Email marketing for med spas

Most medi-spas and plastic surgery practices have a patient email list sitting unused. A few thousand contacts. Collected over years. Doing nothing.

It's the single highest-ROI marketing asset most practices own — and they don't know it, because nobody's explained what email marketing can actually do in a medical context.

Here's the math, then the mechanics, then the HIPAA rules that govern it.

$42

average return per $1 spent on email marketing (DMA, 2025)

30%

of first-time patients never return — until a reactivation email reaches them

40%

of medical patients say "forgot" when asked why they haven't rebooked

Medical aesthetics practices have dormant patients the way SaaS companies have dormant free-tier users. The reactivation math is the same: bring back 10% of them, you've paid for your marketing for the year.

The nine sequences every practice should have running

Not one email. Nine lifecycle sequences — each triggered by a specific patient event. Here's the full lineup.

1. New Patient Welcome (3 emails)

Sent after a new patient books their first visit. Reduces no-shows by up to 30% and sets expectations for the practice relationship.

2. Consultation Confirmation + Reminder (2 emails)

For any consultation-type booking. Cuts consultation no-shows from an industry average of ~23% to under 10%.

3. No-Show Recovery (2 emails)

For patients who missed an appointment. Industry average rebook rate is 18%; a well-run sequence hits 35-40%.

4. Post-Visit Follow-Up (3 emails)

Reinforces the visit, captures a review request, and sets up the next appointment. The single highest-ROI email in the lifecycle.

5. Reactivation / Win-Back (3 emails)

For patients who haven't visited in 90+ days (post-neurotoxin / medi-spa), 180+ (post-laser / cosmetic-derm), or 365+ (post-surgery). Typical win-back rate 8-15%; well-designed sequences hit 22%.

6. Referral Ask (1 email)

For patients who've been champions — 3+ visits, positive NPS response. Generates the highest-quality leads of any channel.

7. Birthday (1 email)

Warm personal touch. Optional soft promo attached. Birthdays work disproportionately well for medi-spa.

8. Seasonal Campaigns (varies)

Time-sensitive promotions tied to aesthetics-vertical seasonality — Mother's Day, pre-summer body-treatment ramp (March–May), peak neurotoxin season (October–December), and post-holiday "new year, new look" campaigns.

9. Monthly Newsletter (1/month)

The only always-on broadcast. Keeps the practice top-of-mind for patients between visits, builds authority, drives engagement.

A practice with all nine sequences running typically sees email as its #2 or #3 new-patient acquisition channel (after Google search), and #1 for patient retention.

The HIPAA rules that govern medical email marketing

This is where most medical email programs fall apart. Email marketing for medical aesthetics practices isn't the same as email marketing for SaaS companies. The rules are different, the penalties are real, and most email platforms aren't set up to handle them.

Rule 1 — Business Associate Agreement (BAA) required

Before you can send any email containing PHI (or PHI-adjacent information like appointment dates tied to names), your email provider needs to sign a BAA. MailerLite does. Some plans of Mailchimp do. Klaviyo does for specific plans. Many don't.

Without a BAA, you're limited to pure broadcast content that doesn't reference specific patients at all — no names, no appointment references, nothing that could qualify as PHI.

Rule 2 — No PHI in subject lines or preview text

Subject lines and preview text render in email previews before the recipient opens the message. A subject line like "Your Botox appointment Tuesday" exposes PHI to anyone who sees the inbox — family members, coworkers, IT admins.

Safe: "Your upcoming visit"
Unsafe: "Your Botox appointment Tuesday"

Rule 3 — Subject/body generic, body with BAA can be specific

With a BAA in place, 1:1 emails can include appointment date, time, and location. They should NOT include procedure names, diagnoses, or clinical details. "Your visit on Tuesday at 2pm" is fine. "Your crown prep appointment Tuesday" is not.

Rule 4 — CAN-SPAM compliance on every send

Every email must include:

A visible unsubscribe link
The practice's physical address (P.O. box acceptable, no virtual office)
A clear sender identification (not "noreply@")
Accurate subject line (no bait-and-switch)

Unsubscribes must be honored within 10 business days. Modern email platforms do this automatically if configured.

Rule 5 — Review requests cannot be gated by sentiment

The FTC made it explicit in recent guidance: asking only happy patients for reviews is illegal. Review request emails go to every patient with a completed visit, regardless of expected sentiment.

If you've been filtering review requests to "satisfied" patients only, that's a problem. Fix it immediately.

Rule 6 — Segment names matter

How you name your email segments is itself a HIPAA question. "Botox patients" or "Diabetes follow-up list" are PHI-adjacent segment names — if anyone at your email provider can see them, that's a disclosure.

Generic segment names: "Aesthetics interest list A," "Reactivation 90-day." No clinical content in metadata.

What about patient lists I already have?

If you've been collecting patient emails for years without explicit marketing opt-in, you have an issue — but it's a solvable one.

The pragmatic path: run a re-permission campaign. A single email to your existing list saying "we're updating our marketing practices; please confirm you'd like to keep receiving non-clinical emails from us." Anyone who clicks confirm goes on your marketing list. Anyone who doesn't, stays on transactional-only (appointment confirmations, etc.).

This gives you a clean, opted-in list for marketing purposes. Yes, your list will shrink. The shrinkage is worth the compliance footing.

Platform recommendations

Based on what we deploy for medical aesthetics practice clients:

MailerLite (what Obris Launch uses by default): BAA available, good lifecycle sequence support, affordable pricing, good template library, solid delivery rates
ActiveCampaign: more powerful automation, BAA on enterprise plans, steeper learning curve
Klaviyo: powerful if you're also running e-commerce (retail skincare, etc.), BAA on specific plans, more expensive

Avoid for patient lists: Mailchimp standard tiers (BAA not on most plans), ConvertKit (no BAA), anything without a clear BAA path.

Getting started

If your practice isn't running these sequences today, here's the priority order we typically recommend:

New Patient Welcome (biggest no-show impact)
Post-Visit + Review Request (highest engagement)
Reactivation (usually pays for all marketing in month one)
Monthly Newsletter (keeps the practice top-of-mind)
Everything else in sequence

All five of those can be launched in a week with the right setup. The remaining four can ramp over the following month.

The hard part isn't the email copy — it's getting the BAA in place, the segmentation clean, the automation rules right, and the compliance guardrails tested. Most practices get stuck on the infrastructure before they write a single email.

Obris Launch builds all nine sequences for you

Every Obris Launch client gets the nine lifecycle sequences set up on MailerLite with BAA, compliance-checked, and live within the first month of engagement.

See how email works at Obris Launch →