SMS Disaster Alert Checklist for Healthcare Facilities
When a hurricane knocks out a clinic's internet, or a water main break forces a same-day surgery center to close, the question isn't whether you'll need to reach people fast. It's whether the system you built six months ago actually works when you finally press the button. Most facilities find out the answer at the worst possible moment.
Full disclosure: I work for ReadySMS, an SMS platform. So I have an obvious interest in you texting more. But this post isn't a pitch — it's the checklist I'd want a clinic operations manager to run through before they ever need it, including the parts where SMS is the wrong tool.
Why SMS earns its place in a disaster plan
Email gets buried. Phone trees collapse under volume — try calling 800 patients in an hour with a front desk of three. App push notifications assume people downloaded the app and didn't disable notifications. SMS sits in a different category: it lands on essentially every phone, opens at rates north of 90% (a rough industry approximation, but consistently high), and degrades gracefully on weak cellular signal when data connections are already failing.
That said, SMS is a notification channel, not a coordination channel. It's excellent for "We are closed today, here's where to go." It's poor for nuanced clinical instructions or anything containing protected health information you wouldn't want sitting in plaintext on a stolen phone. Keep that line in mind through the whole checklist.
Checklist Part 1: The list, before anything else
A disaster alert system is only as good as the contact data behind it, and that data rots constantly.
- Segment your audience now, not during the crisis. At minimum: active patients, staff, on-call clinicians, and referring partners. You'll message these groups differently, and you can't build segments while the building is flooding.
- Capture consent specifically for emergency/operational messaging. Appointment reminders and emergency alerts are different message categories. Our text consent essentials post walks through getting opt-in that holds up.
- Maintain phone-number hygiene. Disconnected numbers and typos are dead weight. Scrub the list periodically.
- Tag staff numbers separately. Staff alerts often need to go out faster and outside normal quiet hours — and they're legally distinct from patient marketing.
Checklist Part 2: Get 10DLC registered before you need it
This is the step facilities skip, and it's the one that quietly breaks everything. Unregistered traffic on US carrier networks gets filtered — your "we're closed" alert may simply never arrive, with no error you'll notice.
Registering an A2P 10DLC brand and campaign takes roughly 1–3 days to approve and runs about $10/month per brand and $20/month per campaign in carrier fees. ReadySMS handles registration in-app, but the timeline is the point: you cannot register a campaign the morning of a wildfire and expect delivery that afternoon. If you're unclear on the mechanics, the 10DLC explainer covers it.
Register a dedicated emergency/operational campaign now, even if you only send to it twice a year. A registered route that sits idle is infinitely more useful than an unregistered one that fails when it counts.
Checklist Part 3: Write and pre-stage the messages
You do not want to be composing copy while the fire marshal is on the line. Draft templates in advance for the scenarios you can predict.
A single SMS segment is 160 GSM-7 characters. Go over that and the message splits into 153-character multipart segments — and the moment you add a single emoji, the limit drops to 70 characters. For a 12,000-contact patient base, a three-segment message costs three times a one-segment message. So keep alerts tight and emoji-free.
Here's a one-segment template that fits:
[Clinic Name]: We are CLOSED today due to severe weather. All appts before 3pm are rescheduled — we will text new times. Urgent care: call 911 or [ER].
That's 148 characters. One segment. No PHI, clear next action, includes the urgent-care escape hatch.
What not to put in an alert: diagnoses, test results, medication names, anything tying a person to a condition. "Your oncology appointment is moved" is more exposure than "Your appointment is moved." Our HIPAA guide draws the line on what's safe to send.
Checklist Part 4: Compliance guardrails that still apply mid-crisis
Emergencies don't suspend TCPA. They do create some genuine carve-outs for safety messaging, but the safest posture is to assume the normal rules hold and lean on a platform that enforces them automatically.
| Guardrail | Why it matters in a disaster | How ReadySMS handles it |
|---|---|---|
| STOP / opt-out | A patient who opted out can't be re-added, even by accident | Inbound STOP honored and propagated across campaigns |
| Quiet hours | A 2am "we're closed" text invites complaints — and exposure | Sends held outside permitted local hours by recipient area |
| Litigator / DNC scrubbing | One known TCPA litigator on your list is a $500–$1,500-per-text problem | Optional scrub at $0.005/contact suppresses known matches pre-send |
| Consent attestation | You'll want the audit trail if anyone questions a send | Opt-in attestation recorded for bulk/API sends |
A note on quiet hours: for genuine safety-of-life alerts you may have grounds to override them, but build that as a deliberate, documented exception — not your default. The healthcare compliance automation post goes deeper on balancing speed and legal exposure.
Checklist Part 5: Build the two-way path
Broadcasting is half the system. The other half is what happens when 400 people text back "Is my Tuesday appointment still on?"
A conversations inbox matters here. Replies need to land somewhere a human (or a triaging assistant) can see them, not vanish into a no-reply void. ReadySMS gives you two-way messaging with an inbox, and for facilities running GoHighLevel, inbound replies sync into GHL per location — so a multi-site health group keeps each site's conversations isolated rather than dumped in one queue.
For the predictable questions ("Are you open?"), optional AI-assisted replies can suggest or auto-send responses, freeing staff to handle the genuinely urgent threads. It's a newer capability — use it for the obvious stuff, keep a human on anything clinical. There's more on the value of bidirectional messaging in our two-way SMS in healthcare post.
Checklist Part 6: Test it like you mean it
An untested disaster system is a hypothesis, not a plan.
- Run a live drill twice a year. Send a real (clearly labeled) test alert to a small internal segment. Measure delivery rate and time-to-send.
- Time the full sequence. From "decision to alert" to "last message delivered." If it takes 40 minutes to find the template and assemble the list, fix that now.
- Test inbound. Have testers reply STOP, reply with a question, reply with gibberish. Confirm each is handled.
- Verify your 10DLC campaign is active and in good standing. Throughput limits and registration status drift; check before you rely on them.
- Confirm your credit balance covers a worst-case blast. Prepaid credits are great until you're out of them at hour zero of an emergency.
Quick cost sanity check: a one-segment alert to 12,000 contacts on the Basic tier (10,001–50,000/month) runs 12,000 × ($0.0074 + $0.0045 carrier pass-through) = $142.80. That's the whole cost of reaching your entire patient base in minutes. Keep enough credits banked to cover several such sends, because disasters rarely announce themselves one at a time.
The practical takeaway
A working disaster-alert system isn't built during the disaster. It's a registered 10DLC campaign you set up months ago, a contact list you keep clean, pre-written messages that fit in one segment and contain zero PHI, compliance guardrails running automatically, a two-way inbox someone watches, and a drill you run every six months whether or not you think you need it.
If you want to stand the bones of this up, the crisis response guide and the broader emergency alert tactics post are good companions to this checklist. And ReadySMS starts with 2,500 free credits and no credit card — enough to register a campaign and run your first drill before you commit to anything. Build it now, while the weather's fine.