" marketing Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘marketing’

What is HIPAA-compliant Email Marketing?

Monday, January 13th, 2020

Why does your organization need HIPAA-compliant email marketing? It’s simple. Businesses in the healthcare field (and those that process their data) have many of the same needs as other companies. They need to be able to get their messages out, so that they can help more people and drum up more business.

Whether it’s HIPAA-compliant bulk email or emails that are specific to the individual, the messages need to be sent in a way that abides by the regulations, both to protect the privacy of patients, and to avoid legal penalties.

When Should You Send HIPAA-compliant Email Marketing?

HIPAA-compliant email marketing is critical whenever your organization could potentially be sending electronic protected health information (ePHI). This is information that is both individually identifiable and relates to someone’s healthcare.

Individually identifiable means information that can be connected with the person. This includes identifiers like their name, address, birth date, email address, social security number and much more. Not only does the definition of ePHI cover people’s past, present and future health condition, but it also includes treatment provisions and billing details.

While anonymous health details or individual identifiers sent by themselves are not covered by the law, when the two are brought together you need to be careful and abide by HIPAA regulations. You will need a HIPAA-compliant email marketing service whenever you send ePHI, and it’s best to err on the safe side even if you think an email may not contain ePHI.

A good example of a borderline case would be a newsletter sent around to all of a clinic’s cancer patients. While the email may contain helpful information, it could also end up breaching the patients’ privacy and HIPAA regulations.

This is because the emails are sent to an address, which is a personal identifier. If the message was only sent out to cancer patients rather than to many different people, then the email could be considered ePHI, since being a recipient of the message would effectively declare that the recipient was a cancer patient.

While this may sound like a stretch, it’s also important to consider that normal email isn’t secure. If a politician or a CEO’s email was intercepted and this information released, it could cause damage to their careers and take some agency away from their lives.

This is just one example of why it’s crucial to err on the safe side and use HIPAA-compliant email marketing for any promotional materials whenever there is even the slightest possibility of sending ePHI.

On the other hand, if you have a HIPAA-compliant email marketing solution that allows for the sending of ePHI in email messages, then you can leverage ePHI to send much more effective messages.  You have a much larger return on your effort. 

HIPAA-compliant Bulk Email Solution

Finding an appropriate service for HIPAA-compliant bulk email marketing can be challenging. Most of the common vendors aren’t HIPAA compliant at all. Others claim compliance, but still require you to not send anything sensitive via email (because they do not actually secure the email messages).  Finding one that can suit your business needs and can also protect the actual email messages is difficult.

Thankfully, LuxSci’s High Volume Secure Email has been designed to cater to both needs. Security and compliance are considered at every step of the way, while still delivering a top-quality product that fits right into your organization’s workflows.

Phishing or for Real? Why Companies Need to Take a Closer Look at Their Email Marketing

Friday, April 7th, 2017

 

In July 2016, Hilton HHonors loyalty program members received an email asking them to log into their Hilton HHonors account to confirm their correct email address, mailing address, and other personal details.

The email set off alarm bells for a number of customers. One tweeted a screenshot of the email to the Hilton HHonors Twitter account, asking, “… is this legit? Looks very much like a phishing email…”Phishing

Hilton’s support team responded, “This is not an email from the HHonors team. Please do not share your account details.”

The only problem? It was a legitimate email from Hilton HHonors, but it so closely resembled a phishing email it fooled Hilton’s own IT team.

Hilton is not the only company to inadvertently send customer emails that are nearly indistinguishable from phishing emails. Many companies send emails asking their customers to log in to confirm account information or confirm payment details. Sometimes, cautious customers will reach out to the digital community for feedback on whether an email is real or fake.

These emails are a problem because not only do customers believe them to be phishing emails, but they normalize emails that ask for personal information—making people more vulnerable to real phishing scams in the future.

Marketers need to understand email marketing best practices to send secure customer messages that don’t endanger customer privacy and data. Here’s everything you need to know from a technical and content perspective to make sure your email isn’t mistaken for a phishing scam.

Read the rest of this post »

Is sharing my patient list with a marketing company OK under HIPAA?

Saturday, February 11th, 2017

We received this questions via Ask Erik from the head of a Dental Practice (who wished to remain anonymous):

“I want to create a Refer-a-Friend program, for a dental practice, that will be managed by a third party marketing agency.  The third party needs only my patient names and address to do an on-going e-mail campaign, no PHI will be given to the third party — just name and e-mail address.

Because I am ‘Marketing” to my own list, and I am NOT marketing any third party products, and I am not receiving any third party payment for anything:

* Am I in any HIPAA danger? (No PHI is ever exchanged, and I am NOT marketing anyone else’s product.)

* Because my PHI is de-identified from the associated names and e-mail addresses, is it OK for me to hand over my patient mail list to my marketing agency (being very careful of course to include NO PHI)?

* Does HIPAA specifically prevent me from marketing my own products to my patient list? I know that marketing other people’s products to my list will require prior consent. But, marketing my own Refer-a-Friend program… how is that a violation?

NOTE: PHI is defined as: “(A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of any individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.”

So, is a mail list of my patients’ names and e-mail addresses considered to be PHI (if it contains no associated PHI as defined above)? The definition above would say NO. The definition above states that it is ONLY the health information about a patient — NOT the patient’s name and e-mail addresses themselves.

Also, on the mail list for the Refer-a-Friend marketing program, there will be names other than patients, probably about 5% are not patients. Does this influence the phi/non-phi question?

This is a very important distinction. Having clarity on this question could free up a lot of us to proceed with e-mail marketing.

If a mailing list, for a dentist, that contains 95% patients and 5% non-patients, and NO health information (just names and addresses)… is it considered PHI?”

Read the rest of this post »

Why you should separate your business and your marketing email sending

Thursday, February 21st, 2013

A typical organization sends at least two very distinct classes of email messages: business email and marketing email.

Business email consists of all of the individual, personal messages sent by sales, support, billing and other departments to specific people.  These messages are generally more time sensitive; it is very important that the recipients actually receive them; these messages should not be filtered by any kind of spam filtering software, if possible.

Marketing email messages are similar messages sent in bulk to many people at once.  Examples of these include newsletters, notifications of blog updates, promotions and ads, status notices, etc.

In order for your business email to be as reliable as possible, the marketing email should be sent separately, through separate servers and maybe even on a separate domain name.  Here we will look at why.

Read the rest of this post »

LUXSCI