email marketing Archives - Page 3 of 9

Posts Tagged ‘email marketing’

Patient Portals and Patient Engagement

Wednesday, March 8th, 2023

Patient portals are powerful tools that allow patients to access their health records and even enable appointment scheduling and communication with healthcare providers. Despite their growing importance and popularity, patient portals alone aren’t a solution for patient engagement.

What is a Patient Portal?

A patient portal is a secure online website that gives patients 24-hour access to personal health information from anywhere with an internet connection. By logging in to an account with a unique username and password, patients can view health information like medical records and lab results and communicate securely with their healthcare provider.

In May 2020, the Office of the National Coordinator for Health IT (ONC) finalized federal rulemaking to increase patients’ and caregivers’ access, exchange, and use of electronic health information. This rule implements key provisions of the 21st Century Cures Act. The legislation requires certified health IT developers to adopt secure, standards-based application programming interfaces that enable individuals to access and manage their health records using a health application.

The top ways patient portals are used include:

The Problems with Patient Portals and Patient Engagement

Despite their growing popularity, not all patients want to use online portals. Below, view some of the top reasons patients do not want to use a portal.

The most common reasons included just simple patient preferences. Survey respondents preferred to use another channel to communicate with their healthcare providers. This survey data was collected before the Covid-19 pandemic began. Over the past two years, other surveys have identified a growing acceptance of digital health tools. Nevertheless, it’s important to remember that not everyone prefers to use internet-based technology and provide alternate methods for engagement.

Another primary concern is technology access. Three factors accounted for over 50% of responses, including:

Difficult to login (24%)
Uncomfortable with computers (20%)
Do not have a way to access the website (13%)

Not all patients can access a reliable internet connection or confidently use a computer. These barriers can prevent patients from accessing their medical information and highlight why providing multiple channels for patients to interact with their providers is essential.

Security concerns are not irrelevant either. With increasing threats to the healthcare industry, it’s understandable that some patients are hesitant to have their health information shared online. Providers must do more to secure their digital environment and earn patients’ trust.

Patient Engagement Challenges

Sending timely, personalized messages is critical to the success of patient engagement efforts. However, patient portals can also be a barrier to engagement if they are the sole vector for patient communication. Nearly 40% of patients never login into the portal, while only 18% log in more than six times a year.

If you attempt to send engagement messages via the patient portal, they will go unread by most of your audience. A simple forgotten password could prevent patients from accessing the portal for months, meaning they could miss out on timely messages about their healthcare.

In addition, patient portals do not support the creation of personalized messages at scale. These platforms were designed to send one-to-one messages about a patient’s upcoming appointment, lab results, and medical records and do not possess the same customization features as email marketing platforms.

Finally, most patient portals were designed to be data repositories and were not built to enable patient communication. Most send a vague notification email to the patient, letting them know a message is waiting. However, the burden is on the patient to log in and read the message. Most EHRs cannot even track who is opening and reading the messages! For healthcare marketers trying to identify the best patient engagement strategies, patient portals lack the analytics and data needed to define, track, and boost engagement.

Patient Engagement with No Portals: Secure Email Solutions

Patients expect a healthcare experience that is more like that of e-commerce. 90% of patients want to receive emails from their providers that apply to their health journey. By moving patient engagement activities out of the portal as much as possible, it opens up new possibilities for marketers. TLS-encrypted emails do not require passwords to read, and securely deliver information directly to inboxes.

Not all messages are appropriate to send via TLS-encrypted emails. Sometimes the security of the patient portal is preferred. Patient portals are an excellent place to store sensitive data and must be a part of the patient’s healthcare experience. It’s always a good idea to post highly sensitive data like test results and medical records in an encrypted portal and not send them via email because of possible interception and eavesdropping issues. However, by using secure email to send less-sensitive patient engagement messages, marketers can reduce barriers and promote precision nudging in a way that does not compromise data security.

