Use Case: Customer Care - Healthcare Communications
Overview
This document provides visual verification of our SMS consent mechanism for Twilio A2P campaign compliance. Our patient portal implements a clear, explicit opt-in process for SMS communications that meets all TCPA and carrier requirements.
Key Compliance Features:
Explicit opt-in checkbox specifically for SMS notifications
Clear description of message types patients will receive
Authenticated access requiring patient login
Timestamped consent tracking in database
Easy opt-out mechanism through the same interface
Patient Consent Flow
Initial Login - Communication Preferences Required
1Patient Authentication: Patients log into the portal using one of three secure methods (Name + Birthday, Phone + Birthday, or Access Code).
2Preferences Prompt: On first login or when preferences haven't been set, patients are prompted to configure their communication preferences.
Screenshot 1: Initial Communication Preferences Screen
This screen appears when a patient first logs in or hasn't set their preferences. Note the clear separation between SMS and Email options.
Important Features Visible:
SMS Notifications checkbox - Currently unchecked (no consent given)
Clear description: "Receive appointment reminders, confirmations, and important updates via text message"
Email Communications checkbox - Separate consent for email
Privacy Notice explaining data usage and patient rights
Managing Consent - Patient Profile
Ongoing Preference Management
3Profile Access: Patients can access their communication preferences anytime through their profile settings.
4Modify Consent: Patients can opt-in or opt-out of SMS notifications at any time with immediate effect.
Screenshot 2: Patient Profile - Communication Preferences Management
The patient profile showing the communication preferences section where patients can modify their SMS consent at any time.
Consent Management Features:
Toggle switches for immediate preference changes
Last updated timestamp showing when preferences were set
Auto-save functionality (changes take effect immediately)
Visual confirmation when preferences are saved
Technical Implementation
Database Consent Tracking
Patient Table Fields:
- sms_opt_selection (boolean): Stores consent status
- sms_opt_set_at (datetime): Timestamp of consent action
- email_opt_selection (boolean): Separate email consent
- email_opt_set_at (datetime): Email consent timestamp
Consent Verification Logic
Our Laravel backend checks the sms_opt_selection field before sending any SMS messages. Only patients with sms_opt_selection = true will receive text messages.
Compliance Features
Explicit Consent: Clear checkbox requiring active selection
Granular Control: Separate options for SMS vs Email
Message Type Disclosure: Clear description of what messages will be sent
Audit Trail: Timestamped records of all consent changes
Easy Opt-Out: Same interface for opting out as opting in
Privacy Notice: Clear statement about data usage and rights
Message Types Covered by Consent
When patients opt-in to SMS notifications, they explicitly consent to receive:
MFA/Security Codes: Verification codes for secure login (Sample: "Your Pryme Practice verification code is 223108")
Appointment Reminders: Upcoming appointment notifications with date/time
Appointment Confirmations: Booking confirmations and updates
Important Updates: Critical healthcare communications from their provider
Note: We do not send marketing messages. All communications are transactional and directly related to the patient's healthcare services.
Live Portal Access
Reviewers can verify our consent mechanism at our live patient portal:
Test Patient Credentials
Location URL: [Will be provided upon deployment]
Authentication Method: Name + Birthday
Test patients are available for verification. Please contact support for access credentials.
Additional Compliance Information
Opt-Out Management
In addition to the portal interface shown above, we support standard SMS opt-out keywords:
STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT - Immediately opts out
START, UNSTOP - Re-enables SMS communications
HELP, INFO - Provides information about the service
Data Retention
Consent records are maintained for the duration required by healthcare regulations and TCPA compliance requirements. All consent changes are logged with timestamps for audit purposes.