The CRM built for follow-ups that actually happen.
ContactFollowUp is a healthcare-grade CRM that ensures every patient and prospect gets the right follow-up at the right time — at half the cost of HubSpot. Practice management and a patient portal are included, on the same encrypt-at-rest, audit-everything foundation.
No credit card. Full feature access. Migrate from HubSpot, Klara, NexHealth, or Tebra in a week.
Sarah Chen
Patient · since 2024
Recent activity
- EmailLab results sent · opened
- ApptAnnual physical · completed
- NotePatient declined statin
- TaskRefill follow-up · due Fri
Lead score
72 / 100 · Engaged
Trusted by independent practices across the United States
Three surfaces. One system.
One foundation for the whole front office.
Stop paying three vendors. ContactFollowUp is your CRM, your practice management, and your patient portal — sharing one contact record, one audit log, one set of encryption keys.
Pillar 1
CRM
Everything HubSpot Sales Hub Enterprise gives you — contacts, companies, deals, sequences, workflows, lead scoring, forecasting, lists, custom objects — at half the seat price.
- Multiple pipelines per object
- Workflow automation builder
- Lead scoring + forecasting
- Lists, teams, custom properties
Pillar 2
Practice management
Providers, availability rules, appointment types, scheduling, intake forms, check-in, waitlist, recall, and follow-up — everything Klara, NexHealth, and Tebra bundle.
- Provider availability + scheduling
- Encrypted intake forms
- Self check-in (±30 min)
- Waitlist + recall automation
Pillar 3
Patient portal
Your patients get a HIPAA-grade portal — appointments, self-scheduling, intake forms, secure messaging, data export, and self check-in — with no per-patient fees.
- Self-scheduling + 2-tap rebook
- Encrypted secure messaging
- Patient data export (HMAC-signed)
- Self check-in within 30 min of appt
Feature walkthrough
Every surface, designed for clinical workflow.
Ten things you can do on day one. Every screen built around a clinical reality, not a sales demo.
Deals & pipelines
Multiple pipelines. Drag-to-reorder stages. One default per object.
Per-object pipelines
Deals and tickets each get their own — a sales pipeline doesn't have to share stages with support.
Drag stages without breaking history
Reorder live; all existing deals keep their stage assignment and audit history.
Default-pipeline invariant
Exactly one default per object type, enforced in a transaction. No null states.
Dr. Patel · Allergy intake
$2,400
Riverside Family Clinic
$8,900
Westside Pediatrics
$12,200
Pinecrest OB/GYN
$6,500
Lakeshore PT — annual
$24,000
Cedar Mountain Derm
$18,750
Scheduling
The week grid your front desk already imagines.
Provider availability layers
RECURRING weekly rules, ONE-OFF overrides, BLOCKED time — merged automatically.
Google + Microsoft calendar sync
Connect a personal calendar; busy windows are subtracted and new bookings write back.
Telehealth links auto-provisioned
Meet for Google, Teams for Microsoft. The link is in the appointment record.
Contact record
A contact card that respects what the data actually is.
Every PHI field encrypted at rest
Email, phone, DOB, address, notes — AES-256-GCM in *_enc columns. A raw DB dump shows ciphertext.
Blind-index search on email + phone
Deterministic HMAC indexes so search works without ever decrypting the column.
Per-record sharing
AGENTs see what they own plus what's shared with them. WRITE shares grant edit access.
Sarah Chen
Patient · since 2024
Recent activity
- EmailLab results sent · opened
- ApptAnnual physical · completed
- NotePatient declined statin
- TaskRefill follow-up · due Fri
Lead score
72 / 100 · Engaged
Secure messaging
HIPAA-grade patient ↔ staff conversations.
Subjects and bodies encrypted
Even thread titles like 're: A1C result' are PHI. They're encrypted too.
Per-side unread counters
Patients only see what they own. Staff routes by inbox, not by SMS thread.
