" marketing Archives - LuxSci

Posts Tagged ‘marketing’

What is HIPAA-Compliant Email Marketing?

Tuesday, September 26th, 2023

If you are one of the 92% of Americans with an email address, you are likely familiar with email marketing. It is a tried and true marketing strategy that delivers a superior return on investment compared to other digital channels. However, when healthcare organizations want to utilize these strategies, out-of-the-box solutions are not a good fit. Healthcare organizations must utilize email marketing platforms specifically designed to meet HIPAA’s unique privacy and security requirements.

When Do You Need a HIPAA-Compliant Email Marketing Platform?

Healthcare organizations are required to use a HIPAA-compliant email marketing platform because their messages often contain electronic protected health information (ePHI). This includes information that is both individually identifiable and relates to someone’s healthcare.

Individually identifiable information includes identifiers like a patient’s name, address, birth date, email address, social security number, and more. By default, every email marketing communication includes the patient’s email address and is, therefore, individually identifiable. Not only does the definition of ePHI cover people’s past, present, and future health conditions, but it also includes treatment provisions and billing details. This information is often contained in email marketing messages.

While the law does not cover anonymous health details or individual identifiers sent by themselves, you must be careful and abide by HIPAA regulations when the two are brought together. You will need a HIPAA-compliant email marketing service whenever you send ePHI. As we will see, even if you think an email may not contain ePHI, it is still best to be cautious.

Types of HIPAA-Compliant Email Marketing Communications

An excellent example of an email blast that must comply with HIPAA is a newsletter sent to a clinic’s cancer patients. At first glance, the email doesn’t contain any specific PHI. It doesn’t mention Jane Smith’s chemotherapy treatments, other specific patients, or their medical information. However, upon closer look, it may violate HIPAA regulations.

Every email in this campaign contains a personal identifier- the patient’s email address. In this example, only cancer patients received the newsletter, which also tells you personal medical information. A hacker could infer that anyone who received this email has cancer, which is ePHI and protected under HIPAA. If you use a medical condition to create a segment of email recipients, the email campaign must comply with HIPAA.

Sometimes, it can be challenging to identify if an email contains ePHI. If you sent the same practice newsletter to a list of all current and former medical clinic patients, it may or may not contain ePHI. Even if the newsletter contained benign info about the practice’s operating hours or parking information, if the practice is centered around treating a specific condition like cancer or depression, it may be possible to infer information about the recipients regardless of the message.

There are a lot of gray areas, and it can be difficult to determine if an email contains PHI. We recommend using HIPAA-compliant email marketing for any promotional materials to reduce the risk of violations.

The Benefits of Using a HIPAA-Compliant Marketing Platform

After reading this, you may think the answer is to avoid sending PHI in email campaigns. However, by keeping your communications bland, generic, and broadly targeted, you miss out on significant opportunities to engage your patients.

Using a HIPAA-compliant email marketing solution, you can leverage ePHI to send much more effective messages. In the above example, cancer patients actively receiving treatment at your clinic are much more likely to be interested in your business updates. Targeted emails receive much higher open and click rates than those sent to a general list.

Results of leveraging PHI

Sending the right information to your patients at the right time is an effective patient engagement strategy. Think about it using an e-commerce example- when a retailer sends you product recommendations based on past purchases; they use your data to influence future purchasing decisions. By utilizing patient data to create highly relevant and personalized campaigns and offers, you receive a better return on investment in your efforts.

What is Required for HIPAA-Compliant Email Marketing?

Finding the right HIPAA-compliant email marketing platform can be challenging. Most of the common vendors aren’t HIPAA-compliant at all. Others claim compliance and will sign BAAs to protect your information at rest but still will not enable you to send PHI via email. Finding a provider that suits your business needs and protects the email messages requires careful vetting.

Generally speaking, a HIPAA-compliant email platform must meet three broad requirements:

  1. The vendor will sign a Business Associates Agreement that outlines how they will protect your data and what happens in case of a breach.
  2. The vendor protects the data at rest using appropriate storage encryption, access controls, and other security features.
  3. The vendor protects messages in transit using an appropriate level of encryption with the proper ciphers.

Thankfully, LuxSci’s Secure Marketing email platform has been designed to meet the healthcare industry’s unique needs. Our platform was built with both security and compliance at the forefront. With Secure Marketing, organizations can send fully HIPAA-compliant email marketing messages to the right patients at the right time and receive a better return on their marketing investment.

Why You Should Separate Your Business and Your Marketing Email Sending

Tuesday, May 4th, 2021

A typical organization sends at least two distinct classes of email messages: business emails and marketing emails.

Business email consists of all of the individual, personal messages sent by sales, support, billing and other departments to specific people. These messages are generally more time sensitive and it is very important that the recipients actually receive them. These messages should not be delayed by any kind of spam filtering software, if possible.

Marketing emails are messages sent in bulk to many people at once. Examples of marketing messages include company newsletters, notifications of blog updates, promotions and ads, status notices, etc.

Separating your business and marketing emails can help ensure they are reliably delivered. Using different email servers and maybe even a unique domain name can improve your email deliverability. Here we will look at why.

Read the rest of this post »

How to Achieve Better Open & Click Rates Without Compromising Data Security

Tuesday, January 19th, 2021

Want to improve your email open and click rates, but scared you might end up compromising data or personal information?  It’s a common fear, but in our world of constant cybersecurity incidents, it should probably get even more attention than it does.

If your organization falls under the HIPAA regulatory framework, you need to have an even greater level of concern about how information security can be compromised amid the constant push to leverage data for more effective marketing and engagement.

Better Open & Click Rates

While you may think that data security is at odds with the goal of boosting open and click rates, there are ways that you can find a suitable balance between the two.

