August 7, 2022

Volume XII, Number 219


August 05, 2022

Subscribe to Latest Legal News and Analysis

Telemedicine, Texting, and TCPA: Telephone Consumer Protection Act Update

What does the new Supreme Court text message ruling mean for your digital health business?

  • The Supreme Court ruled in favor of Facebook, holding that the Telephone Consumer Protection Act (TCPA) did not apply to Facebook because the system did not have the capacity to randomly or sequentially store, or to randomly or sequentially generatea telephone number.

  • Previously, companies were at risk of TCPA claims asserting only that the text messages or calls were made with devices that simply have the capacity to store and automatically diala telephone number.

  • Digital health companies still have to comply with other applicable patient and consumer protection laws, including no texts or calls to number on do-not-call lists, and the HIPAA privacy and security rules, particularly with respect to text messages (and emails) containing unencrypted patient protected health information.

Telemedicine and remote patient monitoring companies will have an easier time engaging with their patients via text message. As we reported last week, on April 1st, the Supreme Court of the United States agreed with Facebook’s interpretation of the definition of “automatic telephone dialing system” (commonly referred to as an “autodialer”) in a lawsuit accusing Facebook of violating the TCPA.

Scope of TCPA Greatly Diminished

The ambiguity in the TCPA regarding the definition of an autodialer meant that digital health companies were at risk of the TCPA’s private right of action and statutory penalty provisions by texting with their patients. The Supreme Court in Facebook unanimously overturned the Ninth Circuit’s broad interpretation of an autodialer, delivering a significant win for TCPA defendants. If your dialing equipment makes calls to telephone numbers maintained in your patient management system or your customer relationship management platform and does not utilize a random or sequential telephone number generator, text messages and calls using that system or platform are not required under the TCPA to obtain prior express written consent before sending a text or making a phone call. Importantly, the ruling does not distinguish between service-related (purely informational) messages and marketing messages for autodialer purposes, and accordingly applies to both non-telemarketing and telemarketing text messages and phone calls. As a result, as long as the dialing equipment does not use a random or sequential number generator, a digital health company will not be required to obtain “prior express written consent” from their patients before sending them a text, provided other aspects of the TCPA are complied with.

Health care providers are still able to utilize the health care messages exception to the TCPA, which allows health care providers to place artificial/prerecorded voice calls to cellphones, without the patient’s prior express consent, in order to convey important informational “health care messages.” Examples include appointment confirmations, prescription notifications, and exam reminders. Under the “health care messages” exemption, there are restrictions (e.g., patient-users cannot be “charged” for the call or text message; no more than three messages initiated per week; content of messages must be strictly limited to allowed purposes and cannot include marketing, advertising, billing, etc.).

Some Risks Still Remain

Companies should note that the prohibition against pre-recorded or artificial voice calls without prior express written consent remains, as does the prohibition on unsolicited telemarketing phone calls to phone numbers on the national Do Not Call Registry or company-specific do-not-call lists.

All messaging must also comply with HIPAA privacy and security requirements. If your organization sends or is considering sending text messages that contain unencrypted PHI, it should (1) warn patients of the risks of communicating for healthcare purposes using unencrypted text messaging (or emails), (2) obtain patients’ preference and consent with respect to messages with unencrypted PHI, and (3) document the patient’s preference and consent, as well as the organization’s compliance efforts in this regard.

The Takeaway

As text messaging continues to be the preferred method of communication by patients, digital health companies will be able to better engage with their patients going forward. The ability to engage through exchanging educational and informative health care information in the way that patients consume information, will increase patient engagement and positively impact health care outcomes.

© 2022 Foley & Lardner LLPNational Law Review, Volume XI, Number 96

About this Author

Chanley Howell, Intellectual Property Attorney, Foley Law Firm

Chanley T. Howell is a partner and intellectual property lawyer with Foley & Lardner LLP, where his practice focuses on a broad range of technology law matters. He is a member of the firm's Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices and the Sports and Health Care Industry Teams.

Mr. Howell represents companies in a variety of technology law areas, such as:

  • Data Privacy and Security Compliance – Counsel and advise clients with respect to compliance...

Aaron T. Maguregui Health Care Attorney Foley & Lardner Tampa, FL
Special Counsel

Aaron Maguregui is a health care lawyer and member of the firm’s Privacy, Security & Information Management Practice, and national Telemedicine & Digital Health Industry Team. He advises innovative health care and technology companies to solve complex compliance, cybersecurity, data governance, data privacy, and risk management matters. Working with leading health care insurers, government-sponsored managed care organizations, health care providers, and technology companies, he delivers pragmatic legal advice and action-oriented solutions guidance to help clients reach their goals...

Kevin M. Hotchkiss Technology Transactions & Outsourcing Attorney Foley & Lardner Jacksonville, FL

Kevin M. Hotchkiss is an associate with Foley & Lardner LLP, based in the firm’s Jacksonville office, where he is a member of the firm's Technology Transactions & Outsourcing Practice.

He has served as an investigator against multiple large organizations for allegedly violating the Children’s Online Privacy Protection Act (COPPA). He also drafted complaints on behalf of a client, to be filed with the Federal Trade Commission against organizations that violated the COPPA. He also wrote and filed public comments before the FTC regarding proposed changes to COPPA rules.