07
Guide 07 of 08 · Healthcare
AvailableSMSViberWhatsApp

Hospital and eHealth appointments: automated reminders that stay ΗΔΙΚΑ-friendly

No-show rates at Greek public hospitals run 18–23%; private centres reach 12%. An SMS reminder 24 hours ahead cuts that by ~40%. The job is not technically trivial though: the doctor's name and specialty count as health data and fall under GDPR Article 9 special-category rules.

Problem

Many clinic management systems send "Good morning Maria, tomorrow 14:30 with Dr. Cardiologist Papadopoulos at Onassis" — near-perfect no-show reduction, but a full GDPR Article 9 violation if no explicit health-data-via-mobile consent exists.

Legal framework
GDPR άρθρο 9 (ιατρικά δεδομένα)

Health data requires explicit consent per purpose. A no-show reminder is a separate purpose from the appointment itself.

Ν. 4624/2019 άρθρο 22 (ειδικές κατηγορίες)

In Greece, special categories can be processed for medical care without consent — but SMS reminders qualify as „continuity of care" only with the patient's consent.

Π.Δ. 84/2001 (ιατρικός φάκελος)

The medical record is confidential; information leaking into SMS must be minimal (data minimisation).

Architecture
01

Two-layer consent

Layer 1: consent to process health data (general). Layer 2: consent for SMS communication that mentions medical context (specific).

02

Data minimisation template

Default template mentions only „clinic + time" — not the doctor's name or specialty. Details delivered via a secure link.

03

Confirmation flow

The patient can reply „YES"/„NO" to the SMS. „NO" cancels the appointment automatically and sends a confirmation.

04

ΗΔΙΚΑ-compatible export

All notification events exportable as JSON or CSV compatible with ΗΔΙΚΑ schemas for HDPA audit.

Code
bash
curl -X POST https://api.4notify.net/v1/dispatch \
  -H "Authorization: Bearer $API_KEY" \
  -d '{
    "channel": "sms",
    "template_id": "appointment_reminder_minimal",
    "recipient": "+306987654321",
    "variables": {
      "clinic_short": "Κλινική Α",
      "time": "14:30",
      "date": "26/05/2026",
      "details_link": "https://clinic.gr/r/eyJ…"
    },
    "compliance": { "gdpr_art9_consent_id": "cons_8821_health_sms" }
  }'
Sample message
SMS

Clinic A: reminder for your appointment tomorrow 26/05 at 14:30. YES to confirm · NO to cancel. Details: clinic.gr/r/eyJ…

Before launch
  • Double consent (general Article 9 + SMS-specific)
  • Default template omits doctor name/specialty
  • Reply-to-cancel flow enabled
  • Logged as special-category data in the records
  • ΗΔΙΚΑ-compatible export configured
What 4notify does differently

Structurally GDPR Article 9 compliant: data-minimisation templates, double-consent ledger and ΗΔΙΚΑ-ready export — by-design, not bolted on.

FAQ
Is Viber allowed instead of SMS?

Yes, and Viber is end-to-end encrypted, so it is considered safer. HDPA increasingly favours Viber/WhatsApp for medical reminders.

What about underage patients?

Consent given by parent/guardian up to 15 (digital-consent age limit in Greek Law 4624). The threshold is flagged in the template.

How long do we retain notification logs?

Recommended duration: 24 months, matching typical medical-record audit retention. Anonymise beyond that.

Start free

14 days, no card. Greek-language support.

Other guides