Boosting Open & Click Rates

Almost every organization wants to ensure its long term success, and those in the health industry are not immune from this tendency. In today’s hyper-competitive marketplace, a large portion of this comes down to being able to stand out from the crowd, particularly through email marketing.

One of the most critical aims of email marketing is to achieve high open and click rates. Performing well in these metrics tends to bring in more business, which is an important part of keeping the lights on.

But how are high open and click rates achieved?

Under normal circumstances, it’s important for the subject lines and messages to be well-written, engaging, and targeting the right groups with the right propositions. The more relevant your subject line is to an individual, the more likely they are to open it. The more appealing or useful its contents, the more likely that the person will take your desired action.

So the burden of success tends to fall on the shoulders of your copywriters. They need to be able to get into the minds of their prospective recipients and create an appeal that matches the recipients’ needs and desires. This is fundamentally how high open and click rates are achieved.

But people are not monolithic, and a message that works for one will be a dismal failure on another. This brings us to segmenting email lists into groups with commonalities, and targeting them appropriately.

Targeting Customers to Boost Open & Click Rates – What About ePHI?

If you are in the health industry or process electronic protected health information (ePHI) on behalf of others, you have to be cautious about how you use your data to target those on your email list. This data may be incredibly helpful for targeting people with the appropriate messages, but it can very easily result in HIPAA violations.

Even something as simple as sending out a newsletter about anorexia to a group of anorexia patients could be considered ePHI, because the recipients’ emails, plus the information about their medical conditions, or the fact that they visited your facility, can tick both of the boxes that determine whether or not information counts as ePHI.

This makes it incredibly easy to end up on the wrong side of HIPAA by accident. Your organization may never intend to send emails that contain ePHI, but a staff member could send something seemingly benign, only for it to result in the serious ramifications of a HIPAA violation.

Because of the ease of making these mistakes and the significant consequences of doing so, it’s best for organizations to use a HIPAA-compliant email marketing service if there is even the slightest chance that ePHI could accidentally be sent in a message.

HIPAA-Compliant Email Marketing Services: High Open & Click Rates Without the Risk

While HIPAA-compliant service providers are critical for reducing your organization’s risks, there aren’t a whole lot of options. Quasi-HIPAA compliant providers may allow you to store ePHI in their databases, but their complicated configurations and incomplete security (i.e., they do not send encrypted emails)  could easily lead your organization to violate HIPAA regulations.

LuxSci’s Secure Marketing is one of the only services that allows you to send marketing messages that may contain ePHI, without facing major risks. The security mechanisms and HIPAA compliance built into the Secure Marketing service allow you to use your customer data without having to worry about falling foul of HIPAA.

This means that LuxSci’s service allows you to safely use your data to target recipients with relevant and effective messages. You can send a newsletter on anorexia to those that suffer from the disease, or a reminder to take a bowel cancer screening for those most susceptible.

Our Secure Marketing service helps you target groups with the information they really need, rather than just spamming your entire list with various information and hoping that some small portion of your audience finds it interesting.

Not only does this prevent people from unsubscribing because they are sick of receiving a bunch of irrelevant emails, but it also makes it much easier to achieve high open and click rates and positive, active engagement. This is because you can target smaller groups with messages that are specifically designed to appeal to them.

Secure Marketing can help you get past the poor ROI of mass emails, without having to worry about violating HIPAA. LuxSci’s Secure Marketing customers that follow best practices have been achieving open and click far above the normal expected rates in the industry, which are around 10-20% for opening and 1-2% for clicking.

With such dramatic differences, Secure Marketing can be the missing piece of the puzzle that helps your organization leverage its data without the usual risks. Contact our staff to find out how LuxSci’s Secure Marketing can help improve your business’ open and click rates.

Connect your Secure Forms to your Secure Marketing

Wednesday, November 11th, 2020

From a marketing and engagement perspective, an extremely common and revenue-driving workflow is to have the contact information of the people who fill out your online forms automatically added to your marketing database. This integration saves time by not requiring manual data entry steps and speeds up your marketing automation processes.

Secure Form to Secure Email Marketing Integration

This automated connection is now available for your LuxSci Secure Forms. After a license upgrade, they can now be automatically integrated with your LuxSci Secure Marketing platform. This integration enables new contacts to be automatically created in your Secure Marketing instance from selected Secure Form posts. You can then leverage Secure Marketing to send automated drip campaigns to these contacts, group mailings, and more.

Read the rest of this post »

Phishing or for Real? Why Companies Need to Take a Closer Look at Their Email Marketing

Friday, April 7th, 2017


In July 2016, Hilton HHonors loyalty program members received an email asking them to log into their Hilton HHonors account to confirm their correct email address, mailing address, and other personal details.

The email set off alarm bells for a number of customers. One tweeted a screenshot of the email to the Hilton HHonors Twitter account, asking, “… is this legit? Looks very much like a phishing email…”Phishing

Hilton’s support team responded, “This is not an email from the HHonors team. Please do not share your account details.”

The only problem? It was a legitimate email from Hilton HHonors, but it so closely resembled a phishing email it fooled Hilton’s own IT team.

Hilton is not the only company to inadvertently send customer emails that are nearly indistinguishable from phishing emails. Many companies send emails asking their customers to log in to confirm account information or confirm payment details. Sometimes, cautious customers will reach out to the digital community for feedback on whether an email is real or fake.

These emails are a problem because not only do customers believe them to be phishing emails, but they normalize emails that ask for personal information—making people more vulnerable to real phishing scams in the future.

Marketers need to understand email marketing best practices to send secure customer messages that don’t endanger customer privacy and data. Here’s everything you need to know from a technical and content perspective to make sure your email isn’t mistaken for a phishing scam.

Read the rest of this post »