Email Verification & Consent
Before sending post-operative reports or survey invitations to a patient, their email address must be verified and they must consent to receiving communications. This ensures HIPAA compliance and protects patient privacy.Why Verify?
- Email accuracy — Confirms the email belongs to the intended patient, preventing misdirected PHI
- Patient consent — Patients explicitly choose which communications they want to receive
- Compliance — Creates an auditable record of patient consent for HIPAA and ISO 27001
Sending a Verification Email
Locate the Email Section
Find the patient’s email address in the contact information section. You’ll see a Verified or Unverified badge next to the email.
Click Send Verification or Verify Email
Click the verification link or button to open the consent modal
You can also send verification from the Edit Contact page, where you’ll see a Verify Email button below the email field.
Using the QR Code (In-Person)
If the patient is present in your office, you can use the QR code for immediate verification:Patient Scans
The patient scans the QR code with their phone camera, which opens the verification page on their own device
Managing Consent In Person
During face-to-face consultations, you can manage a patient’s consent preferences directly without requiring them to complete email verification:Open the Consent Modal
Click Manage Consent from the patient profile, post-op report page, or patient recovery page
Toggle Consent Preferences
Use the toggle switches to enable or disable:
- Post-Op Reports — Allow sending post-operative report emails to this patient
- Survey Invitations — Allow sending survey invitation emails to this patient
What the Patient Sees
When a patient clicks the verification link (or scans the QR code), they are taken to a secure page where they can:- Confirm their email address — Their masked email is displayed for verification (e.g.,
j***@gmail.com) - Opt-in to post-operative reports — Choose whether to receive surgical reports via email
- Opt-in to patient surveys — Choose whether to receive survey invitations via email
Consent Status Display
Consent status is displayed as compact badges on three pages throughout the app:- Patient Profile — Below the patient’s contact information
- Generate Post-Op Report — Near the send/view/download section
- Patient Recovery — In the header card after surgery information
- Email: Verified (green) or Unverified (orange)
- Reports: Consented (green) or Not Consented (grey)
- Surveys: Consented (green) or Not Consented (grey)
Consent Enforcement
Consent preferences are enforced when sending communications:- Post-op reports — If a patient’s email is not verified or they have not consented to reports, the Send button is blocked. A dialog explains the requirement and offers a Manage Consent button.
- Survey invitations — The automated survey dispatch system checks consent before sending. If the patient has not verified their email or consented to surveys, the dispatch is skipped and logged.
What Happens When an Email Changes
When you change a patient’s email address (from either the Edit Contact page or the email edit modal on the Post-Op Report page):- Email verification resets — The email is marked as unverified
- All consent preferences reset — Both post-op report and survey consent are revoked
- Consent modal appears — The consent modal automatically opens so you can either send a new verification email or manage consent in person
Re-sending Verification
If a patient’s verification link has expired or they haven’t completed it:- Open the consent modal from the patient profile or edit contact page
- Click Send Verification Email again
- A new link will be sent (previous links become invalid once a new one is generated)