Marketers will see better open and engagement rates by delivering the message directly to patients’ inboxes. Using a HIPAA-compliant email marketing solution enables the use of PHI to customize messages designed to guide patients on their healthcare journeys. Contact LuxSci today to learn about creating a flexible, data-informed patient engagement strategy.

Tags: email marketing, ePHI, medical records, patient engagement, patient portal
Posted in Email, Email Marketing
Comments Off on Patient Portals and Patient Engagement

The PHI Difference in Healthcare Marketing

Wednesday, February 22nd, 2023

Healthcare marketers are facing complex challenges with serious stakes. Unlike in other industries, healthcare marketers share messages that can impact people’s health and livelihood. Creating the most effective messaging needs to be a priority for healthcare marketing teams. Using first-party data is one way to make a major difference in your marketing efforts. Marketers can craft highly targeted campaigns using protected health information (PHI) to deliver better results for patients.

First-Party Data for Healthcare

In some ways, healthcare marketers are at an advantage because of the amount of first-party data they can access. First-party data is information a company collects directly from its customers. The company owns this data and can verify its authenticity. Marketers can use data like digital interactions, purchase history, and preferences to create experiences that cater to an individual’s interests. In the healthcare industry, first-party data goes way beyond digital interactions. Information about health statuses, diagnoses, and recent patient visits can all be incorporated into marketing campaigns to guide patients on their journey to better health.

Marketers in other industries know that first-party data achieves the highest return on investment of any data type. In 2020, Google partnered with Boston Consulting Group to study how brands succeed with first-party data strategies. The report found that businesses using first-party data for key marketing functions achieved up to a 2.9 times revenue uplift and a 1.5 times increase in cost savings. In addition, as data privacy restrictions grow and third-party cookies are phased out, marketers need more control over their data sources to ensure compliance.

Why Use PHI in Healthcare Marketing?

When healthcare organizations use PHI to segment their email lists and personalize campaign content, they experience better results. Using a HIPAA-compliant email marketing solution allows marketers to leverage the data and information they have about patients to increase engagement. When using PHI, there are so many ways to customize email content that can deliver impressive results.

It makes intuitive sense. What would you prefer- frequent emails about products and services you don’t want, or consistent emails that relate to your goals and interests? It’s an easy decision. No one likes to be annoyed by pointless emails. Using information about your patients’ health statuses and goals to craft personalized messages increases patient satisfaction and retention, while also improving engagement.

As discussed above, healthcare patient data is an excellent source of first-party data that is more comprehensive than the information gathered in other industries. However, healthcare marketers face another hurdle. In addition to getting patient consent to use this data for marketing purposes, organizations are also strictly governed by HIPAA compliance regulations that restrict the use of PHI.

The Challenge: HIPAA Compliance Requirements

So what can healthcare marketers do to surmount this obstacle? First, they must understand the regulations surrounding the transmission of protected health information (PHI). Responsible healthcare marketers must comply with HIPAA when utilizing patient data in their marketing efforts.

Most marketers rely on some sort of email marketing software, CRM, or CDP to manage their marketing campaigns. However, not all platforms are able to meet HIPAA’s stringent requirements. A simple approach to evaluating marketing software for HIPAA compliance focuses on three crucial aspects:

Sign a Business Associate Agreement (BAA)
Securely Store Data
Securely Transmit Data

First, any third party with access to PHI must sign a Business Associates Agreement to govern how the information will be secured and what happens in case of a breach. If they will not sign a BAA, the software should not be used to store or process PHI.

However, signing a BAA alone is not enough. Understanding the terms of service and what the provider allows is essential. If their terms of service forbid you from sending PHI, it could put your organization at risk. It’s also important to review how the data will be secured at rest and in transit. When storing patient health data in a marketing application, consider how it will be protected. Simply put, you must ensure that all PHI is encrypted and can only be accessed by people with the appropriate keys.

If protected health information is transmitted outside of the database or application via email, encryption must also be used to protect the data in transmission. At a minimum, TLS encryption (with the appropriate ciphers) is secure enough to meet HIPAA guidelines. However, many applications do not offer transmission encryption that is secure enough to comply with HIPAA. You should only send communications containing PHI if they are encrypted.

