Recent TCPA Developments for Healthcare Providers

TCPA Background

Enacted in 1991 to protect consumers from unsolicited telemarketing calls and faxes (and more recently text messages), the TCPA specifically prohibits the use of an “automated telephone dialing system” or an “artificial or prerecorded voice” to make calls to cell phones without obtaining the recipient’s prior consent. This prohibition applies to both telemarketing and non-telemarketing calls, including debt collection and informational calls. The TCPA also requires prior written consent for most automated telemarketing communications, particularly those made to cell phones.

Class action litigation risk under the TCPA can be considerable.  Because the TCPA is a strict liability statute with statutory damages of $500 per violation (trebled to $1,500 per violation if the violation is deemed willful or knowing) with no maximum cap on liability, potential exposure in a TCPA class action can quickly escalate. Multi-million-dollar settlements are commonplace. The healthcare industry is no stranger to class action litigation risk under the TCPA.²

Healthcare Providers’ Concerns About the FCC’s 2015 Order

In 2012, the FCC issued an Order in which it, among other things, exempted healthcare calls covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) from TCPA liability.³  The FCC is authorized under the TCPA to issue such orders.⁴

Then, in July 2015, the FCC issued another TCPA Order (2015 Order), in which it provides, in part, that not all calls or texts to patients are healthcare communications exempt from the TCPA.⁵ Specifically, if the calls or texts relate to telemarketing, advertising, or bill collection, they are not exempt.

In an effort to mitigate the impact of the TCPA, healthcare providers appealed the Order as it relates to healthcare communications. The appeal was one of many appeals of the 2015 Order that were consolidated before the DC Circuit under ACA Int’l v. FCC.⁶

The appeal argues, in relevant part, that communications between a healthcare provider and its patients are regulated by HIPAA and HIPAA’s implementing regulations.⁷ According to the appellants, these regulations strike the appropriate balance between allowing the flow of necessary health information to patients while protecting the privacy of that information.⁸ The appellants argue that the FCC improperly adopted TCPA compliance standards, including different restrictions based on the type of call and the type of number called, in conflict with HIPAA regulations that provide broad immunity for healthcare providers to call patients. In essence, the FCC expanded the reach of the TCPA into an area already regulated by HIPAA.

The appellants identify three areas where healthcare providers should be protected by HIPAA, but under the FCC’s 2015 Order they are now potentially exposed to class action litigation under the TCPA:  

·         No consent required for HIPAA-protected calls to residential phone lines;

·         Prior express consent required for HIPAA-protected calls to cell phones; but

·         Calls to wireless numbers that have an “exigent . . . healthcare treatment purpose” are exempt from consent requirements if they are not charged to the called party.⁹

This third exemption is limited to the following types of calls:

• Appointment and exam confirmations and reminders
• Wellness checkups
• Hospital pre-registration instructions
• Pre-operative instructions
• Lab results
• Post-discharge follow-up intended to prevent readmission
• Prescription notifications
• Home healthcare instructions

Notably, however, this exemption for calls and texts to cell phones applies only if the call or text is not charged to the recipient, including not being counted against any plan limits that apply to the recipient (e.g., number of voice minutes, number of text messages). Any call or text must also meet seven specific conditions: (1) it may be sent only to the number provided by the patient; (2) it must state the name and contact information of the provider; (3) it must be limited to the purposes listed above; (4) it must be less than one minute or 160 characters; (5) a caller cannot initiate more than one message per day or three per week; (6) the call or text must offer an opt-out; and (7) any opt-outs must be honored immediately.¹⁰ Interestingly, the exemption does not apply to marketing calls or to healthcare communications that include accounting, billing, debt collection or other financial content.

