Companies in the healthcare industry, along with virtually every consumer-facing business, are adjusting to the impacts of the Federal Communications Commission’s (FCC) July 10, 2015 Order resolving more than 20 petitions seeking clarification of the Telephone Consumer Protection Act (TCPA). With the recent wave of TCPA class actions being filed across the country, healthcare is one of many industries focused on TCPA compliance in an effort to avoid litigation while also providing efficient and effective communications to patients and consumers. Unlike many other industries, however, the FCC’s July 10 Order recognizes a variety of healthcare-specific exemptions to the TCPA that provide a safe harbor for some important healthcare calls. These exemptions are limited and contain a number of specific requirements and conditions but do not provide a blanket exemption to TCPA liability. Below is a summary of what healthcare companies need to know about the new rules.
Enacted in 1991 to protect consumers from receiving unsolicited telemarketing calls and faxes (and more recently text messages), the TCPA regulates and restricts the manner in which a business may advertise its products and services to consumers by phone (cell and residential lines) as well as by text message and fax. Specifically, the TCPA prohibits the use of an “automated telephone dialing system” or an “artificial or prerecorded voice” to make calls to cell phones without obtaining the recipient’s prior consent. This rule applies to both telemarketing and non-telemarketing calls, including debt collection or informational calls. Following a change in FCC regulations in October 2013, the TCPA now also requires prior written consent for most automated telemarketing communications.
Class action risk under the TCPA can be considerable. Because the TCPA provides for strict liability and statutory damages of $500 per violation (and up to $1,500 if the violation is deemed willful or knowing) with no maximum cap on recovery, potential exposure in a TCPA class action can quickly escalate. To put this in context, the top four TCPA settlements in 2014 totaled more than $175 million. See Sutherland Legal Alert: Multi-Million Dollar Settlements Prompt Record Filing of TCPA Lawsuits.
The FCC has authority and primary jurisdiction to make rules under the TCPA. In some of its most comprehensive guidance published in years, on July 10, 2015, the FCC released a 138-page Declaratory Ruling and Order resolving a long backlog of pending petitions for clarification of the TCPA rules. The Order resolved some questions but left many other issues unresolved. The FCC also largely failed to address the concerns of the business community that the overbroad interpretation of the TCPA has resulted in a wave of vexatious litigation affecting legitimate businesses that are seeking to communicate with their customers in good faith. See Sutherland Legal Alert: Call (Un)Answered (the Second Ring): FCC Issues Sweeping Package of Declaratory Rulings on TCPA Petitions.
Healthcare Provisions in the FCC’s July 10, 2015 Order
Responding to a petition filed by the American Association of Healthcare Administrative Management, the FCC addressed a number of issues specific to healthcare in the recent Order and created several limited exemptions to TCPA liability specific to the healthcare industry.
Prior Express Consent
The FCC confirmed that providing a phone number to a healthcare provider constitutes prior express consent for non-telemarketing healthcare calls. This is consistent with previous FCC guidance stating “persons who knowingly release their phone numbers have in effect given their invitation or permission to be called at the number which they have given, absent instructions to the contrary.”1 The July 10, 2015 Order clarifies that the prior express consent extends to communications not only for the healthcare provider, but also for calls “by or on behalf of the ‘covered entity’ as well as its ‘business associates’” as defined in the Health Insurance Portability and Accountability Act (“HIPAA”) privacy rules, “if the covered entities and business associates are making calls within the scope of the consent given, and absent instructions to the contrary.” Under HIPAA, a “covered entity” is defined as a “health plan,” “health care clearinghouse,” or certain “healthcare providers.” A “business associate” is a person who maintains or transmits health information on behalf of a covered entity.2
Incapacitated Patients/Permissible Third-Party Consent
The FCC formally recognized that a third party may provide prior express consent on behalf of an incapacitated patient. The Order clarifies that when a patient is incapacitated and unable to provide a telephone number directly to a healthcare provider, but a third-party intermediary provides the number, the provision of the phone number by the third party constitutes prior express consent for healthcare calls to that number. In setting this standard, the FCC recognized that in certain healthcare situations it may be impossible for a caller to obtain prior express consent directly from the patient. But, the FCC stated, the prior express consent provided by the third party is no longer valid once the period of incapacity ends. That is, the consent expires with the period of incapacity without the subscriber having to opt out of receiving future calls.2
Calls/Texts Exempt from TCPA Consumer Consent Requirements
The FCC created a limited exemption from the TCPA’s consumer consent requirements for certain calls and texts it deemed to be pro-consumer regarding vital, time-sensitive calls with a health-treatment purpose, subject to a number of conditions. The exemption is limited to the following types of calls:
- Appointment and exam confirmations and reminders
- Wellness checkups
- Hospital pre-registration instructions
- Pre-operative instructions
- Lab results
- Post-discharge follow-up intended to prevent readmission
- Prescription notifications
- Home healthcare instructions
This exemption for calls and texts to wireless numbers only applies if the call or text is not charged to the recipient, including not being counted against any plan limits that apply to the recipient (e.g., number of voice minutes, number of text messages). Any call or text must also meet seven specific conditions: (1) it may be sent only to the number provided by the patient; (2) it must state the name and contact information of the provider; (3) it must be limited to the purposes listed above; (4) it must be less than one minute or 160 characters; (5) a caller cannot initiate more than one message per day or three per week; (6) the call or text must offer an opt-out; and (7) any opt-outs must be honored immediately. Notably, the exemption does not apply to marketing calls or to healthcare communications which include accounting, billing, debt collection, or other financial content.
Many of the issues facing healthcare companies under the TCPA are similar to the issues facing companies in other industry segments: consent and the scope of that consent, reassigned numbers and opt-outs, and large potential exposure to TCPA statutory damages, among other issues. There are also elements of the TCPA rules specific to healthcare, including the new exemption created by the FCC’s July 10, 2015 Order for certain time-sensitive healthcare messages. Healthcare providers communicating with their patients through automated calling or text message will need to pay particular attention to the details of these new rules.