Conclusion

Using PHI data in your marketing efforts can yield improved results. However, this approach requires careful vetting and planning by your marketing and compliance teams to ensure data is secured under HIPAA regulations. To learn more about HIPAA-compliant marketing solutions, contact LuxSci today.

Tags: email marketing, email personalization, healthcare marketing, patient engagement, patient retention, personalization, phi, segmentation
Posted in Email Marketing
Comments Off on The PHI Difference in Healthcare Marketing

Precision Nudging and Patient Engagement: Using PHI to Improve Outcomes

Friday, January 20th, 2023

Precision nudging is a new buzzword in the patient engagement space. But what does it mean, and how does it apply to your email engagement efforts?

What is Precision Nudging?

Forrester defines precision nudging as “the act of notifying or sending a message that prompts action by the patient to overcome patient-specific barriers to action at the right time and place for scalable, sustained behavior change.”

Precision nudging is a preemptive and proactive approach to patient communication. Reminding patients about appointments before they occur can ensure they do not miss important screenings and checkups. By receiving timely diagnoses and treatments, it saves money and improves health outcomes in the long term. Automating these processes at scale can streamline clinical communications and improve patient satisfaction. Beyond appointment reminders, there are many applications for this strategy.

Precision Nudging Strategies

The most critical part of precision nudging is delivering information to the patient at the correct time. Some common ways organizations are adopting precision nudging include:

Appointment reminders
Medication refill reminders
Pre and post-surgery instructions
Chronic condition education and resources
Mental health check-ins
Annual screening reminders

Sending notifications that nudge patients into taking necessary actions is a practical patient engagement strategy. Engaging with patients more frequently can build trust with the provider and encourage patients to take early action that improves their health. Precision nudging can prevent unnecessary visits to the hospital and ultimately drive down spiraling healthcare costs. So many unnecessary hospital admissions occur because patients do not understand or adhere to treatment plans. Nudging patients to change bandages, take medication, or get preventative screenings increases the likelihood of better health outcomes.

How to Use PHI in Precision Nudging

When communicating with patients about their healthcare, it’s essential to use a secure and encrypted communication channel. Regular texts and emails won’t cut it. 93% of patients prefer to communicate with their healthcare provider via email, so it’s wise to start there.

Also, make sure these messages are not locked behind a patient portal. Use TLS encryption to secure the email to make it as easy as possible to read and respond to, while staying in compliance.

Once you have determined your channel, determine your audience. It makes sense to start small. Maybe you want to encourage individuals who have skipped an appointment to reschedule or want to help people recently diagnosed with a chronic condition like diabetes better manage their condition.

Then, create your message. Make sure it is clear, concise, and has a simple call to action. Also, personalize it to fit the audience’s preferences. If the patient primarily speaks Spanish, provide a message in their native language.

Once you’ve established the proper cadence, you can expand your use cases to some examples above. Using a scalable and HIPAA-compliant platform like LuxSci’s Secure Marketing or Secure High Volume Email makes it easy to personalize, send, and review the results of these campaigns. Contact us today to learn more about how to incorporate precision nudging into your clinical communications efforts.

Tags: email engagement, email marketing, health outcomes, operational efficiency, patient education, patient engagement, precision nudging
Posted in Email Marketing, LuxSci Library: HIPAA
Comments Off on Precision Nudging and Patient Engagement: Using PHI to Improve Outcomes

Infographic: Most Email Software Cannot Use PHI

Thursday, January 12th, 2023

Email Communication is Necessary- But Introduces Risk

When it comes to receiving communications from businesses, 93% of people say that email is their preferred communication channel. In the healthcare industry, organizations must take extra care to comply with HIPAA. Only some email marketing platforms can adequately protect PHI. If not properly secured, email can introduce significant risks to sensitive data. 72% of organizations report experiencing an email cyberattack.

