Most dental and medical practices I talk to have the same problem: no-show rates between 12% and 22%, and a front desk spending hours on manual reminder calls.
The solution is obvious. Automated SMS reminders go out 48 hours before the appointment, the patient confirms or cancels, and the schedule updates automatically. It's not complicated technology. But a lot of practices are either not doing it, or doing it in a way that creates compliance exposure.
Here's what actually matters from a HIPAA standpoint, and what doesn't.
What HIPAA actually says about automated messages
HIPAA doesn't prohibit sending appointment reminders by text or email. It does require that you use "reasonable safeguards" to protect PHI. What's reasonable depends on what information you're sending.
A message that says "Hi Sarah, reminder: you have an appointment at Brightside Dental tomorrow at 2pm — reply YES to confirm or NO to cancel" is generally considered permissible. It contains minimal PHI (name, appointment time, practice name) and is being sent to a number the patient provided.
A message that includes diagnosis information, insurance details, or treatment specifics in the SMS body is a different conversation. Don't do that.
The key requirements:
- Patient must have provided the phone number and implicitly or explicitly consented to receive communications
- The message content should be limited to logistics (time, date, location, confirmation request)
- You need a Business Associate Agreement (BAA) with your SMS provider
- Delivery logs should be maintained
The BAA requirement trips up most practices
Twilio, for instance, requires you to specifically request a BAA — it doesn't come standard with their terms. If you're using a general-purpose automation tool (Zapier, Make) that sends texts via Twilio, you need BAAs with both the automation platform and Twilio.
Most major automation platforms and SMS providers will sign BAAs for healthcare customers. It's paperwork, not a technical hurdle. But you need to actually do it.
The workflow that works
Here's the version I typically build for clinics:
- 1Appointment created in the EHR (Dentrix, Athenahealth, eClinicalWorks)
- 248-hour reminder fires via SMS: time, date, provider, confirmation link
- 3Patient replies YES/NO or clicks a link
- 4YES: appointment confirmed, no action needed
- 5NO: slot marked as available, front desk gets a notification, waitlist patient contacted if applicable
- 6No reply by 24 hours: second reminder fires
- 7Day-of: 2-hour reminder with office address and a link to any digital intake forms
The system logs every send, delivery, and reply. Confirmation status is visible in a dashboard the front desk can see in real time.
No calls to voicemail. No sticky notes. No patient falling through the cracks because someone forgot to check the schedule.
What this does to no-show rates
In practices I've worked with, SMS-based confirmation workflows typically bring no-show rates from the 15-20% range down to 7-10%. For a busy practice seeing 30 patients a day, that's 3-4 recovered appointments per day. At average revenue per appointment, you're looking at $300-600/day of recovered revenue.
The automation costs a few hundred dollars a month to run. The math is straightforward.
If you're thinking about this for your practice
The main decision is whether to use your EHR's built-in reminder tools (usually limited and expensive per-feature) or build a custom integration. Built-in tools are faster to set up but often lack flexibility — you can't customize message content, you can't connect confirmation responses back to your schedule, and you can't layer in waitlist management.
Custom integrations take 2-3 weeks to build properly but do exactly what you need and connect to everything else. Happy to talk through what makes sense for your specific setup.
