Telemedicine, Texting, and TCPA: Telephone Consumer Protection Act Update
What does the new Supreme Court text message ruling mean for your digital health business?
The Supreme Court ruled in favor of Facebook, holding that the Telephone Consumer Protection Act (TCPA) did not apply to Facebook because the system did not have the capacity to randomly or sequentially store, or to randomly or sequentially generate, a telephone number.
Previously, companies were at risk of TCPA claims asserting only that the text messages or calls were made with devices that simply have the capacity to store and automatically diala telephone number.
Digital health companies still have to comply with other applicable patient and consumer protection laws, including no texts or calls to number on do-not-call lists, and the HIPAA privacy and security rules, particularly with respect to text messages (and emails) containing unencrypted patient protected health information.
Telemedicine and remote patient monitoring companies will have an easier time engaging with their patients via text message. As we reported last week, on April 1st, the Supreme Court of the United States agreed with Facebook’s interpretation of the definition of “automatic telephone dialing system” (commonly referred to as an “autodialer”) in a lawsuit accusing Facebook of violating the TCPA.
Scope of TCPA Greatly Diminished
The ambiguity in the TCPA regarding the definition of an autodialer meant that digital health companies were at risk of the TCPA’s private right of action and statutory penalty provisions by texting with their patients. The Supreme Court in Facebook unanimously overturned the Ninth Circuit’s broad interpretation of an autodialer, delivering a significant win for TCPA defendants. If your dialing equipment makes calls to telephone numbers maintained in your patient management system or your customer relationship management platform and does not utilize a random or sequential telephone number generator, text messages and calls using that system or platform are not required under the TCPA to obtain prior express written consent before sending a text or making a phone call. Importantly, the ruling does not distinguish between service-related (purely informational) messages and marketing messages for autodialer purposes, and accordingly applies to both non-telemarketing and telemarketing text messages and phone calls. As a result, as long as the dialing equipment does not use a random or sequential number generator, a digital health company will not be required to obtain “prior express written consent” from their patients before sending them a text, provided other aspects of the TCPA are complied with.
Health care providers are still able to utilize the health care messages exception to the TCPA, which allows health care providers to place artificial/prerecorded voice calls to cellphones, without the patient’s prior express consent, in order to convey important informational “health care messages.” Examples include appointment confirmations, prescription notifications, and exam reminders. Under the “health care messages” exemption, there are restrictions (e.g., patient-users cannot be “charged” for the call or text message; no more than three messages initiated per week; content of messages must be strictly limited to allowed purposes and cannot include marketing, advertising, billing, etc.).
Some Risks Still Remain
Companies should note that the prohibition against pre-recorded or artificial voice calls without prior express written consent remains, as does the prohibition on unsolicited telemarketing phone calls to phone numbers on the national Do Not Call Registry or company-specific do-not-call lists.
All messaging must also comply with HIPAA privacy and security requirements. If your organization sends or is considering sending text messages that contain unencrypted PHI, it should (1) warn patients of the risks of communicating for healthcare purposes using unencrypted text messaging (or emails), (2) obtain patients’ preference and consent with respect to messages with unencrypted PHI, and (3) document the patient’s preference and consent, as well as the organization’s compliance efforts in this regard.
As text messaging continues to be the preferred method of communication by patients, digital health companies will be able to better engage with their patients going forward. The ability to engage through exchanging educational and informative health care information in the way that patients consume information, will increase patient engagement and positively impact health care outcomes.