Back to all posts
Compliance 9 min read · January 8, 2026

Dental SMS Marketing in 2025: TCPA Compliance, Consent Requirements, and 5 Best Practices

AS

Dr. Ananya Shah

GP · Certified privacy professional

SMS is the highest-engagement channel dental practices have. Text messages have a 98% open rate within 3 minutes. Email struggles to hit 25%. Phone calls get answered less than 50% of the time. But SMS is also the most heavily regulated communication channel — and the regulations have gotten significantly stricter in the last 18 months.

The Telephone Consumer Protection Act (TCPA) and its 2024-2025 updates have created a compliance landscape that is catching many dental practices off guard. The FCC's 2024 ruling on "prior express consent" clarified that consent for appointment reminders does not automatically extend to recall messages or promotional texts. Several class-action lawsuits against healthcare providers — including a February 2025 case against a DSO network in Texas — have made it clear that the TCPA applies to dental practices just as it applies to telemarketers.

What the TCPA requires for dental SMS

The TCPA and its implementing regulations establish three categories of SMS messages with different consent requirements:

Category 1: Appointment reminders (operational)

These are messages that convey information about an existing appointment — date, time, location, provider name. The FCC has confirmed that these fall under the "healthcare" exemption and do not require prior written consent, provided that:

  • The message is strictly informational and does not contain marketing content
  • The patient provided their phone number during the appointment booking process
  • The message includes an opt-out mechanism (e.g., "Reply STOP to opt out")

Category 2: Recall and re-care messages (grey area)

This is where most dental practices are exposed. A message saying "It has been 6 months since your last visit — book your next cleaning" does not relate to an existing appointment. The FCC has not issued definitive guidance on whether these are "healthcare" or "promotional." The conservative approach: treat them as promotional and obtain prior written consent.

Category 3: Promotional and marketing messages (strict)

"Flash sale on Zoom whitening — 30% off this month!" These require prior express written consent. The consent must be: specific to the phone number provided, include clear disclosure of what the patient is agreeing to, and be obtained without any conditions (you cannot require consent to marketing messages as a condition of treatment).

"The safest framework I recommend to every practice: obtain a single, comprehensive written consent at patient intake that covers appointment reminders, recall communications, and promotional messages — with clear separation so the patient can opt into some categories and not others. This gives you maximum flexibility while staying compliant."

Five best practices for dental SMS in 2025

1. Separate consent at intake

Your new-patient consent form should include a dedicated section for SMS communication with three checkboxes: (a) appointment reminders, (b) recall and re-care messages, (c) promotional offers and practice news. Default all three to unchecked — the patient must actively opt in. This eliminates any argument about "prior express consent" later.

2. Include opt-out in every message

Every SMS you send — even appointment reminders — must include a clear, working opt-out mechanism. "Reply STOP to unsubscribe from all messages" is the gold standard. The opt-out must be processed immediately (within 24 hours, but ideally in real time). If a patient replies STOP and receives another message from you, you have violated the TCPA.

3. Maintain a Do-Not-Text list

This is separate from your DNC (Do Not Call) list. Some patients are fine with phone calls but do not want texts. Your SMS platform must maintain a suppression list that prevents messages from being sent to opted-out numbers across all message categories.

4. Audit your third-party platforms

If you use a patient engagement platform that sends SMS on your behalf, you are vicariously liable for their compliance. Your BAA with the platform must include specific TCPA compliance representations. You should also request an annual SOC 2 report or equivalent audit documentation covering their SMS delivery practices.

5. Document everything

In the event of a complaint or lawsuit, your best defence is a contemporaneous record of: when consent was obtained, what the patient agreed to, and every message sent. Your SMS platform should maintain an immutable audit log of all outbound messages and opt-in/opt-out events. We retain these records for four years (matching the TCPA statute of limitations).

The cost of non-compliance

TCPA violations carry statutory damages of $500 per unsolicited text message, which can be trebled for wilful violations. A single campaign sending 500 messages to patients without proper consent represents a potential liability of $300,000. The DSO network case I mentioned earlier is reportedly seeking $12 million in damages for 18 months of allegedly non-compliant recall messaging.

The good news: compliance is straightforward. It requires updating your consent forms, choosing a compliant messaging platform, and training your team on the categories. Most dental practices that get into TCPA trouble are not knowingly violating the law — they simply never updated their processes after the 2024-2025 regulatory changes.

Dr. Ananya Shah

Compliant SMS, built for dentistry

RetainOS handles TCPA compliance automatically — consent management, opt-out processing, audit logging, and category-based messaging. You focus on care, not legal exposure.