Secure Messaging with Clients

How PracticeRunner keeps client-provider messages inside the portal while sending generic email notifications.

Secure messaging lets your practice send and receive client messages inside PracticeRunner. Clients can open messages from the client portal or from a secure message link.

The main goal is simple: support HIPAA-conscious communication by keeping client-specific message content in PracticeRunner, not in ordinary email.

What clients receive by email

When your practice sends a supported client message as a secure portal message, the client receives a generic email notification that tells them a secure message is waiting.

The notification should not include:

• the message body
• clinical notes
• diagnosis details
• billing details
• appointment details
• attachments
• other sensitive client information

The client opens PracticeRunner to read and reply.

How clients read and reply

Clients can use:

• the portal messages area at https://portal.practicerunner.com/o/[practice-link-name]/messages
• a secure message link from an email notification

Secure links may ask the client to verify basic information before showing message content. If a link expires, send a new message or ask the client to sign in through the client portal if they already have access.

Replies appear in Conversations for the practice. From there, clinicians or staff can read the conversation, reply, assign the conversation, or archive it when follow-up is complete.

Recommended workflow

Use secure messaging for client-specific communication whenever possible.

For a steady practice workflow:

1. Send client-specific messages through PracticeRunner.
2. Let the email notification stay generic.
3. Review replies in Conversations.
4. Keep follow-up in the same conversation when possible.
5. Move scheduling changes, forms, or billing tasks into the appropriate PracticeRunner area when action is needed.

This keeps the communication thread easier to review and reduces the chance of sensitive details being copied into regular email.

Portal settings that affect messages

Practice owners can choose whether supported client emails are routed through secure portal messages. This is managed in Settings -> Portal.

When secure portal messages are enabled, supported client messages are saved in PracticeRunner and the email notification stays generic. This supports a HIPAA-conscious workflow without relying on regular email for message content.

When ordinary email is used for a workflow, avoid putting sensitive clinical or billing details in the message body.

Privacy notes

Keep message content focused on what the client needs to know. Avoid including diagnoses, clinical notes, billing details, or unrelated sensitive information unless it is necessary for the communication.

Do not send attachments through ordinary email. If a document needs to be shared with a client, use the client portal, forms, or another secure workflow supported by your practice.

Common questions

Do clients need a full portal account to read a secure message?

Not always. A secure message link can open a specific conversation after verification. Clients with portal access can also sign in through the portal and open messages there.

Does the email include the message?

No. The email notification should only tell the client that a secure message is waiting. The message body stays in PracticeRunner.

Can clients reply?

Yes. Clients can reply from the secure message page or portal messages area, and the reply appears in Conversations.

Where do appointment requests and inquiries appear?

They appear in Conversations. Appointment requests include request details when available, while general inquiries appear as standard conversations.

Related articles

• Prospect Tracking and Inquiry Outcomes
• Client Email Privacy
• Using the Client Portal
• Online Scheduling and Inquiries
• Send Intake to a Client