The appellants further fault the FCC for the regulations on calls to wireless numbers because the exemption’s requirement for “exigency” conflicts with HIPAA’s definition of “health care,” which includes all calls concerning “care, services or supplies related to the health of an individual.”¹¹ The appeal contends that the FCC generally has an obligation to interpret the TCPA consistently with HIPAA, not in conflict with it.¹²

The FCC argues in response that the prior exemption of HIPAA-protected calls, from the FCC’s 2012 Order, related only to calls to residential lines and did not include calls to cell phones.¹³ The FCC further asserts that while HIPAA treats calls to residential and wireless numbers in the same way, the TCPA is not required to do so. The FCC maintains that differentiating between calls to residential lines versus cell phones is reasonable because calls to cell phones “can be more costly and intrusive than calls to residential numbers.”¹⁴

The DC Circuit will ultimately have to decide whether the FCC overstepped its authority in its 2015 Order regarding HIPAA-protected calls. It has been more than 16 months since oral argument in the case, and there is no indication if a decision is imminent, or if the DC Circuit is waiting for the FCC to amend or revoke the Order instead, given the different political make-up of the FCC following the change in presidential administration.  The FCC now is led by a Republican Chairman, Ajit Pai, who dissented in the 2015 Order as a member of the minority party.  Even if the court overturns the FCC’s interpretations of the TCPA as it relates to healthcare companies, the FCC will likely go back to the proverbial drawing board to create new rules and regulations. 

In the meantime, there is some good news for healthcare providers.  For example, the US Court of Appeals for the Second Circuit recently held that a healthcare provider was protected from TCPA liability when it sent a single text message to a patient reminding him to get a flu shot. In Latner v. Mount Sinai Health Sys., the plaintiff had provided his cell phone number to be contacted for “treatment.”¹⁵ According to the Second Circuit, the plaintiff therefore provided “prior express consent” under the 2012 Healthcare Exception, and “written” consent was not necessary. This decision is a good one for healthcare providers, and is hopefully a sign to come for those entities anticipating a ruling on the appeal of the FCC’s 2015 Order.

Conclusion

Healthcare providers are being sued under the TCPA not only for their own actions (and omissions) but also for the actions (and omissions) of third parties contacting patients on their behalf through theories of vicarious liability. These lawsuits arise out of all aspects of communications ranging from the method (call, text or fax) to the type of phone line called (residential or wireless) to the specific content of the communications and beyond.

With the risk of exorbitant statutory damages that arises in a TCPA class action lawsuit, healthcare providers need to consider the following questions when it comes to communicating with their patients and customers:

·         What type of communications are providers sending? Are they marketing or non-marketing?

·         Do you know what type of consent (express or written) is required to engage in marketing versus non-marketing communications?

·         Has the provider obtained the necessary consent?

·         Are third parties communicating on the provider’s behalf?

·         If so, has the provider limited their authority in any way? Are they abiding by those limits?

·         Does the provider know whether the phone numbers it or its third-party vendor are calling are wireless or residential numbers?

·         Is the provider giving patients the proper opportunity to opt out of further communications?

Healthcare providers should consider implementing communications policies and review any existing ones that will help them avoid exposure under the TCPA. These policies should focus on the questions raised above regarding the method and content of communications, along with issues involving consent, revocation of consent and the involvement of third parties.  

1.  47 U.S.C. § 227(b)(1)(B).
2.  Targets of class action lawsuits include health insurers, insurance agents, hospitals, pharmacies, to name a few. See, e.g., Bonnie Eslinger, Vertex To Pay $4.75M To End TCPA Case Over Hep C Faxes, Law 360 (Feb. 5, 2018), https://www.law360.com/articles/1008880/vertex-to-pay-4-75m-to-end-tcpa-case-over-hep-c-faxes.
3.  Rules & Regs. Implementing the Tel. Cons. Prot. Act of 1991, 27 FCC Rcd. 1830 (2012).
4.  47 U.S.C. § 227(b)(1)(B).
5.  Rules & Regs. Implementing the Tel. Cons. Prot. Act of 1991, 30 FCC Rcd. 7961 (2015).
6.  No. 15-1211.
7.  42 U.S.C. § 1302(a); 45 C.F.R. §§ 164.502; .506.
8.  2016 WL 750706 (D.C. Cir. Feb. 24, 2016).
9.  2015 Order at ¶ 146.
10.  Id. at ¶ 138.
11.  45 C.F.R. § 160.103.
12.  2016 WL 750706, at *10.
13.  2016 WL 194146 (D.C. Cir. Jan. 15, 2016).
14.  Id. at *70.
15.  879 F.3d 52 (2d Cir. 2018).