Audit-logged delivery
Every send, read, and reply emits an immutable audit row keyed to the actor.
Sarah Chen
re: lab results …
Aaron Diaz
re: lab results …
Jen Park
re: lab results …
Workflows
Automation that reads like a clinical pathway.
TRIGGER · CONDITION · ACTION · DELAY · GOAL
The five primitives you've always wanted. PHI columns excluded as conditions.
Drag-reorder steps
The graph is a flat sequence with optional branches — easy to audit, easy to change.
Minute-cadence tick
A cron tick advances every due enrollment by one step. No queue infra needed.
When contact lifecycle changes to LEAD
If source = 'web form'
Enroll in 'Welcome' sequence
Wait 2 business days
Create task for owner: 'Call & qualify'
Intake forms
Forms that save themselves and expire on schedule.
Whole-record AES-GCM
Submissions are encrypted as one payload — fields plus answers. One ciphertext blob, one decrypt key.
Save & resume
DRAFT status lets patients pause; auto-saved on every blur. No lost progress.
Expiration aware
If the latest submission is older than expirationDays, the patient is re-prompted before their visit.
New patient history
Saved 3 min ago · auto-resume
Reason for visit
Current medications
Allergies
Forecast & reports
Best-case, commit, weighted — at a glance.
Per-pipeline rollups
Best-case, commit (≥70% probability), weighted, and closed-in-period.
Snapshots for trending
Persisted ForecastSnapshot rows so you can plot how the forecast moved week over week.
Tabular numerals everywhere
Dollars line up. Counts line up. Dates line up. Built into the type stack.
Best case
$324k
Commit
$218k
Weighted
$162k
Monthly closed-won — 8-month trend
Audit log
Every write recorded. Forever.
Append-only at the service layer
Every service write emits an audit row with actor, action, target, and JSON diff. No service path updates or deletes.
Actor kind tracked
user · agent · system. So when an automation does something, you know which one.
Exportable
CSV or JSON, scoped to a date range. Hand to your HIPAA Security Officer at audit time.
Append-only · 7-year retention · exportable
Sequences
Multi-step outreach that doesn't feel like spam.
Email · SMS · Task · Wait
The four steps you actually use. Tracking pixels and link-rewrites baked in.
Per-sequence stats
Enrolled, opened, replied. Counts roll up to the contact for lead scoring.
{{contact.firstName}} interpolation
Handlebars-style placeholders. PHI-aware — never leaks a decrypted field into a sender's log.
Welcome sequence · 4 steps
Welcome to the practice — what to expect
Day 0Wait 2 days
Day 2Quick reminder about your intake form
Day 2Tips before your first visit
Day 5142
Enrolled
64%
Open rate
18
Replies
Public booking
Calendly-class booking pages — yours, on your domain.
Auto-create contact by email
First-time bookers become Contacts on the spot. No duplicate-merge cleanup later.
Buffers + min-notice
Per-link buffers before and after. Patients can't book within your minimum-notice window.
Google Calendar / M365 busy
Connected calendars subtract busy windows before the slot list ever renders.
Book with Dr. Patel
30 min · in-person or telehealth
Busy windows from connected Google Calendar removed automatically.
Comparison
ContactFollowUp vs HubSpot Sales Hub
Same CRM surface — pipelines, sequences, workflows, scoring, forecasting — minus the per-contact marketing meter and plus a clinical foundation. At roughly half the seat price.
HubSpot pricing per their public pricing pages (mid-2026). Equivalent ContactFollowUp tiers shown.
Comparison
ContactFollowUp vs Klara, NexHealth, Tebra
Same patient-portal and practice-management surface — plus a real CRM you can run sales and marketing on. No per-patient meter.
Competitor feature surface and pricing inferred from public marketing materials and customer-reported quotes; current as of mid-2026.
Security posture
Built for the way PHI actually moves through a clinic.