As the definition of PHI is ever-expanding to include information like biomarkers, organizations need to adopt a more secure posture for their personal, transactional, and marketing email. Cybercriminals seek out personal data because it is highly valued on the dark web. Data Loss Prevention (DLP) and policies preventing users from sending PHI insecurely are not enough.

Humans are prone to error and often make mistakes classifying PHI. Even DLP technology is not infallible- keywords can be misspelled, and PHI only sometimes fits cleanly into pre-determined filters. 40% of threats stem from internal actors. Many are not malicious, just mistakes! You must account for errors when humans are part of your security program.

So how can you prevent data leakage and ensure the security of sensitive data at rest and in transit? It’s simple when you choose the right solution. Resolve the tension between security risk and business engagement objectives by choosing a fully compliant email marketing solution.

infographic email phi (Click to Expand)

Two Requirements for Including PHI in Marketing Emails

Secure Application

HIPAA does not require at-rest encryption, though it is recommended to decrease risk and potential liability. When using email marketing platforms or customer relationship management systems that contain PHI, it’s essential to keep that information protected. You must ensure that all collected and stored protected health information is encrypted and can only be accessed and decrypted by people with the appropriate keys. This makes backups secure, protects data from being improperly accessed, and generally protects the data no matter what happens (unless the keys are stolen). Encryption is essential to protect private health data at rest in an application.

Transmission Encryption

If protected health information is transmitted outside of the database or application, encryption must also be used to protect the data in transmission. At a minimum, TLS encryption (with the appropriate ciphers) is secure enough to meet HIPAA guidelines. However, TLS alone may not be appropriate for your use cases. Non-compliant and quasi-compliant applications do not offer transmission encryption that is secure enough to comply with HIPAA. You should only send communications containing PHI if they are encrypted.

Types of Email Marketing Solutions

Non Compliant (1)

Many of the most popular email solutions on the market were not designed to protect the sensitive data of the healthcare industry. These vendors will not sign Business Associate Agreements and do not provide the storage or transmission encryption needed to meet HIPAA requirements. Healthcare organizations should only use these solutions if they do not send PHI- which may be impossible if you plan to email lists of patients with any information about their healthcare.

Quasi Compliant (2)

HIPAA does not require any specific technology to meet its requirements, which allows for flexibility, but also creates uncertainty. No central government organization certifies HIPAA compliance, and as a result, many organizations advertise themselves as “HIPAA-compliant” but don’t enable you to take full advantage of their functionality. We call this “Quasi compliance.”

Quasi-compliant solutions often provide a secure application and protect patient data at rest. However, they will not permit you to send emails or transmit PHI outside the database. This can seriously limit the usefulness of the solution. Take a real-life example: one healthcare organization purchased a CRM system and set it up, uploaded their contacts, and was ready to start using it, so they enabled the “HIPAA Compliance” toggle on the backend. They quickly found that much of the functionality was no longer available and wouldn’t allow them to email or log certain data types. The solution was almost useless for their patient engagement efforts.

Other applications will permit you to use the full functionality of the solution, but when you read the terms of the Business Associate Agreement, it is clear that you are not allowed to send PHI. If signed, your organization will be responsible for any breaches caused by sending PHI insecurely, not the vendor.

Full Compliance (4)

This is why it’s crucial to vet solutions carefully and not take shortcuts regarding HIPAA compliance. Any CRM, CDP, or email marketing solution must protect data at rest in a secure application and encrypt transmitted messages. Even more importantly, it shouldn’t take any extra training or require any extra steps to use in a compliant way.

At LuxSci, (3) we provide a secure application to manage your email campaigns that encrypts transmitted messages automatically. Our Secure Marketing solution is designed to meet the unique security needs of healthcare organizations. All email transmissions are encrypted automatically, and users can choose the right type of encryption (TLS, Portal Pickup) to meet their email use cases. Automatic encryption gives your security and compliance teams peace of mind that all messages are sent securely. Data is protected throughout the lifecycle and does not require employees to decide whether a message contains PHI. Healthcare marketers can fully use PHI to personalize and customize messaging to increase patient engagement and get better ROI on their marketing campaigns.

