In today’s digital world, hospitals and other health care organizations are increasingly communicating with patients by way of automated text messages, prerecorded voice calls or facsimile. Appointment reminders, prescription refill calls, patient satisfaction surveys, promotions and advertisements or other messages can be easily transmitted to numerous patients by a simple click of a button. However, what callers may not realize is that by simply clicking that button, they may inadvertently violate a federal law known as the Telephone Consumer Protection Act (TCPA).
The TCPA was enacted in 1991 to prevent telemarketers from making unwanted telephone calls or sending unsolicited faxes to consumers. Over time, the scope of the TCPA has broadened and currently regulates certain text messages, telemarketing calls, auto-dialed calls, prerecorded calls and unsolicited faxes. In general, the TCPA prohibits: (1) making telemarketing calls using an artificial or prerecorded voice to residential telephones without the prior express consent of the called party; and (2) making non-emergency calls using an automatic telephone dialing system (autodialer) or an artificial or prerecorded voice to a wireless telephone number without prior express consent. For autodialed or prerecorded voice telemarketing calls to wireless numbers, prior express consent must be in writing, unless exempted. A text message is deemed a “call” for purposes of the TCPA.
If your health care organization sends autodialed or prerecorded calls or text messages and the TCPA is not on your radar, it should be. The consequences for noncompliance are massive. Statutory damages range from $500 per call up to $1,500 per call for willful violation, which can quickly add up to the tune of tens of millions of dollars in damages. The TCPA is also a strict liability statute, meaning intent is not an essential element of the claim. In other words, providers who made every effort to comply with the Act may still be on the hook for damages for noncompliance. If this does not get your attention, an online search for “TCPA settlements” should. Last year, CVS agreed to pay $15 million to settle a class action lawsuit stemming from allegations that the drug store made unsolicited and automated flu shot reminder calls to consumers, which allegedly also contained marketing messages. In 2015, Walgreens agreed to pay $11 million to settle a class action lawsuit alleging that the pharmacy sent prerecorded robocall messages to consumers’ cell phones without the requisite consent.
While the health care industry is subject to TCPA compliance, the Federal Communications Commission (FCC) has acknowledged the importance of some health care calls to consumers. Accordingly, the FCC – which is the agency responsible for implementing and enforcing the TCPA – created two exemptions that allow certain health care entities to deliver specific health care messages to patients, so long as they meet certain requirements. In cases where neither health care-related exemption applies, some health care providers have successfully used the emergency purposes exception, which allows for robocalls in any situation affecting the health and safety of consumers. For instance, on March 20, 2020, the FCC announced that the COVID-19 pandemic constitutes an “emergency” under the TCPA, and that hospitals, health care providers, state and local health officials and other government officials may communicate information concerning COVID-19, as well as mitigation measures, without fear of violating the TCPA. Thus, according to the FCC, “a call originating from a hospital that provides vital and time-sensitive health and safety information that citizens welcome, expect and rely upon to make decisions to slow the spread of the COVID-19 disease would fall squarely within an emergency purpose.” In addition, some, but not all, courts have recognized that a patient’s ability to receive a prescription medication in a timely manner is critical to preventing a major health emergency, including hospitalization, and held that such autodialed or prerecorded calls fall within the emergency exception to TCPA liability.
To be clear, the FCC reiterated just this past June, that there is no “broad exception for health care-related calls” and confirmed that consent cannot be implied from the preexisting relationship between the consumer and the health care company or provider. It also noted that the TCPA requires “prior express consent before making calls to the consumer’s wireless phone number.” The mere fact that a consumer failed to opt out after receiving the autodialed or prerecorded call will not constitute consent.
What steps should health care organizations and providers take to avoid liability under the TCPA? Health care organizations and providers should work closely with their legal counsel to ensure that all communications not only comply with HIPAA privacy protections, but also the TCPA. Warner attorneys are experienced in advising clients on HIPAA and TCPA compliance and defending against TCPA litigation. If you would like to discuss your compliance, steps you can take to avoid TCPA liability or if you are subject to a TCPA claim, please feel free to contact Katherine Pullen, Adam Ratliff or any member of our Cybersecurity and Privacy Litigation Practice Group or Health Care Litigation Practice Group.
