Email Acceptable Use Policy

AllFamilyPharmacy.com
Effective Date: April 16, 2025

This Email Acceptable Use Policy (“AUP”) governs the use of email services provided by or on behalf of AllFamilyPharmacy.com (“we,” “us,” or “our”). It applies to all employees, contractors, third-party vendors, and users (“you”) who send, receive, or manage emails through our systems or on our behalf. Our goal is to ensure lawful, secure, and professional email communication while protecting the privacy and trust of our customers.

1. Purpose and Scope

This AUP outlines the rules for using AllFamilyPharmacy.com’s email services, including sending marketing emails, transactional emails, and internal communications. It ensures compliance with applicable laws, protects sensitive health information, and maintains our reputation as a trusted pharmacy.

2. Compliance with Laws and Regulations

You must comply with all applicable laws, including but not limited to:

  • CAN-SPAM Act (U.S.): Prohibits deceptive subject lines, requires unsubscribe links, and mandates a physical address in emails.
  • HIPAA (U.S.): Requires encryption and consent for emails containing protected health information (PHI).
  • GDPR (EU): Mandates explicit opt-in consent and secure data handling for EU residents.
  • CASL (Canada): Requires express or implied consent for commercial emails and prompt opt-out processing.
  • Australia’s Spam Act: Requires consent, contact details, and opt-out within five days.

Prohibited Activities: Sending unsolicited emails (spam), phishing emails, or content related to fraud, harassment, or copyright infringement is strictly prohibited.

3. Consent and Opt-In Requirements

  • Verifiable Consent: Emails may only be sent to recipients who have provided explicit consent through a double opt-in process (e.g., an unchecked checkbox or confirmation email). Consent must be documented and verifiable.
  • Prohibited Lists: Using purchased, rented, scraped, or third-party email lists is prohibited, as these violate laws and ESP policies.
  • Unsubscribe Mechanism: All marketing emails must include a clear, functional unsubscribe link. Opt-out requests must be honored within 10 days (CAN-SPAM) or 5 days (Australia’s Spam Act), whichever is stricter.

Example: Customers must actively opt in to receive promotional emails about prescriptions or services. Unsubscribe links must be included in every marketing email.

4. Email Content Guidelines

  • Professionalism: Emails must maintain a professional tone and avoid offensive, discriminatory, or illegal content (e.g., hate speech, explicit material).
  • Accurate Identification: Use accurate “From,” “To,” and “Reply-To” fields to clearly identify AllFamilyPharmacy.com as the sender. Impersonation or misleading headers are prohibited.
  • No Deceptive Content: Subject lines and email content must not be false or misleading, per CAN-SPAM and GDPR requirements.
  • Pharmacy-Specific Rules: Emails must not promote unapproved medications, violate FDA regulations, or misrepresent health claims.

Example: An email with the subject “Your Prescription is Ready” must accurately reflect the content and include our contact details.

5. Technical and Security Requirements

  • Email Authentication: For senders of over 5,000 emails daily to Gmail accounts, configure:
    • SPF and DKIM: To authenticate sending domains.
    • DMARC: Set a DMARC policy (at least “none”) to prevent spoofing.
    • Valid DNS Records: Ensure forward and reverse DNS (PTR) records are set up.
  • TLS Encryption: Use Transport Layer Security (TLS) for all email transmissions, especially those containing PHI.
  • Spam Rate Monitoring: Maintain spam complaint rates below 0.3%, as reported by tools like Google Postmaster Tools.
  • Secure Accounts: Use strong, unique passwords for email accounts, changed every 90 days. Enable two-factor authentication (2FA) where available.
  • Phishing and Malware Protection: Do not open suspicious attachments or links. Report suspicious emails to IT immediately.
  • HIPAA Compliance: Emails containing PHI must be encrypted (e.g., using Virtru or ProtonMail) and sent only with patient consent.

Example: AllFamilyPharmacy.com’s email servers must use TLS, and employees must encrypt emails with PHI before sending.

6. Business vs. Personal Use

  • Primary Use: Email systems are for business purposes, such as customer communications, prescription notifications, and internal coordination.
  • Limited Personal Use: Personal use is permitted only if it does not interfere with work, violate this AUP, or involve signing up for non-business services.
  • Prohibited Uses: Do not use company email for personal mass emails, non-work-related subscriptions, or sharing confidential data.

Example: Employees may send occasional personal emails but cannot use AllFamilyPharmacy.com email for personal marketing or social media sign-ups.

7. Privacy and Data Protection

  • Sensitive Data: Emails containing PHI or personal data must be encrypted and sent only with recipient consent, per HIPAA and GDPR.
  • Privacy Policy: All emails must include a link to our Privacy Policy (available at AllFamilyPharmacy.com/privacy-policy).
  • Data Retention: Emails are retained per HIPAA requirements (6 years for PHI-related records) and deleted securely thereafter.

Example: An email with a prescription reminder must link to our Privacy Policy and be encrypted if it includes PHI.

8. Monitoring and Enforcement

  • Company Rights: AllFamilyPharmacy.com owns its email systems and may monitor, access, or regulate email content for compliance, security, or legal purposes.
  • Consequences: Violations of this AUP may result in warnings, account suspension, termination, or legal action, depending on severity.
  • Reporting: Report suspicious emails or policy violations to [email protected] immediately.

Example: Unauthorized sending of marketing emails may lead to employee disciplinary action and account deactivation.

9. Employee Responsibilities

  • Training: All employees must complete AUP training during onboarding and annually thereafter.
  • Acknowledgment: Employees must sign this AUP to confirm understanding and compliance.
  • Reporting: Employees must report phishing attempts, spam, or AUP violations to IT promptly.

Example: New hires must sign the AUP and attend a training session on HIPAA-compliant email practices.

10. Third-Party Vendors

  • Compliance: Third-party vendors (e.g., ESPs or marketing agencies) must adhere to this AUP and be included in our SPF record.
  • Contracts: Vendor agreements must reference this AUP and require compliance with all applicable laws.

Example: Our ESP must follow this AUP when sending emails on our behalf.

11. Updates to This Policy

We may update this AUP to reflect changes in laws, technologies, or business needs. Material changes will be communicated via email or our website (AllFamilyPharmacy.com). Continued use of our email services constitutes acceptance of the updated AUP.

12. Contact Information

For questions or to report violations, contact:

AllFamilyPharmacy.com
3350 NW 2nd Avenue
Suite A-2
Boca Raton FL, 33431
Email: [email protected]
Phone: 561-717-6794

By using AllFamilyPharmacy.com’s email services, you agree to comply with this Acceptable Use Policy.