March 2023 – What's New?
Enforced Password Complexity on Reset
If a user utilizes the “Forgot Password” feature, they will need to adhere to the following guidelines when setting their new password.
The new password must:
Be at least 10 characters long
Be no more than 2 identical characters in a row
Must meet all of the following:
Uppercase character (A-Z)
Lowercase character (a-z)
Have either of
Special character (punctuation)
Password submissions are rejected if the above criteria are not met
To adhere to the new regulations outlined in the SMS Compliance Article, all Broadcast messages that are sent as a text message will be moving to a new standard format. This standard format will aid in the messaging verification process brought forward by carriers and will significantly decrease the likelihood of messages being filtered or blocked by carriers. The standard format that a recipient will see when they receive a Broadcast message via SMS will be as follows
Standard SMS format: Hello [First Name], you have a new message from [HIPAA Safe Practice Name*] at [weblink]
NOTE: If you do not have a HIPAA-compliant Practice Name configured, your standard practice name will default in for the SMS message.
If your practice has its HIPAA-compliant Practice Name set in the Practice Settings of the Admin tab in the Updox Inbox, that will be the practice name the recipient sees in the messages they receive from your practice. If not, they will see your standard practice name. To set your HIPAA-safe name, click on the Menu in the Updox Inbox > Admin > Practice Settings scroll down to the checkbox next to Enable HIPAA-compliant Practice Name, and click the checkbox. You can then enter your HIPAA-compliant practice name.
Any existing Broadcast scripts sent via SMS that contain the [FirstName] variable will be replaced by “Recipient” within the content of the message behind the weblink to maintain HIPPA compliance. This will not apply to any Broadcast messages sent via email, portal, or voice.
Existing configurations that your practice has for any Broadcast messages will remain in place, and your practice will not be required to make any changes as the existing content will now simply be shown via the web application versus within the text message directly. Once again, this will aid in the newly required registration process and with message deliverability.
When Are These Changes Taking Effect?
We expect these changes to be rolled out by the end of March. Once an official date is decided upon, that date will be communicated to our customers. Our customers will receive additional communication leading up to the release of these updates to ensure transparency.
What Is Not Changing?
Any Broadcast messages being sent as email, voice calls, or portal messages will not be impacted by these changes.
What Do You Need To Do?
As previously mentioned, there is no work needed from you or your practice unless you want to set a HIPAA-compliant Practice Name. All of this behind-the-scenes work will be completed by Updox. All Broadcast SMS configurations that are in place will remain the same, and you will not have to make updates to previously created scripts.