As healthcare companies increasingly rely on mobile delivery platforms and other technologies to communicate with patients about appointments, billing and other issues, the potential for legal exposure under the Telephone Consumer Protection Act (TCPA) also increases. This series provides information to help healthcare companies navigate the TCPA, including:
- Basic TCPA requirements for healthcare companies in sending automated calls and texts, prerecorded messages, or faxes.
- Certain healthcare-related messages that are exempt from TCPA liability.
- Best strategies for healthcare companies to minimize potential TCPA risk.
- Litigation and compliance practice pointers from experienced in-house counsel.
Part 1: TCPA Basics for Healthcare Companies
Why the TCPA Matters
The TCPA was enacted by Congress in 1991 to protect consumer privacy and prevent telemarketers from making unwanted contact with consumers on their phones and fax machines (47 U.S.C. § 227). With Congress's authority, the Federal Communications Commission (FCC) has implemented rules and regulations enforcing the statute (47 C.F.R. § 64.1200). The TCPA includes various requirements for sending automated calls and texts, prerecorded messages, and faxes.1
While the TCPA was initially intended to curtail unwanted telemarketing, the reach of the TCPA has broadened significantly in recent years. Today, most companies that contact consumers via phone or fax, including healthcare companies, face the potential for massive liability under the TCPA. Each call or text made in violation of the TCPA can cost a company up to $500 or actual monetary loss in statutory damages (whichever is greater), and up to $1,500 or three times actual monetary loss for each willful violation (whichever is greater). Faxes carry similarly steep penalties, with violations costing a company at least $500 per fax, and up to $1,500 per fax if the violation was willful or knowing.
The TCPA can be enforced through government enforcement actions and private litigation. At the federal level, the TCPA is largely enforced by the FCC, which can impose civil penalties. At the state level, the TCPA can be enforced by attorneys general or other state officials or agencies, which can bring civil lawsuits for damages in federal courts. The TCPA can also be enforced by private litigants, either individually or through a class action case. Unlike some other federal consumer statutes, the TCPA places no cap on damages, making class actions incredibly attractive to plaintiffs' attorneys. In many cases, regardless of whether a TCPA class action is certified, companies feel pressure to settle due to the potential for massive statutory damages if they are found liable. Healthcare companies are not immune to this potential for liability.
Calls and Texts within the TCPA's Scope
The TCPA prohibits calls to residential landlines using an artificial or prerecorded voice without the prior express written consent of the called party. 47 U.S.C. § 227(b)(1)(B). This prohibition does not extend to:
- Calls made for emergency purposes
- Calls not made for a commercial purpose
- Calls made for a commercial purpose, but that do not constitute an advertisement or telemarketing
- Calls from nonprofit organizations
- Calls delivering a healthcare message from a HIPAA-covered entity or business associate.2
The TCPA prohibits calls to cell phones using an artificial or prerecorded voice or an automatic telephone dialing system (ATDS) without the prior express consent of the called party. (47 U.S.C. § 227(b)(1)(A)(iii)). Courts have treated texts as the equivalent of calls to cell phones for purposes of the TCPA. These prohibitions apply to both telemarketing calls and other types of informational calls, but do not extend to any calls that are made for emergency purposes. With respect to consent, calls made for telemarketing or advertising purposes require prior express written consent, whereas informational or non-telemarketing calls only require prior express consent.
The meaning of "prior express consent" for calls and texts to cell phones has spurred a great deal of TCPA litigation. According to the FCC, consumers who knowingly release their phone numbers have effectively given their invitation or permission to be called at the number which they have provided, absent instructions to the contrary. However, the FCC has emphasized that a call must fall within the scope of the consent that was provided, meaning that the call must be closely related to the purpose for which the phone number was originally provided. For example, a consumer who provides a phone number to a creditor in a credit application demonstrates prior express consent to be contacted at the number regarding the debt. Consistent with the FCC's interpretations, numerous courts have found that providing a cell phone number constitutes prior express consent to be contacted regarding matters related to the purpose for which the phone number was provided.
