As digital transformation percolates through US healthcare, value-based care is gaining traction as a popular alternative to the traditional fee-for-service model.
Value-based care started in 2008, when the Centers for Medicare & Medicaid Services (CMS) began emphasizing value-based, quality healthcare over the quantity of provider visits.
The US government is moving toward paying providers based on the quality (rather than the quantity) of care they give patients. This is part of CMS’s larger strategy to reform how health care is delivered and paid for.
The focus is on better care for individuals and better overall health for the population – at a lower cost.
In other words, the value-based care model reimburses healthcare providers based on the quality and cost of a patient’s care. Reimbursement criteria could include immunization rates, Medicare spending per patient, or a patient’s feedback on his or her experience.
After a score is calculated, CMS will either reimburse the provider on top of their typical fee-for-service payments, or penalize their Medicare revenue.
The net effect is this: healthcare providers stand to lose millions of dollars a year if they score poorly with secure patient outreach and communication.
With so much at stake in a value-based care model, healthcare organizations still face the daunting task of making sure their patient outreach remains HIPAA compliant. This is especially true when it comes to HIPAA compliant email.
The Arrival of HIPAA compliant email marketing
In order to provide HIPAA compliant email marketing, two high-level requirements must be addressed:
- Is the email data encrypted at-rest?
- Is the email data encrypted in-transit?
Most email marketing vendors today are cloud-based. That means that they store customer data in their cloud while customers access the service through a web browser. HubSpot, Mailchimp, and Constant Contact are examples of popular cloud vendors.
Healthcare organizations should be diligent in requiring their cloud-based email marketing vendors to sign a business associate agreement (BAA). At a minimum, the BAA holds vendors accountable for storing their customers’ data encrypted at-rest.
Research has shown however, that the majority of email marketing vendors will not sign a BAA. In fact, Marketo, Mailchimp, HubSpot, Return Path, Zoho, and Campaign Monitor all fall into the category of being unable to sign a BAA with their customers.
For the few vendors that will sign a BAA, the next question is whether their service is capable of sending encrypted email. Let’s use Constant Contact as an example.
In their HIPAA Knowledge Base, we can see that while Constant Contact will sign a BAA, they do not allow their customers to actually send PHI via their platform:
[You] Should not use our systems for transmitting highly sensitive PHI (for example: mental health, substance abuse, or HIV information). Our application was not built for electronic medical records (EMR). If you have such information to send, please do not use Constant Contact.
In a nutshell, even though Constant Contact will sign a BAA, its customers are not actually allowed to use PHI to effectively market to their patient base.
Until recently, the only email marketing vendor that offered both a BAA and the ability to send encrypted email was Oracle Eloqua.
Upon taking a closer look at their documentation however, Eloqua appears cumbersome to setup and use. For example, it appears that recipients need to receive two emails in order to read a single email. Quite confusing indeed.
We can clearly see the momentous shift to value-based care in healthcare is driving a need for a proper HIPAA email marketing solution.
After months of diligent research and listening to customer feedback, we decided to build Paubox Marketing, which is our solution to the need we see in the market for HIPAA compliant email marketing.
Since its release on Christmas day, we’ve used customer feedback to drive the product roadmap.
As a result, we’ve already added the following features to Paubox Marketing:
We are intent on delivering superior value to our customers by using customer feedback to guide our product roadmap.
- HIPAA Compliance and Healthcare Email Marketing: What You Need to Know
- HIPAA Compliant Email Marketing Campaigns Explained
- Patient Engagement and HIPAA Compliance: What You Need to Know
- Secure Email Marketing for Population Health
- Secure Patient Outreach via HIPAA Compliant Email Marketing