What does HHS consider healthcare marketing? 

What does HHS consider marketing?
What does HHS consider marketing?

If you need to know what HHS considers healthcare marketing, we have all your answers here.

All emails containing PHI must be HIPAA compliant, and marketing emails must abide by the CAN-SPAM Act as well. However, HHS also requires an extra opt-in step for healthcare marketing emails. Read our blog for a quick guide to the rules and best practices

Does HHS allow healthcare marketing?

Yes. Covered entities can market to patients, but they must receive prior authorization. 

What is a covered entity?

Covered entities are health plans, healthcare clearinghouses and healthcare providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. 

How does The Privacy Rule define marketing?

  1. A communication about a product or service that encourages recipients of the communication to purchase or use the product or service. 
  2. An arrangement between a covered entity and any other entity where the covered entity discloses protected health information to the other entity in exchange for direct or indirect remuneration.
  3. Communication about a product or service that encourages recipients of the communication to purchase or use the product.

Examples of healthcare-related messages that HHS considers marketing

  1. A communication from a hospital informing former patients about a cardiac facility that can provide a baseline EKG for $39, when the communication is not for the purpose of providing treatment advice. 
  2. A communication from a health insurer promoting a home and casualty insurance product offered by the same company. 
  3. A health plan selling a list of its members to a company that sells blood glucose monitors, which intends to send the plan’s members brochures on the benefits of purchasing and using the monitors. 
  4. A drug manufacturer receives a list of patients from a covered healthcare provider and then uses that list to send discount coupons for a new antidepressant medication directly to the patients. 

Email marketing use cases that are not considered “marketing” by HHS, but still must be HIPAA compliant

  • Sending refill reminders or otherwise communicating about a drug that is currently being prescribed for the individual. 
  • Communicating about an individual’s treatment, including case management or care coordination for the individual, or to recommend alternative treatments, therapies or healthcare providers. 
  • Description of a health-related product or service (or payment for such product or service) that the covered entity has provided to a patient. 

For detailed information on the HHS rules of healthcare marketing, you can visit the HHS Marketing FAQ.

Additional healthcare email marketing resources

Download: Healthcare’s Guide to HIPAA Compliant Email Marketing

Young woman wearing glasses sitting in front of laptop computer while smiling and typing.

Healthcare’s solution to personalized patient email marketing

Paubox Marketing is a breakthrough product. Now you can finally include PHI in healthcare marketing emails and remain HIPAA compliant. Start getting higher open rates today!

About the author

Anne-Marie Sullivan

Read more by Anne-Marie Sullivan

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport