" HIPAA-compliant email marketing Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘HIPAA-compliant email marketing’

Is Marketo HIPAA-Compliant?

Wednesday, October 23rd, 2019

If you’re in the healthcare sector and considering marketing-automation software, you may be wondering, “Is Marketo HIPAA-compliant?”

Marketo features a holistic range of marketing tools that aim to bring results for its users. Its offerings include:

  • Email marketing
  • Lead management
  • Mobile marketing
  • Customer base marketing
  • Consumer marketing
  • Account-based marketing
  • Revenue attribution

Together, these tools can help to streamline and maximize a business’s marketing processes, bringing in more clients and boosting sales. While Marketo offers a great range of tools, it isn’t suitable in every scenario.

Is Marketo HIPAA Compliant?

The short answer is no. While there are many aspects that seem like they would make Marketo HIPAA-compliant, such as 2048-bit certificates, and third-party security assessments, one critical component is missing – Marketo makes no mention of business associate agreements (BAAs).

BAAs are at the core of HIPAA compliance. If ePHI is shared between companies without one of these agreements in place, it’s an immediate HIPAA violation. This is true, regardless of whether every other aspect of the relationship falls completely within the guidelines. 

BAAs are essential because they legally lay out how data will be shared and processed between the two entities, as well as where the responsibility falls.

No matter where we looked on the Marketo website, we couldn’t find any mention of BAAs. We checked through the privacy policy, legal section and even conducted a site-search, but nothing showed up.

Without any indications of the company’s willingness to sign a business associate agreement, we can only assume that the answer to our question of “Is Marketo HIPAA-compliant?” is a strong no.

The company makes things confusing because its Healthcare Marketing Solutions page features references to medical organizations like Boston Children’s Hospital and GE Healthcare.

Despite this seeming conflict, it’s most likely that Marketo does not offer HIPAA-compliant services. If the company did go to the effort of making its platform HIPAA-compliant, it would make sense for it to market these efforts, or at least have some mention of BAAs on its website

The safest assumption is that Marketo probably provides solutions that don’t involve ePHI to the healthcare companies mentioned above. This could include services that don’t need to be HIPAA compliant, marketing email for other purposes, and related offerings.

Marketo HIPAA-Compliant Alternatives

If you were looking for a HIPAA-compliant bulk email solution, or some other software that makes marketing easier, we’re sorry to be the bringers of bad news. At least you can take solace in the knowledge that you won’t get caught in a HIPAA violation for using non-compliant software.

So what are your alternatives? Is Mailchimp HIPAA-compliant?

Unfortunately, MailChimp’s popular platform will also get you in trouble with regulators if it touches your ePHI.

If you’re out of ideas for automating and streamlining your marketing processes, you don’t need to give up hope just yet. At LuxSci, we offer both HIPAA-compliant bulk email and HIPAA-compliant marketing email services.

HIPAA compliance and security are our main focuses at LuxSci, so all of our services are designed with the regulations in mind at every step of the way. By partnering with LuxSci and using our marketing services carefully, your organization can significantly reduce its risks of HIPAA violations.

Email Open and Click Tracking for Everyone

Tuesday, April 2nd, 2019

Have you ever sent an email message and then wondered:

  • Did they open your email message?  
  • Did they click on any of the links that you included?  
  • Which links?  
  • Was the message forwarded on and opened by other people?  
  • When did they read it?

Typical email marketing platforms, like LuxSci’s Spotlight Mailer, include features that expose this information for the email marketing campaigns sent through them.   However, not all email marketing systems include email open and click analysis.  And, what about sending email via other means, e.g., through WebMail, Outlook, iPhone, API, basic SMTP relaying, etc.   Most outbound email systems that are not explicitly geared towards email marketing do not provide any means to learn the answers to these important questions.

With LuxSci’s new email open and click tracking options, LuxSci will add codes to your messages so that you can gather then answers to such business critical questions for any messages sent through LuxSci:

  • WebMail
  • API
  • SMTP Relaying — i.e., Outlook, Mac Mail, iOS, Android, and other all programs that connect via SMTP

Open and click tracking is included as a standard feature with LuxSci email hosting, LuxSci high volume secure sending, and LuxSci smart hosting.

HOW DOES IT WORK?

When LuxSci email open tracking is enabled, LuxSci adds a small image to the end of the HTML part of every message sent to every recipient.  When the recipient opens this message, that image is requested from LuxSci’s servers and we record the “email open” event.   This includes the date/time it was opened, the recipient of that message, and the IP address / physical location where the message was opened.

When LuxSci email click tracking is enabled, LuxSci modifies the links in all HTML parts of every message sent to every recipient.  When the recipient clicks on any of these links, they are taken first to LuxSci.  We record the click event. This includes the URL clicked, date/time it was clicked, the recipient of that message, and the IP address / physical location where the link was clicked.  Then, LuxSci redirects your recipient to the actually intended web address.  This happens so fast that most people never notice the tracking.

