to

  • Your user outbound email settings:
  • Scroll down to “Open Tracking” and “URL Click Tracking”
  • Toggle the settings to “On” and press “Save Changes”

HOW DO I SEE MY OPEN AND CLICK TRACKING REPORTS?

Once you have enabled open or click tracking and have sent some messages, you can look and see what has happened. Did anyone open the messages? Who clicked on what links? When?

There are several ways to dig into this juicy data.

User-Level Reports

Login to you LuxSci Account and go to your Reports area. From there, open up the menu area on the left for “Sent Email – From WebMail” or “Sent Email – From SMTP Server,” depending on which messages you are interested in. Next, you can look at the “Message Opens” and “URL Clicks” reports to see what has been opened and clicked. Note that you can export data using the “Download CVS File” button on the upper right of the page. Also, Open and Click details are also available in the “Delivery Status” reports via the “Advanced” reporting tab.

Account-Level Reports

As an account administrator, you can view reports covering sending across all users in your account. Go to your Account Reports area. Then, open the “Sent Email” menu on the left and you can find reports analogous to the user-level ones, described above, but inclusive of the sending from all users.

API Reports

If you would like to integrate email open, click, and other deliverability information into our own database or application, your can use LuxSci’s REST API. The API provides all of the functionality of the user and account user interface reports, but through programmable queries and filters.

WHAT ABOUT WHITE LABEL BRANDING

When open or click tracking are enabled, images and/or links are added to your email email messages that reference luxsci.com.  If you would like to customize this so that your own domain name is used for these images and links, LuxSci offers “Private Labeling.”  Customers with Private Labeling can customize many aspects of LuxSci, including the look of the WebMail interface and the domain name used for these links and images.  If you already have Private Labeling enabled, then your configured secure domain name will be automatically used with open and click tracking.

Want to learn more about HIPAA-compliant email marketing and reporting? Contact us.

LUXSCI