Legal Requirements

IN THIS ARTICLE

HIPAA Compliance

Personal Financial Information

CAN-SPAM

HIPAA Compliance

Tendo can’t guarantee that any external messaging channel is secure because it depends on factors outside of Tendo’s control such as individual patients' email clients and devices. It is important, therefore, that the email, push, and SMS messages you create don’t include personal patient health or financial information to avoid violating HIPAA and other privacy constraints.

External notifications should not include content that could reveal:

  • a diagnosis
  • the type of appointment if it could reveal the diagnosis or the patient’s condition.
  • the appointment’s location

What it can include:

  • The preferred name of the Patient as a greeting i, i.e. “Hi, Elaine!” Personalize the message in this way by adding the recipient’s preferred name as a variable.
  • The name of a provider in the following Tendo style - [first name last name degree abbreviation], as in Karine Smith MD. Don’t include any information about their specialty.
  • The date and time of an appointment.

Customers may insist on including more personal health information in emails than this. If so, configure the content and branding of the email notification so that it is clear that the notification is from the customer, not Tendo.

Personal Financial Information

Messages should not include any private financial information.

CAN-SPAM

This U.S. law defines the rules for commercial messaging. Under this law:

  • “From,” “To,” “Reply-To,” and routing information - including the originating domain name and email address – must be accurate, and must identify the person or business that initiated the message.
  • There must be an option for the recipient to opt out of receiving messages. Opt out must be honored immediately.
  • The message must include the sender’s valid physical postal address. 
  • Even if the sender hires another company to handle its email marketing, the sender can’t contract away legal responsibility to comply with the law. Both the company whose product is promoted in the message, and the company that sends the message can be held legally responsible.
  • The customer organization is considered the primary sender. Tendo is secondary since it handles email messaging on behalf of a customer.

Tendo must provide:

  • Updated Terms of Use that describe the responsibilities of both parties.
  • The capability for the customer to follow regulatory requirements such as opt out, and identification.

The customer must:

  • Abide by Tendo’s Outreach Terms of Use.
  • Comply with CAN-SPAM in the content.
  • Include accurate Sender identification in messages.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles