Few tech inventions have endured the way email has. We’ve been checking our virtual inboxes for decades, and the basic concept hasn’t really evolved—you send emails; you get emails. According to this email marketing stats infographic, 95% of online consumers use email, and 91% of them check their accounts once a day. If we surveyed those email-checkers, they’d probably tell us that the bulk of their received messages look a lot like the snail mail taking up the most space in their physical mail boxes: offers, ads, and junk. But that’s not a bad thing—not if those marketing plays work, anyway. Another stat on the email marketing stats infographic: For every $1 spent on email marketing, businesses get a $44.25 average return on investment. So, if you’re not doing it already, you should probably add email to your clinic’s marketing toolkit. For good measure, here are a few more convincing reasons:

  • It’s relatively cheap to do, with very little upfront investment. Many email marketing tools have free or low-cost plans based on the number of emails sent—and such packages are ideal for small businesses.
  • It’s easy. Most email marketing programs have turnkey templates to quickly get you started with things like newsletters.
  • It allows you to maintain relationships with patients and create brand awareness (think monthly newsletters, holiday cards, and birthday notes).

Convinced? Perfect. Now, before you get started crafting a winning email marketing strategy, it’s crucial you establish a compliant foundation. Yes, I’m talking about HIPAA. Unfortunately, that’s all it takes to cause many providers to shy away from email marketing altogether. But I just convinced you that email marketing is a great way to engage patients and drive sales. So, what to do? Well, the key to HIPAA-compliant email marketing is getting permission.

Looking for more great advice on how to market effectively—and compliantly? Download our free modern marketing e-book.

Before I launch into my HIPAA advice, allow me to issue a blanket CYA: While I’m quite experienced in researching, deciphering, and writing about HIPAA rules and regulations—as well as the associated legalese—I am not a lawyer, nor do I have any HIPAA certifications. So please, if you have specific questions about HIPAA rules, regulations, and laws, feel free to ask them in the comments section below—but be advised, I may recommend (scratch that, I am recommending) that you speak to a legal professional or certified compliance expert (like Rick Gawenda of Gawenda Seminars or Tom Ambury of the PT Compliance Group).

Furthermore, keep in mind that we’re talking about email marketing. So, leave the PHI out of it, and stick to communication that is appropriate and relevant to large groups of readers—like sharing great content that speaks to, say, a segment of patients who are runners or a segment of patients who participate in aquatic therapy. Part of that content might involve promoting your clinic’s wellness services or upcoming events. Remember, the rules for sending PHI via email are far more strict than those governing other types of patient-provider email communications. As Luxsci states:

  • Any service—as well as its associated web interface—that you use for composing, sending, monitoring, and managing these messages and their corresponding campaigns must have a signed HIPAA Business Associate Agreement with you.
  • The messages you send must be secure and encrypted in transit to every recipient.

Still, the HIPAA rules around marketing—especially since the introduction of the 2013 HIPAA omnibus ruling—are murky at best. (Luxci boils it down like this: “If [the emails] are generic marketing or informational materials that are sent out to a wide array of people...not PHI.  If they are more specific like ‘suggested rehab plans’ or ‘test results’ or ‘appointment followup surveys or information,’ then they will probably be PHI.” See what I mean about murky?) That’s why, rather than deconstruct the rules on a case-by-case basis, I recommend that you simply include a marketing communications opt-in form as part of your intake packet. That way, there’s no question as to whether you can use your patients’ email addresses for marketing purposes.

Within the form, clearly explain the types of communications you will send. If patients hesitate to opt-in, explain how those communications will benefit them. And if patients still choose not to opt in, respect that decision and don’t press the issue. After they become more comfortable with you and your practice, you could always bring it up again later. For example, if during treatment you mention a wellness event that your clinic is hosting, and the patient seems interested in attending, you could mention that you plan to send out an invitation to your email list—and ask if they’d like to opt in.

On the flipside, you are actually legally required to provide a clear avenue for your opt-ins to unsubscribe at any time. Unsubscribe links typically appear at the bottom of any marketing communications. You absolutely must—and I cannot emphasize this point enough—comply with any unsubscribe requests you receive.

In addition to an opt-in form, I recommend verifying that your email software vendor understands HIPAA and works with you to ensure compliance. Also, check out the HIPAA-compliant email marketing advice from Etna Interactive. Finally, remember that the email addresses you collect are considered PHI. Thus, you must handle them accordingly. That means no selling or disclosing them unless expressly allowed under HIPAA law.  


Now that you’re hip to HIPAA, it’s time to ignite your email marketing efforts. HIPAA requires a lot of precautions, but you shouldn’t completely shelve email out of fear. Take the necessary precautions—like you do for everything involving HIPAA—and reap the benefits of email. It’s better to be safe—and put in whatever legwork you need to make it work—than to avoid it altogether and be sorry you missed out on potential business.