HOW TO I ENABLE OPEN AND CLICK TRACKING?

Open and/or click tracking can be enabled in LuxSci on an account-wide, domain-wide, or per-user basis; you can customize its usage to match your business needs.

To enable account-wide, for all messages sent by all users in your account, go to:

  • Account Settings > Email
  • Scroll down to “Open Tracking” and “URL Click Tracking”
  • Toggle the settings to “On” and press “Save Changes”

To enable domain-wide, for all messages sent by all users whose email addresses belong to a specific domain, go to:

  • Account Settings > Domains
  • Click on the domain in question (if you have multiple in your account).
  • Click on “Outbound Email Settings” on the left
  • Scroll down to “Open Tracking” and “URL Click Tracking”
  • Toggle the settings to “On” and press “Save Changes”

To enable for all messages sent by a specific user, go to

  • Your user outbound email settings:
  • Scroll down to “Open Tracking” and “URL Click Tracking”
  • Toggle the settings to “On” and press “Save Changes”

HOW DO I SEE MY OPEN AND CLICK TRACKING REPORTS?

Once you have enabled open or click tracking and have sent some messages, you can look and see what has happened. Did anyone open the messages? Who clicked on what links? When?

There are several ways to dig into this juicy data.

User-Level Reports

Login to you LuxSci Account and go to your Reports area. From there, open up the menu area on the left for “Sent Email – From WebMail” or “Sent Email – From SMTP Server,” depending on which messages you are interested in. Next, you can look at the “Message Opens” and “URL Clicks” reports to see what has been opened and clicked. Note that you can export data using the “Download CVS File” button on the upper right of the page. Also, Open and Click details are also available in the “Delivery Status” reports via the “Advanced” reporting tab.

Account-Level Reports

As an account administrator, you can view reports covering sending across all users in your account. Go to your Account Reports area. Then, open the “Sent Email” menu on the left and you can find reports analogous to the user-level ones, described above, but inclusive of the sending from all users.

API Reports

If you would like to integrate email open, click, and other deliverability information into our own database or application, your can use LuxSci’s REST API. The API provides all of the functionality of the user and account user interface reports, but through programmable queries and filters.

WHAT ABOUT WHITE LABEL BRANDING

When open or click tracking are enabled, images and/or links are added to your email email messages that reference luxsci.com.  If you would like to customize this so that your own domain name is used for these images and links, LuxSci offers “Private Labeling.”  Customers with Private Labeling can customize many aspects of LuxSci, including the look of the WebMail interface and the domain name used for these links and images.  If you already have Private Labeling enabled, then your configured secure domain name will be automatically used with open and click tracking.

Want to learn more about HIPAA-compliant email marketing and reporting? Contact us.

TLS Exclusive: HIPAA-compliant email marketing just got a whole lot better

Thursday, May 10th, 2018

If you are a healthcare organization and have to abide by HIPAA regulations, you may be struggling with HIPAA-compliant email marketing.  Besides getting patient consent, there is the whole concern that the marketing email messages need to be secured, as in many cases the marketing messages plus the addresses or list being used imply something about the recipients … something ePHI-related.

SMTP TLS Exclusive

It is a best practice to use a HIPAA-compliant email marketing service to send healthcare-related email marketing messages, newsletters, appointment reminder emails, etc.  Such a service signs the required HIPAA Business Associate Agreement with you, takes care of your data, and ensures that your email messages go securely to your recipients.

Read the rest of this post »

What is HIPAA-compliant Email Marketing?

Monday, February 27th, 2017

To achieve HIPPA-compliant email marketing, you need to satisfy two objectives. First, you need to understand the fundamentals of email marketing. Second, you need to execute your email marketing activities within HIPPA’s requirements and restrictions.

HIPAA-compliant email marketing

It’s easy to make a mistake with HIPAA-compliant email marketing, especially when you’re in a rush.

Picture this:

You leave your clinic early on a Thursday afternoon to head off on a vacation. Before you go, you ask your office manager to send off an email blast. You were just certified on a new procedure and you know at least 200 patients in your files would likely benefit from it. A simple message inviting them to the office for a consultation next week is the perfect next step. Your office manager takes some quick notes and promises to send off the note tomorrow. And off you go for a weekend of golf at Pebble Beach.

On your way home, you check your email. You see an angry email from a patient and start reading. It turns out that you’ve violated some arcane HIPAA rules… Even worse, that patient’s sister is an attorney who has promised to call you tomorrow. You’re pretty sure you’ve done nothing wrong but you’re nervous on the flight home.

This situation could have been prevented if your office manager had asked you one simple question:

Read the rest of this post »

LUXSCI