Email marketing HIPAA compliant?

Provided by: Jennifer Kirschenbaum, Esq.

July 31, 2014

Question:

Hi Jennifer,

I am interested in implementing an internal email marketing (ie. Monthly newsletters, re-activations, etc) program with my patients, such as Constant Contact. How can we use a system like this and comply with HIPAA laws protecting patient’s PHI? Such as sharing email addresses and names with a third-party provider. Thanks!

Dr. S

Answer:

Great question! Email marketing absolutely poses a risk of violating HIPAA requirements. Generally, you would be entering a patient's email address, possibly their name and some other identifying markers. Remember, any individual identifiable information related to the patient is protected health information under HIPAA and required to be protected by you. So, you can see how simply an email address would qualify, even if you are not entering any additional information. And, the fact that a patient is a patient is protected. One way to engage in email marketing is to engage with a company that is actually HIPAA compliant, which would require such company to enter into a Business Associate Agreement with you, and operate in accordance with that document's terms, of which you would want them to indemnify you for any breach on their part. Next, the company would need to be operating with encryption levels and security appropriate for HIPAA protection. Two companies that came up claiming they comply (I HAVE NOT CONFIRMED THIS IS TRUE) are Clinical Contact and LuxSci Spotlight Mailer.

Another way to comply with HIPAA would potentially be to send to a large universe of email addresses that are not necessarily your patients, and you could show upon review are not your patients and having no health information transmitted - truly for marketing purposes only. This should protect you because, for instance, you are authorized to buy resident addresses from the post office (which they sell) and send mass mailings. BE ADVISED to adhere to all Anti-Spam requirements, opt-out, etc.

A final thought on email marketing - be very careful what you send out! Do not run afoul of any state or federal laws rules or regulations that may prohibit promotional kickbacks, free-bes, claims of granduer or professional superiority or the like.

Not sure how you are sending or what you are sending is compliant? Run it by me before you click send!

Recent Webinars (Click to view anytime!) -

HIPAA Compliance - Combating Exposure with Risk Assessment and Proper Policies

Tips to Operate Compliantly and Stay off the Radar Webinar

HIPAA WEBINAR

I-STOP Implementation - Common Q&As

Looking for HIPAA and compliance forms?
Click here to visit our website.

Have a question or comment for Jennifer?
Contact Jennifer at Jennifer@Kirschenbaumesq.com or at (516) 747-6700 x. 302.

Ask us a question

Jennifer Kirschenbaum, Esq. Partner

Ask us your questions. We will help if we can & let you know before any charge is incurred.

Jennifer@kirschenbaumesq.com

Educational Webinars

A discussion on Market impact to practice

Preparing for PPP Forgiveness and Patient Care Impacts with Covid 19

Looking for the KK Healthcare Exchange? Click Here.

MISSED OUR RECENT WEBINARS? CLICK HERE ANYTIME!

Looking for HIPAA and compliance forms?
Click here to visit our website.

Have a question or comment for Jennifer?
Contact Jennifer at Jennifer@Kirschenbaumesq.com or at (516) 747-6700 x. 302.

Interested in having Jennifer speak at an event or
at a residency/fellowship program?
Contact Jennifer directly at (516) 747-6700 x. 302 or at Jennifer@Kirschenbaumesq.com

Click here to learn about
K&K's Prepaid Legal Audit/Investigation Defense Now!