The information you obtain at this site is not, nor is it intended to be, legal advice. Consult an attorney for advice regarding your practice’s situation.
Marketing as a dentist, therapist, or other medical professional can be tricky. While marketing channels can segment audiences by age, job, life stage, and so much more, all of these are oftentimes off limits to medical practices. That’s because of protected health information (PHI).
PHI limits who you can send messages to and what those messages can say. PHI also limits how you can collect data on your website, where you advertise, and how you engage with potential clients.
Can I send emails to customers?
Yes, but it depends on the context within the email. The HIPAA Privacy Rule states: “Generally, if the communication is ‘marketing,’ then the communication can occur only if the covered entity first obtains an individual’s ‘authorization.’”
Think of marketing as anything extra outside of customer support. Appointment reminders? Perfectly okay. Sending a weekly newsletter? You need permission.
What are the benefits of sending marketing emails to patients?
Email marketing can help your business build loyalty. Marketing through a newsletter could help by:
- Encouraging current patients to refer their friends and family (“word-of-mouth marketing”)
- Keeping your brand top-of-mind for regular check-ups or cleanings
- Requesting positive customer reviews to boost your Google Business Profile
- Becoming an educational authority and authentic figure, which is especially important in a competitive market
- Encouraging additional bookings for new treatments options
- Advertising discounts, insurance alternatives, and more
How do I get people to opt in to email marketing?
The HIPAA Privacy Rule mandates practitioners must have written authorization for any marketing. There is an exception written within the rule which states practices can communicate about their own products or services. But the examples provided by the U.S. Department of Health and Human Services are about mailing to physical addresses, not through email.
For example, mailings (to physical addresses) could be safe to send about announcements unrelated to a patient’s personal health information, such as announcing the new arrival of a specialist on staff. The mailing list you would pull would not be segmented in any way (e.g. age, past medical history, etc.).
Since opt-ins are required for patients to receive marketing communications, they could be collected within a secure patient intake form or portal. It’s important to explicitly state the purpose of the opt-in is for marketing services, or even specify the marketing channel (“subscribe to our newsletter”).
Here are a few things to consider before starting a HIPAA-compliant company newsletter:
- Are you using a HIPAA-compliant email service to send the newsletter?
- Is personal health information being fed into your email service platform in any way?
- Are your communications generic enough that it applies to nearly all customers?
- Do you have a clear way for subscribers to opt-out of your newsletter?
- What data is being collected from the emails?
- Are customers providing you any PHI by clicking within the email?
Read more about the HIPPA Privacy Rule from the U.S. Department of Health and Human Services.
What digital channels can I use for marketing that don’t require written authorization?
Luckily there are plenty of other marketing channels that do not typically require written patient authorization because they don’t use customer data. These are channels focused on new customer acquisition rather than building customer loyalty. These marketing channels include:
- Social Media
- Google Search Ads
- Third-Party Ad Platforms
- Local TV and Streaming Services
- Radio and Music Streaming
Need help marketing your practice? Email lindsey@paperraccoon.com
