May Sale · Get 10% OFF with our coupon · Ends in 00d 00h 00m 00s Claim now
Schedule demo Get snapshot
Home/ Guides/ Guide
Free guide for chiropractic clinics

HIPAA-Aware SMS for Chiropractic Clinics — The Practical Guide

A working guide to texting patients without putting PHI on a carrier network. What's safe to send, what's not, what consent looks like, and how to operationalize it.

Published January 20, 2026 · Takes PT45M

Claim the offer — $997 Book a demo
Step-by-step

The 7-step walkthrough

1

Understand what counts as PHI in an SMS

Patient name + diagnosis is PHI. Patient name + 'appointment tomorrow' is not. Learn the line.

2

Capture proper TCPA + HIPAA consent at intake

Two separate consent checkboxes with clear, dated language. STOP/HELP keyword disclosure included.

3

Use template patterns that route PHI to the patient portal

Send 'your home-care plan is ready: tap here' — never 'your home-care plan for sciatica is...'

4

Set up A2P 10DLC for your business number

Required for U.S. SMS deliverability. Filed via The Campaign Registry. Takes 24–48 hrs to approve.

5

Configure STOP and HELP keyword handling

Automatic STOP suppression. HELP keyword returns contact info + opt-out instructions.

6

Log every consent, opt-in, and opt-out with timestamp and IP

Audit trail makes compliance defensible. Built into the snapshot by default.

7

Set quiet-hours per patient timezone

No SMS outside 8 AM – 8 PM patient local time. TCPA-mandated; the snapshot enforces it.

Free download · No credit card

Get the full HIPAA-Aware SMS for Chiropractic Clinics — The Practical Guide as a PDF

Read this guide right here on the page — or send the full PDF straight to your inbox along with our weekly chiropractic-clinic automation playbooks. Includes the checklist, real-world examples, and our "what to automate next" decision tree.

  • The complete 7-step walkthrough as a printable PDF
  • A bonus "what to automate next" checklist for your clinic
  • Weekly playbook emails — unsubscribe anytime
  • Zero spam · zero phone calls unless you ask
Loading question…

No credit card. We respect your inbox.

HIPAA-Aware SMS for Chiropractic Clinics — The Practical Guide

Texting patients responsibly is doable — and worth doing

Chiropractic patients prefer text over phone by a wide margin. The compliance question — how do you text patients without violating HIPAA or TCPA — is real but solvable. This is the practical guide.

What’s actually PHI in an SMS context

HIPAA defines PHI as health information that can identify an individual. In an SMS, the question is: would the message body reveal something about the patient’s care if read by someone other than the patient?

Not PHI (safe to send in plain SMS):

  • “Hi Sarah, friendly reminder of your appointment tomorrow at 2 PM with Dr. Patel.”
  • “Hi Sarah, we missed you this week — tap here to reschedule: [link]”
  • “Hi Sarah, your invoice is ready: tap here to view”

Borderline PHI (avoid in plain SMS):

  • “Hi Sarah, reminder of your sciatica re-eval tomorrow” — the diagnosis makes this PHI
  • “Hi Sarah, your X-ray results are in” — the imaging reference is PHI

Definite PHI (never send in plain SMS):

  • Treatment notes
  • Diagnostic specifics
  • Test results
  • Medication lists

The rule of thumb: the SMS body should be appointment-and-logistics oriented; anything clinical lives behind a patient-portal login.

TCPA consent — the other half of the rule

TCPA (Telephone Consumer Protection Act) is the law that governs marketing texts. It’s separate from HIPAA but equally important.

A compliant SMS opt-in looks like this on your intake form:

☐ I agree to receive appointment reminders, scheduling updates, recall messages, and clinic communications via SMS at the phone number provided. Message frequency varies. Standard message and data rates may apply. Reply STOP to opt out at any time. Reply HELP for help. View our Privacy Policy and Terms.

The checkbox cannot be pre-checked. The patient must affirmatively check it. The consent must be logged with timestamp + IP.