Prior express consent may even be provided through an intermediary under certain circumstances. One federal appeals court found that patients who provided their cell phone numbers to a hospital gave prior express consent to be contacted by an anesthesiology group and a debt collector, which were associated with the hospital. Even though the patients had not provided their cell phone numbers directly to the anesthesiology group or to the debt collector, the court found that by virtue of signing a patient consent form, the patients expressly authorized the hospital to release their health information, including their cell phone numbers, for billing purposes. However, it is important to note that the patient consent form included specific language allowing the release of their health information to companies who provide billing services for physicians or other providers involved in their medical care. Accordingly, healthcare companies may sometimes rely on a patient's consent through an intermediary, but that consent should be explicit.
Key Considerations for Calls and Texts
Before calling or texting patients using an automated dialing system or a prerecorded message, healthcare companies should consider the following to assess the potential for TCPA liability:
- Type of Phone: Is a residential landline or cell phone being called?
- Type of Message: Is the nature of the message for telemarketing/advertising purposes or for informational/non-telemarketing purposes?
- Consent: Do we have the requisite consent? How did we obtain consent? Has the consent been revoked?
Faxes within the TCPA's Scope
While the use of fax machines has become rarer and rarer with the advent of scanners and email, the use of fax machines in the healthcare industry is still very common. In addition, fax machines continue to be used in marketing efforts both in and outside the healthcare industry. To address the proliferation of unwanted fax advertisements, Congress amended the TCPA by enacting the Junk Fax Prevention Act (JFPA) in 2005.
The JFPA generally prohibits a using a fax machine, computer or other device to send any unsolicited advertisement that promotes the sale of goods or services. The JFPA does not apply to faxes that are not advertisements. For example, one federal appeals court has found that faxes providing information about drugs and services do not constitute actionable advertisements if there is no evidence of the sender's hope to make a profit, directly or indirectly, from the recipient. However, many courts have found faxes that the sender believed were merely informational to be advertisements for purposes of the JFPA. A violation of the JFPA results in a $500 civil penalty per occurrence and can be as much as $1,500 per occurrence if the violation is willful.
A sender is not subject to liability for a fax advertisement if:
- The recipient provided prior express invitation or permission, in writing or otherwise.
- There is an established business relationship (EBR) between the sender and the recipient and the fax meets all of the statutory requirements for this exception.
Whether there is an EBR is a question of fact and can be a complicated analysis.
The JFPA has a number of detailed requirements regarding the types of information that the sender of unsolicited fax advertisements must include on all faxes. For example, the top or bottom margin of the fax must:
- State the date and time the fax was sent.
- Identify the business sending the fax.
- Provide the fax number of the machine that sent the fax.
Unsolicited fax advertisements must also provide an opt-out notice informing the recipient of its ability to opt out of any future faxes from the sender. As the result of a recent D.C. Circuit decision, if a fax is solicited rather than unsolicited, opt-out notices are not required. However, plaintiffs have argued that the decision is not binding on courts outside the D.C. Circuit. Accordingly, the best practice is to include opt-out notices on all faxes. The opt-out notice must meet all of the statutory requirements which include:
- Be "clear and conspicuous" and placed on the first page of the advertisement.
- State that the recipient may opt out of future unsolicited advertisements.
- Note that a failure by the sender to comply with an opt-out request is unlawful.
- Provide a domestic contact telephone number and fax number, available 24 hours a day, seven days a week, for the recipient to send an opt-out request.
- Include a cost-free mechanism to send an opt-out request.
- Instruct the recipient that a request not to send future unsolicited advertisements is valid only if the recipient:
- sends the request to the number of the sender identified in the notice;
- identifies the fax number to which the opt-out request relates; and
- does not expressly invite fax advertisements thereafter.
Key Considerations for Faxes
Before sending a fax, the sender should consider the following items:
- Is the fax an advertisement or could it be construed as an advertisement?
- If an advertisement, do you have the express permission of the recipient to send the fax or an existing business relationship that meets the statutory requirements?
- Does the fax contain the required statutory information on its face and an opt-out notice that meets the statutory requirements?
- Is there a mechanism in place to receive and process opt-out requests that satisfies the statutory requirements for opt-out requests from recipients?