Last updated: June 2026
A reactivation campaign means I handle a list of your patients, which is protected health information. Here is exactly how that is treated. If anything here is unclear, ask me directly and I'll walk you through it.
Before any patient information changes hands, we sign a BAA. That contract legally binds KontextIQ to safeguard your data, limits what it can be used for, and sets out what happens to it when our engagement ends. A reactivation campaign does not begin until it is in place.
Patient information is stored in HIPAA-compliant cloud storage under a Business Associate Agreement, with access restricted to the work required to run your campaign. Files are encrypted in transit and at rest. Local working copies are kept on encrypted devices. Patient-facing email is sent through a HIPAA-conscious sending setup.
Your list is used to identify lapsed patients, send the reactivation campaign, and report on who came back. That's it. It is not used for any other client, not added to any other list, and not used to train machine-learning models.
Campaigns are email only, by design. I do not text your patients. Adding SMS later requires fresh, properly captured consent, and is only ever offered as a separate step once it is set up correctly. Every reactivation email includes a clear way for a patient to opt out, and opt-outs are honored.
The data is yours. You can request a copy or ask for it to be deleted at any time, and at the end of an engagement it is returned or destroyed per the terms of the BAA.
Questions about how your data is handled? Email zachdissington@kontextiq.com and I'll answer directly.