Few tech inventions have endured the way email has. We’ve been checking our virtual inboxes for decades, and the basic concept hasn’t really evolved—you send emails; you get emails. According to this email marketing stats infographic, 95% of online consumers use email, and 91% of them check their accounts once a day. If we surveyed those email-checkers, they’d probably tell us that the bulk of their received messages look a lot like the snail mail taking up the most space in their physical mail boxes: offers, ads, and junk. But that’s not a bad thing—not if those marketing plays work, anyway. Another stat on the email marketing stats infographic: For every $1 spent on email marketing, businesses get a $44.25 average return on investment. So, if you’re not doing it already, you should probably add email to your clinic’s marketing toolkit. For good measure, here are a few more convincing reasons:

  • It’s relatively cheap to do, with very little upfront investment. Many email marketing tools have free or low-cost plans based on the number of emails sent—and such packages are ideal for small businesses.
  • It’s easy. Most email marketing programs have turnkey templates to quickly get you started with things like newsletters.
  • It allows you to maintain relationships with patients and create brand awareness (think monthly newsletters, holiday cards, and birthday notes).

Convinced? Perfect. Now, before you get started crafting a winning email marketing strategy, it’s crucial you establish a compliant foundation. Yes, I’m talking about HIPAA. Unfortunately, that’s all it takes to cause many providers to shy away from email marketing altogether. But I just convinced you that email marketing is a great way to engage patients and drive sales. So, what to do? Well, the key to HIPAA-compliant email marketing is getting permission.

Looking for more great advice on how to market effectively—and compliantly? Download our free modern marketing e-book.

Before I launch into my HIPAA advice, allow me to issue a blanket CYA: While I’m quite experienced in researching, deciphering, and writing about HIPAA rules and regulations—as well as the associated legalese—I am not a lawyer, nor do I have any HIPAA certifications. So please, if you have specific questions about HIPAA rules, regulations, and laws, feel free to ask them in the comments section below—but be advised, I may recommend (scratch that, I am recommending) that you speak to a legal professional or certified compliance expert (like Rick Gawenda of Gawenda Seminars or Tom Ambury of the PT Compliance Group).

Furthermore, keep in mind that we’re talking about email marketing. So, leave the PHI out of it, and stick to communication that is appropriate and relevant to large groups of readers—like sharing great content that speaks to, say, a segment of patients who are runners or a segment of patients who participate in aquatic therapy. Part of that content might involve promoting your clinic’s wellness services or upcoming events. Remember, the rules for sending PHI via email are far more strict than those governing other types of patient-provider email communications. As Luxsci states:

  • Any service—as well as its associated web interface—that you use for composing, sending, monitoring, and managing these messages and their corresponding campaigns must have a signed HIPAA Business Associate Agreement with you.
  • The messages you send must be secure and encrypted in transit to every recipient.

Still, the HIPAA rules around marketing—especially since the introduction of the 2013 HIPAA omnibus ruling—are murky at best. (Luxci boils it down like this: “If [the emails] are generic marketing or informational materials that are sent out to a wide array of people...not PHI.  If they are more specific like ‘suggested rehab plans’ or ‘test results’ or ‘appointment followup surveys or information,’ then they will probably be PHI.” See what I mean about murky?) That’s why, rather than deconstruct the rules on a case-by-case basis, I recommend that you simply include a marketing communications opt-in form as part of your intake packet. That way, there’s no question as to whether you can use your patients’ email addresses for marketing purposes.

Within the form, clearly explain the types of communications you will send. If patients hesitate to opt-in, explain how those communications will benefit them. And if patients still choose not to opt in, respect that decision and don’t press the issue. After they become more comfortable with you and your practice, you could always bring it up again later. For example, if during treatment you mention a wellness event that your clinic is hosting, and the patient seems interested in attending, you could mention that you plan to send out an invitation to your email list—and ask if they’d like to opt in.

On the flipside, you are actually legally required to provide a clear avenue for your opt-ins to unsubscribe at any time. Unsubscribe links typically appear at the bottom of any marketing communications. You absolutely must—and I cannot emphasize this point enough—comply with any unsubscribe requests you receive.

In addition to an opt-in form, I recommend verifying that your email software vendor understands HIPAA and works with you to ensure compliance. Also, check out the HIPAA-compliant email marketing advice from Etna Interactive. Finally, remember that the email addresses you collect are considered PHI. Thus, you must handle them accordingly. That means no selling or disclosing them unless expressly allowed under HIPAA law.  


Now that you’re hip to HIPAA, it’s time to ignite your email marketing efforts. HIPAA requires a lot of precautions, but you shouldn’t completely shelve email out of fear. Take the necessary precautions—like you do for everything involving HIPAA—and reap the benefits of email. It’s better to be safe—and put in whatever legwork you need to make it work—than to avoid it altogether and be sorry you missed out on potential business.

