" email marketing Archives - Page 9 of 9 - LuxSci

Posts Tagged ‘email marketing’

Secure Bulk Email: The Solution to HIPAA Violations You Didn’t Know You Were Making

Tuesday, May 7th, 2019

If you send emails for marketing purposes, appointment reminders, or any other business transactions, it’s easy to get complacent and think that there is no way that you could be violating HIPAA. Unfortunately, HIPAA laws are incredibly complex and there are a number of unexpected violations that you can make without even realizing it. Using a secure bulk email service is the best way to avoid costly and damaging HIPAA penalties.

HIPAA laws are designed to protect the privacy of individuals and they often play out in ways that aren’t immediately intuitive. They are further complicated because the lines between compliance and non-compliance aren’t always clear. Given the costs of a violation, it’s important that every healthcare provider and business associate errs on the safe side.

How Can Bulk Emails Violate HIPAA?

There are a variety of common situations where healthcare providers can unwittingly leak their patients’ information in a way that violates HIPAA. The following are just a couple of scenarios that are not just compliance issues, but would also have serious ramifications for those who were affected:

Is a Harmless Newsletter Really Harmless?

Let’s say your healthcare organization wants to send out a newsletter to a certain subset of its patients. Surely something so innocent wouldn’t need to be encrypted, right? Unfortunately, this isn’t always the case.

If your company were to email some helpful resources on depression, you might not see any need to send it to all of your patients. You may decide that it’s best to only send it to those who have previously sought out treatment for mental health issues. After all, what can be wrong with sending information to those who are most likely to find it useful?

Such a simple situation could easily have far-reaching consequences. The email connects the patient to the health condition, and it could give away far more information than the patient would be comfortable with. The targeted nature of the email insinuates that the patient has a mental illness, one which is a personal struggle that still carries a strong stigma in our society.

If this information was sent in an insecure manner, it could be accessed by other people, which could take a dramatic toll on the patient’s life. If the patient were a high-powered CEO and the information leaked, it could be personally difficult and also cause stock prices to plummet. A celebrity could see themselves as the center of a scandal, another famous person being hounded by the paparazzi in the grips of a mental breakdown.

Even normal people can face a range of negative consequences, such as if a patient’s spouse finds out that they were receiving treatment without their knowledge, or if a business partner discovers the information and decides not to move forward on the next project.

If your organization had sent out an email like this with the best intentions, it could still be culpable. These intentions don’t matter to the patient, especially if they have gone through a tough ordeal because of the email. In the eyes of HIPAA, the intentions don’t matter either. A violation is a violation.

An Appointment Reminder Can’t Hurt, Can It?

Let’s say a young woman from an extremely conservative background schedules an appointment with an OB-GYN. Under the laws of our society, she should have every right to see whichever kind of medical professional she needs. Her family and community may not see things the same way.

If the message weren’t sent in a secure way, it’s easy to imagine how the details of her appointment could be intercepted by those around her who disapprove. Perhaps they wouldn’t let her go. Maybe she would be shunned by her community or even worse.

No matter what the result, it is clear that there are some vulnerable people who have a strong need to have even their most subtle information protected. Sure, many of us may not care if such an appointment was made public, but that’s not the point. HIPAA laws are for everyone and need to be able to protect the most vulnerable as well.

What Do HIPAA Laws Actually Say About Secure Bulk Email?

The situations mentioned above are focused on the potential human cost of sending health information in an insecure manner. They demonstrate that HIPAA regulations aren’t just the result of a frustrating bureaucracy. Instead, they are important for protecting people.

Now that we’ve gotten that out of the way, we’ll look at the specifics of what the regulations say. This will help you to understand what does and does not constitute a violation, as well as the gray area that lies in between.

When it comes to bulk emailing, the main concern is over electronic Protected Health Information (ePHI). This information needs to be guarded by adequate security measures whenever it is acquired, processed, sent or stored.