A2P 10DLC — what it is and why it matters

A2P 10DLC is the registration framework U.S. carriers use to allow business SMS at scale. Without registering, your texts will be filtered as spam — especially anything with healthcare-related keywords.

Registration is filed through The Campaign Registry, costs $4–$15/mo per number depending on tier, and takes 24–48 hours to approve carrier-side.

The Chiropractor Snapshot includes A2P 10DLC filing for U.S.-based clinics, free of charge. Other vendors charge $150+ for this. It’s a one-time setup pain point.

Quiet hours — the rule most clinics miss

TCPA requires that marketing messages only be sent between 8 AM and 9 PM patient local time. The snapshot stores each patient’s timezone (inferred from area code, confirmed at intake) and enforces the rule automatically.

Most clinics that get TCPA complaints get them because they sent a reminder at 7 AM local time without realizing.

STOP and HELP — what happens when a patient opts out

When a patient replies STOP:

  • They are immediately added to the suppression list
  • No further SMS is sent to that number from any campaign
  • A confirmation is sent automatically: “You’ve been unsubscribed. Reply START to re-subscribe.”
  • The opt-out is logged with timestamp

When a patient replies HELP:

  • A response goes out with: clinic name, contact phone, opt-out instructions, and message-frequency policy

Both behaviors are required by carrier rules. The snapshot handles both automatically.

What “HIPAA-aware” means (and doesn’t mean)

“HIPAA-aware” in the snapshot context means:

  • PHI is never embedded in plain SMS bodies
  • Sensitive clinical content routes to the patient portal
  • Consent is captured, dated, and logged
  • Audit trail is complete

It does not mean:

  • The SMS pipe itself is HIPAA-encrypted (SMS as a protocol isn’t)
  • Every clinical message can travel via SMS (some can’t — they need the portal)
  • The clinic is automatically HIPAA-compliant just by using the snapshot (the clinic still needs a BAA with GHL/Twilio and its own operational practices)

If your clinic needs full PHI-in-message capability for specific clinical workflows, you’ll need a separate BAA-covered secure-messaging app (TigerConnect, OhMD, etc.) alongside the snapshot.

Setup checklist

  1. ☐ Intake form has TCPA opt-in checkbox (un-pre-checked)
  2. ☐ Intake form has HIPAA acknowledgment checkbox
  3. ☐ A2P 10DLC submitted via The Campaign Registry
  4. ☐ STOP / HELP keyword handlers configured
  5. ☐ Quiet-hours enforcement enabled per patient timezone
  6. ☐ SMS templates audited — no PHI in message bodies
  7. ☐ Patient portal active for any clinical content
  8. ☐ Audit log retains consents + opt-outs for at least 4 years

All of these are pre-configured in the snapshot. You don’t have to set them up — you just need to know they exist when an audit happens.

A real-world example

Lapsed-patient SMS sent by the recall engine:

Hi {{firstName}}, we miss seeing you at the clinic! 🙂 Tap here to grab a quick spot this week: {{bookingLink}}. Reply STOP to opt out.

No PHI. No diagnosis. No treatment specifics. Warm, specific, compliant, and effective.

Book a demo → and we’ll walk through the full SMS template library + consent capture flow.

More guides

Keep learning

Guide · PT1H
The Chiropractic Plan-Adherence Playbook
How to keep care-plan patients on track through the visit-12-to-24 drop-off zone. Pre-built workflows, patient psychology, and the recall triggers that actually work.
Read the guide →
Guide · PT24H
How to Launch the Chiropractor Snapshot in 24 Hours
Step-by-step playbook for clinic owners: from purchase to first AI-receptionist-answered call, from intake form live to first recall reactivation. The actual 24-hour timeline.
Read the guide →
Want this done for you?

The snapshot ships with everything in this guide

Skip the build — installed in your GoHighLevel within 24 hours for $997 one-time.

Claim the offer — $997 Book a demo
Book Demo Claim Offer