Secure Messaging is currently in BETA. To request access, please email us at support@apptoto.com.
Apptoto’s Secure Messaging feature gives you an added layer of privacy when communicating with your clients via SMS or email. Instead of sending message content directly, clients receive a secure link to view the conversation. This ensures sensitive information stays protected.
What is Secure Messaging?
When you enable Secure Messaging, Apptoto sends a link to a private conversation page instead of including the message content directly. Clients must click the link within a certain number of hours to view the message. After the link expires, clients can request a new one through the same conversation page.
How to Set Up Secure Messaging
To turn on Secure Messaging:
- Navigate to Messaging > Secure Messaging in your Apptoto account.
- Toggle the Enable Secure Messaging option to ON.
- Set your secure message subject (email only), body, and link expiration timing.
- For enhanced security, add a default PIN that each contact must enter after receiving their secure link to access their messages.
- Note: You can customize PINs on a contact-by-contact basis if needed.
- Note: You can customize PINs on a contact-by-contact basis if needed.
- Click “Save Settings.”
Controlling Which Automated Messages are Sent Securely
You can tell Apptoto to send all of your automated appointment reminders, booking confirmations, and follow-ups securely, or just some. To control which automated messages are sent securely, follow the directions below:
- Navigate to Messaging > Appointment Auto Messages tab in your Apptoto account.
- Choose an existing text or email message from your existing Message Schedule, or create a new message.
- A new toggle will appear on the Message Editor screen, “🔓Send Securely.” Toggle this on.
- Repeat for all additional email or text messages you’d like Apptoto to deliver securely.
- Click “Save Settings” on the Appointment Auto Messages tab.
Once enabled, any SMS and email messages you’ve set to “send securely” will be delivered using the secure message format.
Controlling Which One-Time Messages are Sent Securely
Once you’ve enabled secure messaging using steps 1-5 above, you can also use Apptoto to send one-time messages securely using the compose button. To send a one-time message securely:
- Click the “Compose” button in the upper left-hand side of the screen on Apptoto’s appointments tab to call, text, or email a group of contacts.
- You can also select pre-existing appointments you’d like to contact by clicking the checkbox to the left of the desired appointments, then clicking the Compose button.
- You can also select pre-existing appointments you’d like to contact by clicking the checkbox to the left of the desired appointments, then clicking the Compose button.
- Choose either text or email as your message type (note: secure messaging is not available for voice messages).
- Select the checkbox next to “Send Securely.”
- Optional: Add a PIN that the recipient will be required to enter before they can access their secure message.
- Optional: Add a PIN that the recipient will be required to enter before they can access their secure message.
- Click “Edit” to update the one-time message you wish to send in a secure message chat screen, including any dynamic fields and attachments.
- Note: your recipient will first receive an invitation message providing them with a secure link to access the chat and enter their PIN (if enabled) before they can read the message.
- Preview and send!
Customizing Secure Message Templates
You can customize the subject and body of the secure link message sent to clients:
Secure Link Message Subject:
You've received a secure message from {{ user.name_and_company }}
Secure Link Message Body:
You've received a secure message from {{ user.name_and_company }}, click here to view the conversation: {{ secure_link }}
Note: {{ secure_link }} will automatically insert the unique, time-limited link for the client to access the conversation.
Link Expiration
Secure message links are valid for 24 hours by default. Using step 3 above, you can set links to expire after 10 days, 6 months, or 1 year instead.
If a client or patient clicks an expired secure link, Apptoto will prompt them to request a new one. There is no need for you to resend the message.
Using Contact PINs for Additional Security
To add another layer of protection, you can require clients to enter a PIN before viewing a secure message.
There are three ways to configure this:
- Set a default PIN for all contacts.
- Add a default PIN for all contacts (unless a custom PIN is set per contact) in the Default Contact PIN field under Messaging > Secure Messaging.
- Manually set a PIN for a specific contact.
- First, navigate to the Contacts tab. Click the Edit icon (pencil/paper) next to your contact’s name, enter a PIN in the Secure PIN field, and click Save.
- Use a Default Contact PIN from your address book.
- You can define a default PIN using a custom field from your address book. For example: {{ custom.my_secure_pin_field }} where “my_secure_pin_field” is replaced with the name of your secure PIN field.
When a secure message is sent to a contact with a PIN on file, they must enter it before they can view the conversation.
Complete step-by-step instructions for setting up PINs can be found in the “Secure Messaging Contact PINs” knowledge base article.
Frequently Asked Questions
They can visit the original link, and a button will be provided that will allow them to request a new one. Apptoto will automatically generate a fresh link without any action needed on your part.
You can use the Apptoto Log (located under Tools > Log) to track secure message activity.
For email messages, the log shows whether the recipient opened the email message and/or whether a PIN was entered (if enabled).
For SMS messages, the log does not show if the SMS message was opened. However, if the client clicks the secure link and enters a PIN, the log will reflect that activity, indirectly confirming that the message was viewed.
Secure Messaging helps protect sensitive data. However, full HIPAA compliance depends on your organization’s usage and policies. Please consult your compliance officer for guidance.