In essence, ePHI is any electronic information that is individually identifiable and that pertains to someone’s physical or mental health, their healthcare and treatments, or any payment-related information. It doesn’t matter whether this data is from the past, present or future. As far as HIPAA laws are concerned, it’s all ePHI.

When HIPAA laws refer to “individually identifiable” information, there’s a long list of 18 separate identifiers, including a patient’s name, address, relevant dates, phone number, email address and much more. The final identifier is “any other characteristic that could uniquely identify the individual”, so pretty much anything that can be connected with a patient counts as individually identifiable information.

Of course, any email address that someone gives to their health provider is clearly an identifier. This means that any organization that processes HIPAA data needs to be extremely careful when sending unencrypted emails, making sure that they don’t include anything that could be related to the patient’s health.

HIPAA Privacy Rule & Informed Consent

Under HIPAA’s Privacy Rule, healthcare providers are allowed to use unencrypted email to communicate with their patients, but only when they take reasonable safeguards and limit the information that is disclosed. These communications should be in accordance with the HIPAA Security Rule, which can be viewed in the Regulation Text (p62).

According to the HIPAA Omnibus Final Rule (p70) the only situation where a healthcare provider can send a patient unencrypted ePHI is if the individual has been informed of the risk, but still chooses to have their information sent in an unencrypted manner. Healthcare providers will want to have this consent in writing so that they can maintain a permanent record as proof.

The HIPAA Privacy Rule also states that individuals must give written consent before their ePHI can be used for marketing. This means that messages about appointments or other transactional emails don’t typically need additional authorization, but messages which promote products or services which aren’t related to the patient’s core healthcare require consent.

What does all of this tell us? That a wide variety of information can be considered ePHI, and that there are many situations where it can be inadvertently sent. The penalties are enormous and can be incredibly damaging for the organization that is responsible, even if the violation was accidental.

What Are the Penalties for a HIPAA Breach?

It depends on just how negligent a healthcare provider’s actions have been. They can range from between $100 and $50,000 per violation or per record that has been violated. That’s right, in cases where the violation has been especially negligent, an organization may have to pay $50,000 for each non-compliant email that was sent.

Secure Bulk Email: The Solution that Protects Your Organization & Your Patients

As you can see, it’s easy to slip up and inadvertently face severe HIPAA penalties. From sending marketing materials to test results or even appointment reminders, there are so many pitfalls where you could be violating HIPAA.

LuxSci’s High Volume Email Sending Service can help to remove this burden from your organization, by giving you a wide variety of security options. In both of the scenarios at the start of this article, our bulk email service could have protected the individuals from having their ePHI exposed, as well as the companies involved from suffering the harsh HIPAA penalties that could follow.

You may think that the majority of your bulk email doesn’t need to be encrypted, and you may even be right. But it’s those few exceptional circumstances which can see your business fall on the wrong side of HIPAA regulations. Our bulk email service helps to prevent this by allowing you to implement the security that is best for both your organization and your patients.

Alternative bulk email providers simply don’t offer the security that is necessary for dealing with information that is as sensitive as ePHI. Organizations that use a service which isn’t HIPAA-compliant may be inadvertently violating the regulations.

You may think that you can get around the need for encryption by simply asking your patients for consent. Sure, it’s possible in some cases, but it still requires a lot of administration. Your organization would need to ask for and obtain consent, then keep permanent records. This can be a complex process where there are numerous opportunities for things to go wrong.

The Benefits of LuxSci’s High Volume Email Sending Service

The standout feature of LuxSci’s bulk email service is that it offers HIPAA compliance for large-scale sending. No other company offers a comparable service, which makes LuxSci the go-to option for organizations that take their HIPAA obligations seriously.

On top of this, we offer a flexible setup that allows your business to send its emails in a manner that suits both your needs and those of your patients. Our TLS Exclusive gives you the option to send emails to only those recipients whose email system supports TLS. This can be a great option for marketing campaigns, especially if you don’t want your non-TLS recipients to be forced to click through to a secure Escrow Portal.

