A reminder text feels harmless. For most clinics, it is.
But you don't run most clinics. You run a substance use disorder program. Here the rules are stricter, and the stakes are personal. That's why Curogram for Opus EHR treats your messages with extra care.
Here's the core difference.
42 CFR Part 2 protects SUD treatment records far more tightly than HIPAA alone. Even the fact that a person is in SUD treatment counts as protected. It needs written consent before anyone can share it.
Now think about what that means for a text.
A message like "Your appointment at [SUD Treatment Center] is tomorrow" can reveal a patient's treatment status. Anyone who glances at their phone might see it — a roommate, a partner, a coworker.
None of them need to know. And none of them should.
Opus EHR handles Part 2 protections inside the clinical record, and it does that job well. The trouble is that patient texting lives outside the record. Reminders, confirmations, and replies all happen in a layer Opus was never built to govern.
That gap is where risk creeps in. Many centers fall back on phone calls, staff personal phones, or basic one-way reminder tools. None of those were designed for Part 2. And none of them leave you a clean record.
The consequences are real. Part 2 violations carry financial penalties. They can also break the trust that recovery depends on. Both are hard to win back.
So the channel itself becomes a compliance question — not just the chart. The good news is that the gap is fixable.
You can keep the speed of texting and still respect every Part 2 line. The rest of this guide shows you how. For your team, that means much less phone tag and far less daily worry.
Walk into a typical SUD front office and you'll see communication held together by improvisation. Each piece works on its own. Together, they leak.
Most centers lean on some mix of these:
Each option carries its own crack. Personal phones aren't encrypted or auditable, so a sensitive reply lives in someone's text app with no record. One-way tools can't capture consent or catch a patient's response.
As one program put it:
"Patients reply to our reminder texts and the messages go into a void."
The documentation gap is the real danger. When a patient texts something sensitive to a staff member's personal number, there's no audit trail and no compliance record to point to later.
It also puts your staff in an impossible spot. A well-meaning counselor texts a patient back from a personal phone just to be helpful, and protected information lands on a personal device. No one set out to break a rule. The setup made it almost unavoidable.
Then there's scale. A front desk dialing 80+ patients a day can't keep pace, and the moment volume rises, the cracks widen.
For your team, that means more missed connections, more undocumented exchanges, and more exposure with every call.
There's a patient cost too. People in early recovery often screen calls or let voicemails stack up, so a phone-only system misses the very people it's meant to reach. A reminder that never lands is a session that may never happen.
So how do you close that gap without adding new risk? It starts by splitting the work cleanly.
When you handle 42 CFR Part 2 patient communication, Opus and Curogram each do a distinct job. Opus guards the clinical record. Curogram governs the conversation.
That division is the whole trick. Your clinical record keeps its Part 2 protections untouched, while a separate, secured layer carries the daily messaging. You get the reach of texting without dragging sensitive details into the open.
Here's how that conversation stays compliant.
Every patient-facing message is encrypted, time-stamped, and stored under a signed Business Associate Agreement. Nothing lives in a personal text app, and nothing disappears. That gives you the audit trail Part 2 expects.
Outbound messages are built to leave SUD specifics out.
A reminder reads "Your appointment is confirmed for [date/time]" — not "Your SUD group therapy session is confirmed."
The patient gets what they need, and the text reveals nothing about treatment status.
Curogram supports documenting a patient's consent to text communication, which lines up with Part 2's written-consent requirement before any disclosure. Consent becomes a recorded step, not a verbal assumption.
Patients reply to the number they already recognize, and your staff respond from a secure dashboard instead of personal phones. Every exchange is captured and reviewable.
The communication layer sits alongside Opus through a Direct DB connection. Appointment data syncs to trigger reminders, but no clinical SUD detail flows into the messaging layer. The record's confidentiality protections stay exactly where they were.
Put those pieces together and the picture changes. Outbound texts say only what they need to. Inbound replies land somewhere safe and searchable. The whole thread can be pulled up later if a reviewer ever asks.
Setup won't tie up your team either. Onboarding runs about 10 minutes on the dashboard, with no IT expertise required. For your front office, that means a compliant channel that feels familiar from day one.
Familiar is good — but you're probably wondering what this looks like with a real patient.
Let's follow one through the workflow, start to finish.
Behind that smooth experience sits a full record. Every text, reply, and consent entry is time-stamped and stored in HIPAA-compliant infrastructure, ready for compliance review whenever you need it.
Notice what the patient never has to do. They don't download an app, learn a portal, or reset a forgotten password. They just get a text and tap a reply — the same thing they already do all day.
