Send Marketing E-mails Without Patient Authorization
by Dr. Jeff Brown
The HIPAA Privacy Rule requires a patient's authorization prior to marketing. And it defines marketing as making "a communication about a product or service that encourages recipients of the communication to purchase or use the product or service." From that definition, it would seem all marketing style e-mails require patient authorization.
Not so fast. There are several exceptions to the rule, one of which is most relevant to healthcare offices.
The relevant HIPAA exception
You are permitted to market products offered by, and services performed within, your office. For example, under this exception, it is not marketing if you:
- Announce the arrival of a new practitioner to your office.
- Provide information about the acquisition of new equipment (e.g., x-ray machine, therapy equipment, etc.).
- Send a message regarding the benefits of an annual examination.
Marketing can be a great tool for growing you practice. Keep your content within the margins above and you are free to e-mail patients without their authorization.
Sending e-mails to patients regarding treatment is also not considered marketing, so you won't need marketing authorization; however, you will need a different kind of authorization should your messages go to an unsecured e-mail account such as Yahoo or Gmail.
In order to e-mail or text treatment information, or any other Protected Health Information (e.g., appointment reminders), to a patient's unsecured e-mail account, you must first get the patient’s authorization to send and receive medical information by e-mail/text.
With regards to e-mail marketing and ads, pay attention to rules set forth in the CAN-SPAM Act. No one likes receiving unwanted e-mails, your patients included.
DISCLAIMER: Because of the generality of this article, the information provided herein may not be applicable in every situation and should not be acted upon without specific legal advice based on particular situations.