Telemedicine and Texting: Telephone Consumer Protection Act

08 March 2021 Blog
Authors: Nathaniel M. Lacktman Aaron T. Maguregui
Published To: Health Care Law Today Privacy, Cybersecurity & Technology Law Perspectives

Telemedicine and remote patient monitoring companies often want to maintain open communication channels with patients, whether it be scheduling, medication reminders, engagement pings, or even new product and service updates. Texting and push notifications are the current favored communication methods to engage patient-users. Digital health entrepreneurs can use these tools, but should be aware of the Telephone Consumer Protection Act (TCPA). This article shares some TCPA ideas that telemedicine and remote patient monitoring companies can consider incorporating into their software product design and user interface development.

The TCPA is a federal law that restricts telephone calls and texting to residential lines and cell phones unless the user has agreed, in writing, to receive those messages. In addition to federal fines and penalties enforcement actions from the Federal Communications Commission (FCC), private plaintiffs have filed lawsuits (including class actions) under the TCPA, and statutory damages for violations range from $500 and $1,500 per text message.

If a company that wants to send text messages to the user’s smartphone (whether marketing messages or not), best practice is to obtain the user’s “prior express written consent.” The written agreement should include a clear and conspicuous disclosure informing the user that:

  1. By executing the agreement, such person authorizes the seller to deliver or cause to be delivered to the signatory telemarketing calls using an automatic telephone dialing system or an artificial or prerecorded voice; and
  2. The person is not required to sign the agreement (directly or indirectly), or agree to enter into such an agreement as a condition of purchasing any property, goods, or services.

This user written consent can be provided electronically, provided it is recognized as a valid signature under the federal E-SIGN Act and state electronic signatures law. But there is some creatively and flexibility in product design, as the Federal Trade Commission (FTC) has allowed patient digital consent given via email, website click-sign form, texting, telephone keypress, and even voice recording.

Health Care Message Exception

There is an exception to the TCPA for health care messages. It allows health care providers to place artificial/prerecorded voice and text messages to cellphones, without the patient’s prior express consent, in order to convey important informational “health care messages.” Examples include appointment confirmations, prescription notifications, and exam reminders. But even under the “health care messages” exemption, there are restrictions (e.g., patient-users cannot be “charged” for the call or text message; no more than three messages initiated per week; content of messages must be strictly limited to allowed purposes and cannot include marketing, advertising, billing, etc.). All messaging must also comply with HIPAA privacy and security requirements and opt-out requests must be honored immediately.

Push Notifications

Many early stage telemedicine companies (particularly direct to consumer (DTC) telemedicine companies) prefer a browser-based patient dashboard with texting, rather than developing a downloadable dedicated app. Remote patient monitoring companies, even early stage, are more likely to have downloadable apps linked to Bluetooth-enabled medical devices. For companies with a mobile app, one solution is to use push notifications instead of texting. This may avoid the TCPA’s jurisdiction altogether. Push notifications are similar to texting in that they both pop-up on the individual's smartphone to deliver messages and/or prompt the user to take action. But because push notifications are controlled by the app user and not considered a text message or a phone call, they are not regulated by the TCPA. Apps and push notifications are still regulated by state privacy laws, and potentially (not always) HIPAA. A push notification also has the added benefit of being able to directly route the user to the mobile app so that content and information can be provided to the patient in an engaging and secure format.

Effective communication via a convenient – if not delightful – user experience platform is critical to patient-user engagement regardless of the type of telemedicine or remote patient monitoring specialty. As more patients begin to rely on their smartphone as the single source for communications, digital health companies can take some simple but important steps to comply with TCPA (and other potentially applicable laws) when developing the product design.

Want to Learn More?

For more information on telemedicine, telehealth, virtual care, remote patient monitoring, digital health, and other health innovations, including the team, publications, and representative experience, visit Foley’s Telemedicine & Digital Health Industry Team.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.