Secure Messaging is currently in BETA. To request access, please email us at support@apptoto.com.
Apptoto offers two ways to send messages to your clients: Standard Messaging (SMS, email, or voice messages) and Secure Messaging (email or SMS only). Understanding the difference and knowing when to use each can help protect client privacy, meet compliance requirements, and ensure a seamless communication experience.
What Is Secure Messaging?
Secure Messaging sends your contacts a notification via text or email that includes a link to view the whole message in a safe, browser-based environment. Clients must click the link and may be asked to enter a PIN to access the content.
This option is best suited for sharing sensitive or private information.
What Is Standard Messaging?
Standard Messaging delivers your message content directly via SMS, email, or voice message. There are no additional steps for the recipient. It’s ideal for quick, simple reminders and general communication where privacy is not a concern.
Pros and Cons of Secure Messaging
| ✅ Pros | ⚠️ Cons |
|---|---|
| Enhances privacy and security | Adds an extra step for the recipient |
| Helps meet HIPAA, GDPR, or other compliance requirements | May lead to slightly lower response rates if clients don’t click through |
| Prevents message content from being exposed in SMS/email previews | Requires PIN setup for an added layer of security |
| Allows tracking of message views and access history | May require additional client education initially |
When Should You Use Secure Messaging?
Secure Messaging is strongly recommended in the following situations:
- Healthcare settings: Sharing appointment details, test results, or patient information
- Legal and financial services: Discussing sensitive matters or documents
- Personal or sensitive appointments: Therapy sessions, family law consultations, or any booking where discretion is important
- Compliance requirements: If your organization must comply with HIPAA, GDPR, or similar regulations
- Two-way messaging scenarios: Where clients may reply with confidential details
For routine reminders such as “Your appointment is tomorrow at 10 AM,” Standard Messaging is usually sufficient.
How to Toggle Secure Messaging On or Off
You can control Secure Messaging settings at multiple levels: globally, per message template, or for individual campaigns or composed messages. This allows you to tailor your messaging strategy based on sensitivity, industry, or strategy.
- Set a global default under Messaging > Secure Messaging.
- Enable/disable for specific message types by editing the appropriate template.
- Send a one-off message via the “Compose” button that is “Sent Securely.”
- Deliver targeted campaign sequences with secure messaging enabled for each step.
Compliance and Privacy Considerations
Secure Messaging enhances privacy by restricting access to message content and adding optional PIN protection. It can support your efforts to meet compliance standards such as HIPAA, GDPR, CCPA, and others, but it does not automatically guarantee compliance.
How secure messaging helps:
- HIPAA: Restricts access to authorized users only.
- GDPR: Prevents the unintentional exposure of personal data in third-party systems.
- CCPA & other regulations: Adds traceability and can be configured to include consent protection on some or all communications.
⚠️ Important: You are responsible for ensuring that your use of Apptoto aligns with all applicable regulations. Secure Messaging is a tool that can help, but achieving full compliance often depends on how you configure and use the system and your internal policies and safeguards.
⚠️ Note: Using Standard Messaging to transmit sensitive client information may violate privacy laws in your jurisdiction. Always consult your legal or compliance team to determine the appropriate messaging method for your business.
Messaging Quick Reference
| Situation | Recommendation |
|---|---|
| Basic appointment reminder | Standard Messaging |
| General marketing message | Standard Messaging with Opt-In Consent* |
| Confirmation or reschedule link | Standard or Secure (optional) |
| Health-related info | Secure Messaging |
| Legal/financial discussions | Secure Messaging |
| Messages requiring a PIN or added privacy | Secure Messaging |
*We strongly recommend enabling consent collection before sending marketing messages, as sending unsolicited messages may violate carrier terms or regulations.