> ## Documentation Index
> Fetch the complete documentation index at: https://userguide.tesacloud.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Email Verification & Consent

> Verifying patient email addresses and collecting communication consent

# Email Verification & Consent

Before sending post-operative reports or survey invitations to a patient, their email address must be verified and they must consent to receiving communications. This ensures HIPAA compliance and protects patient privacy.

## Why Verify?

* **Email accuracy** — Confirms the email belongs to the intended patient, preventing misdirected PHI
* **Patient consent** — Patients explicitly choose which communications they want to receive
* **Compliance** — Creates an auditable record of patient consent for HIPAA and ISO 27001

## Sending a Verification Email

<Steps>
  <Step title="Open Patient Profile">
    Navigate to the patient's profile page from **My Patients**
  </Step>

  <Step title="Locate the Email Section">
    Find the patient's email address in the contact information section. You'll see a **Verified** or **Unverified** badge next to the email.
  </Step>

  <Step title="Click Send Verification or Verify Email">
    Click the verification link or button to open the consent modal
  </Step>

  <Step title="Send the Email">
    In the modal, click **Send Verification Email**. The patient will receive an email with a secure link.
  </Step>
</Steps>

<Info>
  You can also send verification from the **Edit Contact** page, where you'll see a **Verify Email** button below the email field.
</Info>

## Using the QR Code (In-Person)

If the patient is present in your office, you can use the QR code for immediate verification:

<Steps>
  <Step title="Open the Consent Modal">
    Click the verification link from the patient profile or edit contact page
  </Step>

  <Step title="Show the QR Code">
    The modal displays a QR code at the bottom
  </Step>

  <Step title="Patient Scans">
    The patient scans the QR code with their phone camera, which opens the verification page on their own device
  </Step>

  <Step title="Patient Completes Verification">
    The patient confirms their email and selects their communication preferences directly on their phone
  </Step>
</Steps>

## Managing Consent In Person

During face-to-face consultations, you can manage a patient's consent preferences directly without requiring them to complete email verification:

<Steps>
  <Step title="Open the Consent Modal">
    Click **Manage Consent** from the patient profile, post-op report page, or patient recovery page
  </Step>

  <Step title="Toggle Consent Preferences">
    Use the toggle switches to enable or disable:

    * **Post-Op Reports** — Allow sending post-operative report emails to this patient
    * **Survey Invitations** — Allow sending survey invitation emails to this patient
  </Step>

  <Step title="Changes Save Automatically">
    Each toggle updates immediately. The consent status and timestamp are recorded for audit purposes.
  </Step>
</Steps>

<Warning>
  Toggling off a consent preference clears the consent timestamp. If consent is later re-enabled, a new timestamp is recorded. This ensures an accurate audit trail of consent changes.
</Warning>

## What the Patient Sees

When a patient clicks the verification link (or scans the QR code), they are taken to a secure page where they can:

1. **Confirm their email address** — Their masked email is displayed for verification (e.g., `j***@gmail.com`)
2. **Opt-in to post-operative reports** — Choose whether to receive surgical reports via email
3. **Opt-in to patient surveys** — Choose whether to receive survey invitations via email

The patient does not need a Tesa Cloud account. The link expires after **7 days** and can only be used once.

## Consent Status Display

Consent status is displayed as compact badges on three pages throughout the app:

* **Patient Profile** — Below the patient's contact information
* **Generate Post-Op Report** — Near the send/view/download section
* **Patient Recovery** — In the header card after surgery information

Each badge shows:

* **Email**: Verified (green) or Unverified (orange)
* **Reports**: Consented (green) or Not Consented (grey)
* **Surveys**: Consented (green) or Not Consented (grey)

Click **Manage Consent** next to the badges to open the consent modal from any of these pages.

## Consent Enforcement

Consent preferences are enforced when sending communications:

* **Post-op reports** — If a patient's email is not verified or they have not consented to reports, the Send button is blocked. A dialog explains the requirement and offers a **Manage Consent** button.
* **Survey invitations** — The automated survey dispatch system checks consent before sending. If the patient has not verified their email or consented to surveys, the dispatch is skipped and logged.

## What Happens When an Email Changes

When you change a patient's email address (from either the **Edit Contact** page or the email edit modal on the Post-Op Report page):

1. **Email verification resets** — The email is marked as unverified
2. **All consent preferences reset** — Both post-op report and survey consent are revoked
3. **Consent modal appears** — The consent modal automatically opens so you can either send a new verification email or manage consent in person

This ensures that consent is always tied to the correct, verified email address.

## Re-sending Verification

If a patient's verification link has expired or they haven't completed it:

1. Open the consent modal from the patient profile or edit contact page
2. Click **Send Verification Email** again
3. A new link will be sent (previous links become invalid once a new one is generated)

## Multilingual Support

The verification page supports 7 languages: English, Spanish, French, Portuguese, Hindi, Chinese, and Arabic. The patient can select their preferred language from a dropdown on the verification page.
