Providers that use email to market services and products to current and potential patients should expect more scrutiny. The Federal Trade Commission (FTC) announced last year that it’s examining its rules that prohibit certain unsolicited email messaging, and the stakes are high.
Under the existing requirement, violators can incur civil fines of up to $40,650 per email, as well as criminal penalties. Equivalent state laws allow consumers to sue businesses directly for violations, warns attorney David O. Klein, managing partner of Klein Moynihan Turco in New York City.
The FTC decided in 2017 that it should review the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act to ensure that it’s benefiting consumers and to see whether it needs updating. The FTC’s review of the rule is likely to put it — and violations of it — higher on the agency’s enforcement radar.
The increased attention also will raise awareness among consumers who may complain if they believe a violation has occurred.
“It’s not likely that the FTC will scale back the regulations much, so plan on complying with the statute as written,” Klein says.
What’s in CAN-SPAM?
The CAN-SPAM Act is separate from but not unlike the Telephone Consumer Protection Act (TCPA), which covers communication by telephone, fax or text.
Both laws are intended to reduce nuisance communication, according to attorney Patricia Wagner with Epstein Becker Green in Washington, D.C. If you use both methods to market to patients, you need to comply with both laws.
“People are more tied to electronics, and the more junk you get, the harder it is to get the ones you really want to read,” Wagner says.
Under the CAN-SPAM Act, enacted in 2003, unsolicited commercial emails must meet certain criteria. For instance, the header information can’t be deceptive, the body of the message needs to be clear and the email must include a valid post office address.
If a consumer has not opted-in to the emails and the consumer is not an existing customer, then the email must identify itself as an advertisement.
In addition, the emails must include a working unsubscribe link to allow consumers to opt out of future emails, Klein says.
Intent, perception are keys to CAN-SPAM
CAN-SPAM applies only when the primary purpose of the email is for commercial purposes. The Act does not apply if the content is transactional or relationship oriented, although the email still can’t be deceptive.
For instance, if a dermatologist sends an email to a patient confirming the order of certain skin creams, that would be a transactional email. An email simply advertising the availability of skin creams would be commercial.
An email can contain both kinds of content, but if it appears to be primarily for marketing, based on a recipient’s reasonable interpretation of the email’s subject line or the placement in the message of the marketing language — say, if the email begins with advertising — then the CAN-SPAM Act will apply, according to the FTC.
FTC is flexible on opting out of email
The CAN-SPAM Act outlines how businesses need to enable consumers to opt out from receiving future marketing emails. But it does allow for some flexibility in how to go about it, according to FTC guidance.
For instance, the message must include a “clear and conspicuous explanation” of how to opt out and provide a return email address or other easy internet-based way to allow people to communicate their decision to opt out. In addition, the opt-out mechanism must give recipients at least 30 days to opt out from the day the email is sent.
The FTC does suggest making the notice to opt out easy to recognize, read and understand and that “creative” use of type size, color and location can help. The agency also allows businesses to create a menu to enable the consumer to opt out of certain types of messages, but that consumers must still be able to halt all of the emails.
When you receive an opt-out request, you must honor it within 10 business days.
Keep in mind the four things you can’t do when handling opt-out request. You may not:
  1. Charge a fee.
  2. Require the recipient to give you any personal identifying information in addition to an email address.
  3. Make the recipient take any step other than sending a reply email or visiting a single page on an internet website as a condition for honoring the request.
  4. Sell or transfer his email address, even in the form of a mailing list, except to a vendor you’ve hired to help you comply with the CAN-SPAM Act.
Finally, you should make sure that your spam filters are not set to block opt-out requests.
Remember to track requests to opt out of marketing communications and be able to identify which communications will be considered marketing as distinguished from those emails that are transactional in purpose, Wagner says.
Related link: Read the FTC guidance on the CAN-SPAM Act at