Tags: automatic encryption, data encryption, email encryption, email marketing, human error, infographic, phi, quasi compliance, secure application
Posted in Email Marketing, LuxSci Library: HIPAA
Comments Off on Infographic: Most Email Software Cannot Use PHI

Rules for Using PHI in Patient Engagement

Friday, November 11th, 2022

As you know by now, we believe strongly in the benefits of using protected health information (PHI) to create highly targeted and personalized email campaigns. However, before you dive in and kick off your campaigns, you must be aware of the complex compliance requirements governing healthcare organizations’ marketing communications.

Reminder: What is PHI?

PHI, or protected health information, is “individually identifiable protected health information.” Protected health information refers specifically to three classes of data:

An individual’s past, present, or future physical or mental health or condition.
The past, present, or future provisioning of health care to an individual.
The past, present, or future payment-related information for the provisioning of health care to an individual.

For protected health information to be “individually identifiable,” the data can be linked to a specific individual (even if this is very indirect). There are 18 types of identifiers for an individual. Any one of these identifiers, combined with “protected health information,” would constitute PHI.

It’s often more complicated than it looks. For example, if you are running email campaigns, an email address is an individual identifier because it can be connected to a specific individual. That, combined with the email content, which often refers to the name of the provider, information about their health conditions, insurance coverage, or upcoming appointments, means that most communications from a healthcare practice could qualify as PHI.

HIPAA Rules for Using PHI in Patient Engagement

HIPAA regulates patient privacy. Healthcare organizations and their associates must obtain consent and implement technical safeguards before starting marketing campaigns.

HIPAA Privacy Rule

According to the U.S. Department of Health & Human Services, you must acquire consent to send marketing communications under the HIPAA Privacy Rule. It reads, “With limited exceptions, the Rule requires an individual’s written authorization before a use or disclosure of his or her protected health information can be made for marketing.”

The Privacy Rule defines “marketing” as “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.” This also applies to many patient engagement communications.

Generally, if the communication is “marketing,” then the communication can only occur if the covered entity obtains an individual’s authorization. Organizations must keep track of who has consented to receive marketing communications and allow them to opt-out at any time. We further discuss the nuances of patient consent for marketing communications here.

HIPAA Security Rule

All covered entities and their Business Associates are subject to the HIPAA Security Rule. If you are working with a vendor (like a marketing consultant, email marketing platform, or ad agency) that will have access to PHI, you need to enforce a Business Associate Agreement.

The HIPAA Security Rule categorizes the necessary safeguards into three categories: Physical, Administrative, and Technical Safeguards. More details about the requirements for each can be found here. Any vendor you choose to work with must follow these regulations. Some basic requirements include the following:

Physically protecting data and where it is stored,
Training staff on handling PHI, and
Setting up technology to protect PHI properly.

Assuming your patient engagement campaigns are primarily occurring via email, at a minimum, you must ensure that the email marketing vendor will:

Protect data at rest and
Protect data in transmission.

This means utilizing encryption to ensure that PHI cannot be eavesdropped on. Many popular email marketing vendors do not encrypt PHI in transmission. It’s extremely important to choose a provider who can protect PHI following HIPAA regulations.

The Benefits of Using PHI for Patient Engagement

Once you have established the proper policies and procedures, signed a BAA, and put any technical requirements in place, you can start segmenting and personalizing emails using PHI. Here are some segmentation and personalization ideas to get started.

By applying these techniques and using PHI in your patient engagement strategy, you can:

Design targeted patient journeys
Deliver better patient outcomes
Improve ROI and reduce costs

Tags: business associate agreement, email marketing, ePHI, hipaa compliance, hipaa privacy rule, hipaa security rule, patient engagement, personalization, phi, quasi compliance, segmentation
Posted in Email Marketing
Comments Off on Rules for Using PHI in Patient Engagement