product update: Patient consent verification for SMS invites

Hi! I have some news regarding recent updates made to the platform, as we constantly strive to make a more reliable, secure and user-friendly telemedicine experience.

The big news has to do with SMS invites, where providers will now need to verify that they have gained the consent of their patients to receive text messages before clicking send. This is to comply with regulations requiring health care providers to acquire verbal consent from patients before communicating with them in this way (Here is an article quoting the relevant regulation, here is a message from the service provider who delivers our SMS invites).

Providers can confirm they have gained this consent by checking a box in the lower left corner of the invite popup:


Apart from that, we’ve also:

  • Fixed a problem that caused links to sometimes not function properly in the waiting room, and ensured that links will always have the underline that makes them recognizable as links.
  • Corrected a minor problem that on rare occasions caused the text entered in some of the fields in account settings to not be validated.
  • Improved the Greek and Italian translations patients using those languages see when using the platform.

This change was added with no warning, so there was no way to obtain consent before the visits and no way to do the visits without indicating consent.

It’s a good point @drericgeller. We are going to be working on our communication towards updates so there is more lead-time before changes occur.

We switched over to a shortcode because our long codes were getting blocked back in March do to the increased volume. In order to comply with regulations we had to make this change very quickly after we implemented the short code.

But to your point, we could have done better updating everyone about this change before it happened. We will move towards providing updates that impact workflows like this before they happen.

It might be true that we can do better to communicate these changes in advance. That said, the legal requirement to gain consent was still in place regardless of whether the checkbox was present in our platform.

Would you kindly repeat (with clear examples) the URL code to give patients that will identify them for repeat visits to eliminate need for them to type in their name. (This would be given by direct contact from provider, not through the “Invites” option on Doxy.

Thanx and stay safe.

@mshenker I believe you are are talking about our accessibility username feature. In short, add ?username=patientName to the end of your waiting room URL.

For example, mine is: and that would auto populate mshenker into the checkin box.

1 Like

Wait - still confused. I don’t want to populate my name (mshenker) into the check-in box, but theirs (dylan). Was that a typo?

So, just to make sure: instead of just informing clients to go to URL:, where they would type in their name, I would send Jane Doe the URL: and “jane” would automatically appear in the check-in/waiting room.

I am a Professional level user, not familiar with the Clinic version so there could be some Clinic features that have escaped me.

In my view, one of the best features of Doxy is that the patient does not have to download an app, create a username and password and all that portal jazz that is a PIA with most other EHR-based communication systems we have with our healthcare providers. All they have to do is click on a simple link which you provoide (the one with YOUR name in it) and type in their name into a form. Patient information is specifically NOT retained until next time! That’s the gig.

In exchange for this simplicity, the patient has to identify themselves to you by name every time as far as I know.


1 Like

Thanks. I have not heard about this requirement before from any of my medical societies. Hunted for it on telemedicine websites for state of new jersey, American Academy of Neurology, Medicare, National Consortium of Telehealth Resource Centers, Center for Connected Health Policy,, Medical Society of New Jersey, consent forms for a variety of providers including HeyDoctor as well as various medical centers. Can you please specify the law requiring this? In what way was this law publicized to the medical community?

The regulation is part of the Telephone Consumer Protection Act. I already provided in the original post a link to an article referencing the relevant part of the law, but if you’d like to read the whole clause, you can find it here.

I wouldn’t know how this law was publicized.

Looked at the links provided in the post above. These are messaging industry resources, nothing a physician would ever see or hear about. I don’t see how physicians could reasonably be expected to put themselves in compliance without the vendor ( informing us.

It says no written consent required. When our secretaries do the appointment confirmation, they get a cell phone number from the patient to use, so presumably that is consent since it is provided by the patient. Would a statement in our documentation to the effect of " The patient was contacted at the cell phone or email they provided" be adequate to meet this regulation?

Also, the CTIA guideline and your consent say patients need to be able to send “STOP” to stop getting texts. How would the physician receive this information? If we try to text a patient who opted out, what would tell me?

I am not a lawyer and you should not rely upon my advice on the technical details of this law. I do not know if there are relevant legal precedents about the term “express consent.” But to me, in my layman’s interpretation, it seems like your scenario with the receptionist would be “implied consent,” and thus not applicable. They need to be explicitly told they will be contacted via SMS about health care-related information, and explicitly respond that this is OK.

But again, I’m not a lawyer.

A provider who attempts to send an SMS to a number which has opted out of receiving them will receive an error message telling them it cannot be delivered, and that they should try another invite method.

Please consider including "- “Reply STOP to opt out” - “Reply HELP for help” in the body of the text messages being sent to clients/patients. What do you think?

1 Like

Sorry, if I make use of the text messaging service, I would request include the opt out and help options in the texts being sent.

1 Like

I agree and have made the same recommendation, it is under consideration.

In the meantime, when you gain verbal consent, you should tell your patients about these options.

1 Like

Will do. Thank you for your time and I hope the change is implemented.

A post was split to a new topic: Have issue and unable to receive help


If the room URL you are sending to your patient is and your patient’s name is Jane, to auto populate the check in box with the patient’s name Jane, you would send the link

Our Support team can be reached using the Help button on your dashboard, via email or by phone 844-436-9963. Please also see our article regarding Diagnostic Tests to help identify the cause of your connection issues.

Rebecca, thank you for your clarification. Is there any way these updates from User Community could be limited to the specific question and not have all posts jumbled up into one email? It is very hard to follow one train of inquiry.