Marketing to Patients Using Email
By: Dr. Jeff Brown |
The HIPAA Privacy Rule requires authorization before marketing to patients via email. And it defines marketing as making "a communication about a product or service that encourages recipients of the communication to purchase or use the product or service." From that definition, it would seem all marketing style email would require patient authorization.
Not so fast. There are several exceptions to the rule, one of which is most relevant to healthcare offices.
The relevant HIPAA exception
You are permitted to market products offered by, and services performed within, your office. For example, under this exception, it is not marketing if you:
- Announce the arrival of a new practitioner to your office.
- Provide information about the acquisition of new equipment (e.g., x-ray machine, therapy equipment, etc.).
- Send a message regarding the benefits of an annual examination.
Email marketing can be a great tool for growing your practice. Keep your content within the margins above and you are free to email patients without their authorization.
Sending email to patients regarding treatment is also not considered marketing, so you won't need marketing authorization; however, you will need a different kind of authorization should your messages go to an unsecured email account such as Yahoo or Gmail.
In order to email (or text) treatment information, or any other Protected Health Information (e.g., appointment reminders), to a patient's unsecured email account, you must first get the patient’s authorization to send and receive medical information by email/text.
With regards to email marketing and ads, pay attention to rules set forth in the CAN-SPAM Act. No one likes receiving unwanted email, your patients included.
DISCLAIMER: Because of the generality of this article, the information provided herein may not be applicable in every situation and should not be acted upon without specific legal advice.