Demystifying PHI for healthcare marketers is key to sending impactful email marketing while remaining HIPAA compliant. PHI is protected health information. When in electronic form, it’s often referred to as ePHI.
PHI includes the personal and private patient information entrusted to organizations caring for those clients and patients. Leaked ePHI can be devastating if it gets into the wrong hands.
As a marketing professional, it’s vital to honor the personal nature of this data. Protecting PHI while communicating information of value is a core value in good healthcare marketing.
Learn how to keep PHI safe while also reaching out to your patients with personalized HIPAA compliant email marketing here.Read more
What is PHI exactly?
- An individual’s past, present or future physical/mental health or condition
- The provision of healthcare to the individual
- The past, present or future payment for the provision of healthcare to the individual
Demystifying PHI for healthcare marketers
Sensitive patient information getting into the wrong hands is a gross breach of trust and can devastate those whose information is leaked. That’s where HIPAA comes in. The spirit of the law is designed to safeguard the public from harm such as blackmail, fraud, reputation damage and the psychological damage of violating personal privacy.
How can I tell what information is PHI?
In a nutshell, PHI is any characteristic that can uniquely identify individuals during the course of their care. There are 18 unique patient identifiers that HHS recognizes as PHI.
The 18 unique identifiers of PHI
- Social security numbers
- Vehicle identifiers
- Medical record numbers
- Device identifiers
- Email addresses
- Health plan beneficiary numbers
- Web URLs
- Telephone numbers
- Account numbers
- IP addresses
- Fax numbers
- Certificate/license numbers
- Finger or voice prints
- Photographic images
- Any other characteristic that can uniquely identify an individual
- All elements of dates (except years) related to an individual birth, admission, discharge, age and death
Can you see why a marketing professional would steer clear of personalized email messages?
The U.S. Department of Health and Human Services’ (HHS) Security Rule stipulates “appropriate administrative, technical and physical safeguards” must be in place to ensure “the confidentiality, integrity and availability of” ePHI.
Can being a member of an email marketing list be considered a unique identifier?
Yes. Because a segmented list can indicate that the recipients have the condition discussed in the email. A segmented list falls under, “Any other characteristic that can uniquely identify an individual.”
Can I send PHI in my current email marketing software?
To date, the vast majority of email marketing software products do not have the level of encryption needed to be HIPAA compliant. As an unencrypted email journeys to its destination, it can be intercepted and read in plain text by hackers and some government entities. Email messages must be encrypted to be secured and HIPAA compliant.
When email reaches the recipient’s inbox it is their responsibility to secure any PHI in their inboxes. The sender is not responsible for PHI at the recipient’s inbox. *This is important to note!
How to send healthcare marketing newsletters
A great way to help patients improve their health through better treatment compliance is by sending email newsletters with advice, treatment options and encouragement for their specific condition. There are two ways to do this.
- Send it to your entire practice so a group with a specific condition is not recognized, or
- Use a HIPAA compliant email solution, like Paubox Marketing, that ensures segmented newsletters are HIPAA compliant and secure.
You must have a business associate agreement (BAA) with any vendor that has access to your patients’ personal information, and that includes email marketing providers.
A BAA is a signed document where the business associate takes on the responsibility of keeping your clients’ information safe and explaining how it will do so. In addition, it outlines the steps it will take in case of a breach.
Why email in healthcare is powerful
Imagine the power of easily connecting with individuals and groups through email containing protected health information. This approach is a tremendous improvement for healthcare providers and a powerful asset for under-resourced employees. In the past, healthcare was at a considerable disadvantage because solutions that addressed issues of HIPAA compliance and security in email communication were either non-existent or provided a woefully inadequate user experience.
Finally, new technology has opened the door for frictionless email communications that are HIPAA compliant, provide maximum security and are HITRUST CSF certified.
Additional healthcare email marketing resources
- HIPAA compliant email marketing: What you need to know
- HIPAA compliant email marketing use cases
- [Webinar] HIPAA definition of marketing explained
- Why is mail scrubbing important for email marketing?
- HIPAA Compliant Email: The Definitive Guide [2023 update]
- Healthcare’s Ultimate Guide to Gmail
- What is PHI?
Healthcare’s solution to personalized patient email marketing
Paubox Marketing is a breakthrough product. Now you can finally include PHI in healthcare marketing emails and remain HIPAA compliant. Start getting higher open rates today!