Your patients want to text you. So does the law of every modern care setting. FRANSiS™ delivers BAA-backed, two-way SMS that handles routine patient questions automatically — at 11pm, after Saturday clinic, between visits. The way text actually works.
HIPAA doesn't ban text messaging. It requires that any tool handling Protected Health Information meet six baseline safeguards. Miss one — even encryption — and you're not compliant.
A signed contract acknowledging the vendor processes PHI on your behalf. A missing BAA is among the most-cited HIPAA violations — and most carriers won't sign one.
All messages encrypted with TLS 1.2 or higher while moving between servers and devices. Prevents interception of PHI on the network layer.
Stored messages and contact data encrypted on vendor servers using AES-256 or equivalent. Protects PHI even if storage is ever compromised.
Role-based permissions so only authorized staff can send, view, or export messages. The HIPAA "minimum necessary" standard, enforced.
Immutable, exportable logs of every message sent, received, read, and deleted — with user identity and timestamp. Required for compliance audits and breach investigations.
Configurable rules for how long messages are stored and when they are automatically deleted. Meets HIPAA retention requirements without manual cleanup.
Every text your staff sends from a phone, iMessage, or WhatsApp about a patient is operating outside HIPAA. Most teams don't realize until an audit.
Not a marketing SMS tool with a compliance veneer. Every layer reflects the realities of care delivery — sensitive patient data, lean staffing, and the need for AI that gets out of the way.
Every healthcare customer gets a standard BAA at onboarding — not as an add-on, not "available on request". Executed before the first message.
End-to-end encryption that meets and exceeds the HIPAA Security Rule's technical safeguard standards.
Patient asks a routine question, FRANSiS™ answers within a HIPAA-safe envelope. Your team only sees the conversations that need human judgment.
Real-time view of delivery rates, response rates, and opt-out activity. Compliance officers can audit any message event and export records on demand.
SOC 2 Type II controls, TCPA opt-in management, consent logging, and opt-out processing — built in, not bolted on.
FRANSiS™ handles 10DLC brand and campaign registration on your behalf — full carrier throughput, no compliance gaps. See the full 10DLC guide →
Appointment reminders, care plan check-ins, screening outreach, transportation coordination — all BAA-backed, in patient-preferred languages. The high-need populations FQHCs serve have the most to gain from text.
Sensitive, private communication for medication adherence, crisis-line referrals, and group check-ins — with encryption and audit logging your compliance officer can sign off on.
Discharge follow-up, post-surgical care, preventive screening campaigns, patient experience surveys — at scale, without overloading clinical staff.
Compliant SMS workflows for facilities where phone access is constrained — medication management, appointment coordination, and re-entry healthcare continuity.
Session links, reschedule reminders, intake form requests, follow-up care instructions — the SMS layer that video alone can't deliver.
The same compliance posture as a hospital system, configured for a 4-person front office. BAA, audit log, AI — all of it, in a 4-week implementation.
Across the criteria that matter for healthcare — not the surface features.
| Platform | BAA included | AI two-way | Nonprofit/FQHC pricing | 10DLC managed | Audit trail |
|---|---|---|---|---|---|
| FRANSiS™ | Yes (standard) | Yes — AI conversational layer | Yes — mission-driven pricing | Yes — fully managed | Yes — full log |
| Textline | Yes | No — manual replies only | Standard SaaS | Partial | Yes |
| TigerConnect | Yes | No — provider-to-provider focus | Enterprise | Not listed | Yes |
| Curogram | Yes | Limited — template-based | Standard SaaS | Partial | Yes |
| Standard SMS (carrier) | No | No | N/A | N/A | No |
Most healthcare organizations move from decision to first live campaign in under two weeks.
Share your communication workflows, EHR system, and compliance requirements in a 30-min call.
Your legal or compliance team reviews and signs the BAA. No PHI moves until it's in place.
Upload your patient list via secure CSV or EHR integration. Consent metadata recorded for every contact.
Build appointment reminder sequences, follow-up workflows, and AI response handling for common questions.
Go live. Compliance dashboard shows delivery, response, and opt-out activity in real time.
The first product in my 33 years of working in behavioral health that I could see us using and implementing organization-wide.
Predictable pricing, unlimited messages, four-week implementation. No per-message anxiety. Most organizations see full ROI in the first quarter.