ContactFollowUp does the application-layer work HIPAA requires: encryption at rest, immutable audit logs, role-based access, and a service-account model for automation. The deployment-side work — BAA contracts, customer-managed keys, network restrictions — is documented in plain English in our security guide.
HIPAA-aware by design
Every PHI field encrypted, every write audit-logged. The architecture assumes the database will leak — and stays useless if it does.
AES-256-GCM at rest
Field-level ciphertext in *_enc columns. Customer-managed CRM_DATA_KEY in Key Vault or Secrets Manager — never in plain env files.
Immutable audit log
Every service write emits an AuditLog row. No service path updates or deletes one. Append-only at the application layer.
RBAC + per-record sharing
Roles (Admin / Manager / Agent / Readonly) plus ContactShare records. AGENTs see what they own plus what's shared with them.
MFA + OIDC SSO
TOTP with recovery codes. Microsoft and Google OIDC sign-in. Patient portal runs on a separate session table and cookie.
BAA-ready
Subprocessor inventory and BAA management surface built in. Anthropic, AWS, Microsoft, Postmark, Twilio, Athena, Hint, Stripe.
Pricing
Half the seat price. Twice the foundation.
Three tiers, transparent pricing, no per-patient meter. Marketing automation as an optional $445/mo add-on (vs HubSpot's $890/mo Pro).
Solo practitioners and 1–2 person clinics.
- Basic CRM (contacts, deals, sequences)
- Single pipeline
- Basic email + forms
- Up to 1,000 contacts
Growing practices — Sales Hub Pro at half the price.
- Multiple pipelines + workflows
- Meeting scheduling, templates, reports
- Custom properties (15)
- Up to 10,000 contacts
Multi-location practices.
- Unlimited custom objects + workflows
- Lead scoring + forecasting + hierarchical teams
- EHR integrations (Athena + Hint)
- SSO, field-level permissions, unlimited contacts
Built by clinicians and engineers
Designed where the work happens.
ContactFollowUp is built by Northern Software Consulting — engineers paired with practicing clinicians and administrators. Every screen has a clinical reviewer. Every PHI path has an audit reviewer.
We replaced HubSpot, Klara, and a spreadsheet. The patient-record-is-also-the-deal model finally matches how we actually work.
Dr. Maya Patel
Westside Pediatrics · Founding partner
The audit log alone was worth the move. Our HIPAA Security Officer used to live in a CSV. Now she lives in /app/audit.
Jen Kim
Cedar Mountain Dermatology · Practice administrator
Half the seat price of HubSpot, and the encryption is real — not a checkbox. That's the only sentence I needed to hear.
Aaron Diaz
Lakeshore Physical Therapy · Director of operations
Frequently asked
Questions, answered.
A handful of the things prospects ask us most. The full FAQ has 30+ more — migrations, EHR integrations, mobile, API, support.
How long does migration from HubSpot take?
We've migrated a 4,000-contact practice in a week. Contacts, deals, sequences, custom properties, and historical activity all import. The audit log is preserved with the original timestamps.
Do you support Klara, NexHealth, or Tebra migrations?
Yes. We import patients, providers, availability, intake forms, and appointment history. Secure-message threads come over with their PHI re-encrypted on our keys.
Is the encryption real or marketing?
Real. Every PHI field on Contact, Activity, Appointment, Insurance, and IntakeSubmission is AES-256-GCM in *_enc columns. A raw database dump is ciphertext. We've open-published the encryptor implementation in src/infra/encryptor.ts.
What about a BAA?
We sign a BAA with every covered customer. ContactFollowUp acts as a data processor; PHI is encrypted at rest and in transit. The deployment is responsible for downstream subprocessor BAAs — we surface a tenant-side BAA-management UI to track them.
Stop letting follow-ups slip.
Move every contact, deal, appointment, and audit record onto one HIPAA-aware system. Free for 14 days, no credit card.
No credit card. Cancel anytime. 14 days, full access.