Although there are a number of email marketing tools on the market, most of them are not viable options for covered entities which must abide by HIPAA regulations. In this article we will explain why Paubox Marketing is the best HIPAA compliant email marketing solution available for healthcare providers.
None of the standard marketing tools suits the needs of a healthcare provider for a variety of reasons. You can compare and contrast the vendor options in this comparison matrix:
| Company | Will they sign a BAA? | Can you send PHI? |
| Adobe Campaign | NO | NO |
| Blue Orchid Marketing | NO | NO |
| Campaign Monitor | NO | NO |
| Campaigner | NO | NO |
| Drip | NO | NO |
| Emma | NO | NO |
| GetResponse | NO | NO |
| Hubspot | NO | NO |
| L-Soft | NO | NO |
| Mad Mimi (GoDaddy) | NO | NO |
| Mailchimp | NO | NO |
| MailerLite | NO | NO |
| Marketo (Adobe) | NO | NO |
| Salesforce Pardot | NO | NO |
| SendGrid (Twilio) | NO | NO |
| Yesware | NO | NO |
| ActiveCampaign | YES | NO |
| Constant Contact | YES | NO |
| Infusionsoft by Keap | YES | NO |
| Salesforce Marketing Cloud | YES | NO |
| Eloqua (Oracle) | YES | YES ** |
| Paubox Marketing | YES | YES |
As you can see, most of the marketing vendors will not even sign a business associate agreement (BAA) with a covered entity, which is required for HIPAA compliance. Therefore they are immediately disqualified for use in healthcare. Although a few companies will sign a BAA, if you read the fine print, you will find that they are not safe options for covered entities either.
For example, while Constant Contact will sign a BAA, users are not allowed to transmit protected health information (PHI) via the platform. This is a problem since even something as banal as an email address or name becomes PHI when it is in any way associated with a healthcare provider—such as in a marketing email coming from your practice. Covered entities are required to take reasonable steps to protect PHI sent via email all the way to the recipient’s inbox. As such, HIPAA compliant email must be encrypted in-motion while being transmitted over the Internet and at-rest on a business associate's platform. However, in the case of Infusionsoft and Salesforce Marketing Cloud, the scope of their BAAs protect and encrypt data only at-rest in their platforms.
In other words, any email sent from Infusionsoft's or Salesforce Marketing Cloud's platform is not covered by a BAA. Oracle Eloqua is the only competitor that will sign a BAA and allow you to send PHI—however, the experience for your email recipients is terrible. To use Oracle Eloqua in a HIPAA compliant manner, recipients receive two emails for every message you send. Patients must also log into a secure message center to view your message— it does not appear in their inboxes. This creates friction and makes it less likely that your patients will read your marketing email.
Paubox focuses on solving HIPAA compliance problems for secure communication. As such, we built Paubox Marketing with the goal to help healthcare providers benefit from the powerful tool of personalized email marketing. Email marketing has an average return on investment (ROI) of about $42 for every dollar spent.
Personalized messages perform up to three times better than generic blast emails. By tailoring your messaging to a specific patient, you can obtain 5 to 8 times more ROI for your marketing spend. In the healthcare field, personalizing your marketing emails for secure patient outreach can grow your business, reduce costs, and improve patient outcomes. For example, you could recommend additional tests or procedures based on a person’s risk factors to increase revenue, or you could send automatic pre-operation reminders (such as fasting before surgery) to decrease cancellations. You could also write an email newsletter announcing updates to your practice, offering referral discounts, or sharing helpful blog posts you've written. Arguably all of these use cases would also save lives as they would help people receive the right treatment when they need it. Really, the sky's the limit on uses for personalized email marketing in healthcare—but until now organizations subject to HIPAA have barely been able to use it.
In addition, Paubox Marketing is HITRUST CSF certified. Although you might see HIPAA as a roadblock to implementing an email marketing strategy, it doesn’t have to be.