WebPT Reach - Regular BannerWebPT Reach - Small Banner
  • Evolve 2014 San Diego Video Recap Image

    articleApr 7, 2014 | 2 min. read

    Evolve 2014 San Diego Video Recap

    We really appreciate everyone who attended our last Evolve session in San Diego. For those who missed the event or would like to relive it, we captured all of the presentations on video. So, grab some popcorn and settle in for a wealth of advice to help you improve your private practice’s bottom line.   WebPT and Culture: A Tale of Rapid Growth by Heidi and Brad Jannenga In this presentation, WebPT Co-Founders Heidi and Brad Jannenga …

  • HIPAA Rules for Marketing and Sales Image

    articleMay 20, 2014 | 5 min. read

    HIPAA Rules for Marketing and Sales

    Today’s blog post comes from compliance expert Tom Ambury of PT Compliance Group and WebPT writer Erica Cohen. Before you get too far into your plans to beef up your clinic’s sales and marketing efforts, remember that you’re a healthcare provider first, which means you’ve got some HIPAA hoops to jump through (ahem, rules to follow) that the small business owner down the street probably doesn’t have to worry about. Before we get into that, though, let’s …

  • How to Solicit Patient Reviews Image

    articleMar 17, 2015 | 4 min. read

    How to Solicit Patient Reviews

    Today, we’re going to talk about solicitation. No, not that kind (get your mind out of the gutter—jeez). I’m talking about soliciting your clients for reviews. Why? Because online reviews are critical— now more than ever before —to the success of your business. If you really want to broaden your patient base and increase your revenue, you’ll need a strategy for getting your current and former patients to sing your praises publicly, so pay attention. (Yes, this …

  • articleSep 17, 2013 | 4 min. read

    Collecting Email Addresses (a.k.a. The Digital Social Security Number)

    Matt is WebPT’s email marketing specialist. His monthly column covers all things email marketing and how it can help your clinic. When it comes to personal information, these days it doesn’t get much more personal than your email address. This might seem like a bit of an exaggeration, but just think about how often businesses try to get you to dish out your email—there has to be a good reason, right? The email address is practically your …

  • articleAug 17, 2011 | 8 min. read

    How to WOW Your Website Visitors: Copywriting Recommendations for Your Home & About Us Pages

    How many visitors view your website each month?  Analytical data from our clients tells us it’s in the hundreds of visitors …even more of you drive traffic with search engine optimization and/or pay-per-click ads. It just makes sense that you put some time into your website copy .  Copywriting is meant to persuade someone to take an action.  It’s not written words simply to educate someone.  When writing home page copy, you need to refer to the …

  • Three Ways to Drive More Prospective Patients to Your Website with Google+ Image

    articleMay 28, 2014 | 5 min. read

    Three Ways to Drive More Prospective Patients to Your Website with Google+

    As you consider ways to drive new business to your practice, you can and should work on developing physician referral sources; however, there are other ways to drive business to your practice—and Google plays an important role in the success of your marketing efforts. While Facebook has over one billion users, it’s a social network, and in most cases, patients don't search for a physical therapy practice on Facebook. It's easy to understand: Physical therapy isn't something …

  • 5 Steps to Create an Advertising Plan for Your Clinic Image

    articleJun 25, 2013 | 6 min. read

    5 Steps to Create an Advertising Plan for Your Clinic

    The purpose of this month’s blog theme—small business best practices—is to help you be better in business. And as any business guru will tell you, advertising is a huge factor in not only creating new business, but also in solidifying brand identity. As a small business owner, you probably don’t have a lot of money to throw at media buying opportunities. But if you’re smart, you can get a lot out of the ad spots you do …

  • How to Showcase Your Company Culture Externally Image

    articleJan 22, 2014 | 4 min. read

    How to Showcase Your Company Culture Externally

    The main purpose of establishing a strong company culture is to get everyone in your business on the same page when it comes to core values. So, on the surface, “company culture” might seem like a strictly internal initiative. But if you think about it, your company culture is basically your practice’s personality—the thing that sets you apart from all the other rehab therapy clinics out there. And because—according to this Bureau of Labor Statistics report —the …

  • The PT's Guide to Surviving a HIPAA Breach Image

    articleNov 9, 2015 | 5 min. read

    The PT's Guide to Surviving a HIPAA Breach

    Whether it occurs as the result of a lost work laptop or stolen patient files, a data breach of the Health Insurance Portability and Accountability Act (HIPAA) is a worst-case scenario for healthcare providers (and patients). If you’re a healthcare provider, the minutes, hours, and days following a breach are nearly as important as the steps you take to prevent those breaches in the first place. If you experience a HIPAA breach, here’s what you can do …

Achieve greatness in practice with the ultimate EMR for PTs, OTs, and SLPs.