WebPT Reach - Regular BannerWebPT Reach - Small Banner
  • HIPAA Rules for Marketing and Sales Image

    articleMay 20, 2014 | 5 min. read

    HIPAA Rules for Marketing and Sales

    Today’s blog post comes from compliance expert Tom Ambury of PT Compliance Group and WebPT writer Erica Cohen. Before you get too far into your plans to beef up your clinic’s sales and marketing efforts, remember that you’re a healthcare provider first, which means you’ve got some HIPAA hoops to jump through (ahem, rules to follow) that the small business owner down the street probably doesn’t have to worry about. Before we get into that, though, let’s …

  • How to Take Over the Internet: 5 Simple Strategies to Win More Patients Image

    webinarFeb 27, 2015

    How to Take Over the Internet: 5 Simple Strategies to Win More Patients

    Nowadays, everyone is looking for a way to “go viral” online. But with all that go-big-or-go-home hype, it’s easy to get intimidated—and that leaves many small business owners wondering if they have the time, resources, or wherewithal to even make a dent in the Internet, let alone break it.  Don’t get stuck in the muck and mire of cliché goals; you don’t have to hit a million views to make a big impact online. As a private …

  • Common Questions from our Art of Discovering and Selling Value Webinar Image

    articleMay 16, 2018 | 12 min. read

    Common Questions from our Art of Discovering and Selling Value Webinar

    Earlier this week, WebPT President Heidi Jannenga, PT, DPT, ATC/L, and guest host Tannus Quatre, PT, MBA, hosted a webinar designed to help physical therapists learn the art of discovering—and selling—their value. While PTs have historically shied away from sales, in today’s evolving healthcare ecosystem, it’s absolutely imperative that all providers—and especially specialists such as rehab therapists—excel at positioning the benefits of their services in such a way that resonates with patients, payers, and referral sources. At …

  • D’Oh! 3 Major Physical Therapy Marketing Fails Image

    articleSep 18, 2017 | 8 min. read

    D’Oh! 3 Major Physical Therapy Marketing Fails

    Homer Simpson introduced the catchphrase “d’oh!” on the long-running cartoon sitcom, The Simpsons, in 1989. It’s arguably one of the most recognizable catchphrases in American pop culture. So much so, in fact, that the Oxford Dictionary of English added the word in 2001. Defined as an informal exclamation “used to comment on a foolish or stupid action, especially one's own,” “d’oh” is the most fitting—and safe for work—reaction to committing a major fail. “D’oh” is even more …

  • Common Questions from Our Physical Therapy Patient Retention Webinar Image

    articleMar 28, 2018 | 12 min. read

    Common Questions from Our Physical Therapy Patient Retention Webinar

    Strive Labs co-founders Ryan Klepps and Scott Hebert recently joined WebPT president Heidi Jannenga for an insightful webinar about improving patient retention and reducing early patient drop-out. We know this is a super-relevant topic, especially because the cost of diminishing patient visits represents a $6 billion problem that not many people in the industry are talking about—at least not yet. As a result, we received a slew of great questions that we couldn’t get to live on …

  • Don Draper’s Guide to Digital Marketing for Physical Therapy Image

    articleMar 12, 2015 | 4 min. read

    Don Draper’s Guide to Digital Marketing for Physical Therapy

    If Don Draper strolled into today’s marketing firms, he’d need a smoke and an old fashioned, fast—well, faster than normal. Why? The computers! All the computers! And not just the devices themselves, but the marketing wizardry behind them. I’m talking about digital marketing. Now, I know what you’re thinking: “I’m not an ad-man like Don Draper. What do I need to know about digital marketing?” And to that I say, while you don’t need to be as …

  • 5 Steps to Create an Advertising Plan for Your Clinic Image

    articleJun 25, 2013 | 6 min. read

    5 Steps to Create an Advertising Plan for Your Clinic

    The purpose of this month’s blog theme—small business best practices—is to help you be better in business. And as any business guru will tell you, advertising is a huge factor in not only creating new business, but also in solidifying brand identity. As a small business owner, you probably don’t have a lot of money to throw at media buying opportunities. But if you’re smart, you can get a lot out of the ad spots you do …

  • The PT's Guide to Surviving a HIPAA Breach Image

    articleNov 9, 2015 | 5 min. read

    The PT's Guide to Surviving a HIPAA Breach

    Whether it occurs as the result of a lost work laptop or stolen patient files, a data breach of the Health Insurance Portability and Accountability Act (HIPAA) is a worst-case scenario for healthcare providers (and patients). If you’re a healthcare provider, the minutes, hours, and days following a breach are nearly as important as the steps you take to prevent those breaches in the first place. If you experience a HIPAA breach, here’s what you can do …

  • The Healthcare Provider's Guide to HIPAA-Compliant Marketing Image

    articleSep 14, 2017 | 6 min. read

    The Healthcare Provider's Guide to HIPAA-Compliant Marketing

    In 1966, US Congress passed the Health Information Portability and Accountability ACT (HIPAA). And as we explained here , this “dense piece of legislation...has serious implications for virtually all medical professionals, including physical therapists, occupational therapists, and speech-language pathologists.” Specifically, all HIPAA-covered entities—and that includes providers, payers, and business associates—“must follow certain rules governing the way patient protected health information (PHI) is collected, shared, and used.” And consequences for HIPAA breaches can be severe. While you may …

Achieve greatness in practice with the ultimate EMR for PTs, OTs, and SLPs.