Now compare the two ways of getting the same job done:
| What happens | Manual phone calls | Curogram texting |
|---|---|---|
| Reminders sent | One call at a time, 80+ a day | Automated, sent in batches |
| Patient replies | Voicemail or missed | Captured in the dashboard |
| Consent record | Verbal, undocumented | Logged and time-stamped |
| Audit trail | None | Complete and reviewable |
The volume math makes the case. SUD programs running 20 to 100+ patients in active IOP simply can't confirm everyone by phone — manual processes break at that scale.
Texting reaches patients where they already are, and with a 98% SMS open rate, your reminders actually get seen. For your team, that's fewer empty chairs and far less time lost to the phone.
Consistency is the quiet win here. Every patient gets the same reminder cadence, the same neutral wording, and the same documented trail — whether you confirm 20 sessions this week or 200. That kind of reliability is hard to match with a phone and a sticky note.
The workflow is the easy part to picture. The harder question is what it returns to you in time and revenue. So let's put real numbers to it.
Take the phones first. Say your front desk makes 80 reminder calls a day, and each call runs about four minutes once you count dialing, voicemails, and notes.
Here's how that adds up:
This means automated, two-way texting hands that time back. Reminders go out on their own, replies land in the dashboard, and your front desk spends its hours on patients in the building — not on hold.
The gain isn't only on the clock. When your front desk isn't stuck in dial-and-leave-voicemail loops, the work feels less like a treadmill. That matters in a field where burnout and turnover carry real costs of their own.
Now the revenue side. Curogram clinics see no-show rates that run 53% below the industry average, and every recovered slot is a session you can actually bill.
As a simple example, if your program loses 10 IOP sessions a week to no-shows at $150 each, that's $1,500 walking out the door — about $78,000 a year.
Cut even half of those misses and you've recovered tens of thousands annually.
Curogram users typically see a 10% to 20% lift in revenue once recovered appointments are added back. For your team, that's the difference between a schedule that drains the budget and one that protects it.
Stack the two together — reclaimed hours and recovered revenue — and the math gets hard to ignore. One change to how you reach patients touches both your payroll and your billing. That is rare for a single tool.
All of that only works if the rollout is done right. So before you flip the switch, have one honest conversation. Curogram is a communication tool, not a legal compliance platform.
That distinction matters. Your center should review its specific 42 CFR Part 2 obligations with legal counsel, and confirm that your text content, consent documentation, and patient opt-in process all meet your own reading of Part 2.
None of that should feel like a warning sign. It's simply how compliance works in a Part 2 world — the rules live with you, and the tooling supports how you choose to meet them. A good vendor makes that line clear instead of blurring it.
Think of the responsibility as split into two clear lanes.
Curogram provides the technical foundation: encryption, audit trails, a signed BAA, consent-workflow support, and content-neutral message templates. These are the building blocks that keep your texts defensible.
Your team owns the interpretation — how those tools map to your Part 2 obligations and clinical policies. That call belongs with you and your counsel, not a vendor.
When both sides hold, you get a texting channel that supports compliance instead of complicating it. The tools do the heavy lifting; your compliance read keeps them pointed the right way. This is general guidance, not legal advice, so treat your counsel's input as the final word.
A short call with your compliance lead before launch usually settles it. Bring your message templates and your consent process, and check that both match your Part 2 reading. Once that's signed off, you can roll out with confidence.
You didn't get into SUD treatment to spend your days dialing voicemails. You also shouldn't have to worry about what a reminder text might reveal. Yet that's where the patchwork leaves most centers. Stretched thin, undocumented, and quietly exposed.
It doesn't have to stay that way.
The fix isn't another disconnected tool. It's a messaging layer that already respects the weight Part 2 places on every text. Opus keeps your clinical record protected.
Curogram keeps the conversation around it just as careful — encrypted, consent-based, neutral in language, and fully logged.
Think about what that frees up. Your front desk stops drowning in 80+ daily calls. Patient replies stop vanishing into a void. Consent stops being a verbal guess and becomes a recorded fact.
The numbers back it up too. With a 98% open rate, your reminders actually get seen. And with no-show rates that run 53% below the industry average, your schedule starts working for you instead of against you.
That's the real shift here. You move from improvising compliant outreach to running it on a system built for the job. And you do it without exposing a single patient's treatment status along the way. That balance is the point.
Recovery runs on trust. The way you reach patients should protect that trust, not risk it with every text you send. A channel built for Part 2 lets you grow your outreach and your confidence at the same time. That is what compliant texting should feel like.
Book a Demo and walk through a live, compliant texting workflow with our team. Bring your toughest compliance question — we'd rather answer it now than leave you guessing later. You can also explore how Curogram serves behavioral health clinics for the bigger picture.