As an alternative, our Escrow service allows anyone to access secure email messages, without any complicated steps or security compromises. With our bulk email service, you can configure your messages dynamically, without the need to adjust your settings for every message.

Another key feature of LuxSci’s service is its scalability. As your email needs grow, we can support you along the way, with the capacity for up to hundreds of millions of emails each month. Our dedicated infrastructure installations offer high availability and disaster recovery, giving your organization everything it needs for enterprise-level bulk emailing.

This makes our High Volume Email Service an excellent solution for your business. Not only can it be used to bring your current bulk email practices in-line with HIPAA regulations, but it can form a key part of your marketing campaigns, helping to grow your business well into the future.

How To Encourage Patient Consent To Email Marketing Without Feeling Slimy

Thursday, January 26th, 2017

If email marketing is known to produce results across a variety of industries, why do some professionals feel uncomfortable with it?  Why do they feel “slimy”?  It is not uncommon for people to feel hesitant to engage in email marketing because it somehow feels “wrong” to them.    There are several factors at play in this limiting belief; in this article, we shall shed light on them to help dispel this feeling so that you can confidently get to work and grow your business, knowing that you are actually helping others.

Email marketing

Read the rest of this post »

Case Study: Halloween Express Chooses LuxSci for Large Scale Seasonal Email Marketing

Monday, January 26th, 2015


Halloween Express
 is one of the most aggressive and dynamic Halloween chains in the United States. Started in 1990, Halloween Express has both company owned and franchised locations throughout the U.S. Their success is based on offering the largest selection of Halloween merchandise available anywhere.

Halloween Express chose LuxSci in 2014 for their massive seasonal email marketing needs.  LuxSci resolved the issues that they experienced with previous providers, saved them money, and enabled an extremely successful online campaign involving millions of email messages sent in a short period of time.

Halloween Express was very pleased that they could quickly scale up sending for the Halloween season, and then back off to a lower level for the rest of the year, without compromising their sending reputation.  They are so satisfied with their experience, that they are staying on for 2015 and are moving their business email services for their hundreds of employees over to LuxSci as well.

This is the story of Halloween Express’ timely switch to LuxSci’s dedicated High Volume SMTP Relaying service.

Read the rest of this post »

Maximizing Delivery Speed and Reliability for Large Scale Email Marketing

Monday, September 8th, 2014

large-scale email marketingMany customers want to send millions of marketing messages within a short timeframe without getting blocked by recipient ISPs to maximize the number of recipients and the conversion rates on these messages.

This is a common scenario that we see, often from customers who have been using another costly provider, where delivery is sluggish or where messages are blacklisted or greylisted by their recipient’s systems.

Here we will share our standard prescription for solving this delivery dilemma once and for all. There are multiple factors involved, each of which will contribute to success.

Read the rest of this post »

LuxSci Announces: Secure Email Marketing

Friday, May 31st, 2013

WESTWOOD, MA, May 31, 2013 — LuxSci® announces the recent launch of Secure Email Marketing, a unique solution to combined need for email marketing, patient engagement, and patient communication while remaining fully HIPAA compliant.

LuxSci’s existing Secure High Volume mailing service enables sending vast quantities of email for marketing and transactional purposes. This service is quick and easy to use and includes lots of reporting features. However, you still have to use some email program or service for composing your messages, managing your mailing lists, and managing their sending through the Secure High Volume API/SMTP sending service.  We have found that many customers do not have any tools for managing their bulk mailing campaigns and want a simple, powerful web-based system for this purpose.

The LuxSci Secure Email Marketing is just that, an extremely feature rich, web-based, email marketing service that can is plugged directly into LuxSci Secure High Volume, so that all of these messages are sent securely.

“Email marketing is a commodity — there are literally hundreds of companies that will happily help you send your marketing messages and track the success of your campaigns.   LuxSci’s Secure Marketing service is the only one to do all of that, but in the context of HIPAA compliance and ease of use.  This is a game changer for health care.” says Erik Kangas, CEO of LuxSci.

Read the rest of this post »