Telemedicine and remote patient monitoring companies will have an easier time engaging with their patients via text message. As we reported last week, on April 1st, the Supreme Court of the United States agreed with Facebook’s interpretation of the definition of “automatic telephone dialing system” (commonly referred to as an “autodialer”) in a lawsuit accusing Facebook of violating the TCPA.
The ambiguity in the TCPA regarding the definition of an autodialer meant that digital health companies were at risk of the TCPA’s private right of action and statutory penalty provisions by texting with their patients. The Supreme Court in Facebook unanimously overturned the Ninth Circuit’s broad interpretation of an autodialer, delivering a significant win for TCPA defendants. If your dialing equipment makes calls to telephone numbers maintained in your patient management system or your customer relationship management platform and does not utilize a random or sequential telephone number generator, text messages and calls using that system or platform are not required under the TCPA to obtain prior express written consent before sending a text or making a phone call. Importantly, the ruling does not distinguish between service-related (purely informational) messages and marketing messages for autodialer purposes, and accordingly applies to both non-telemarketing and telemarketing text messages and phone calls. As a result, as long as the dialing equipment does not use a random or sequential number generator, a digital health company will not be required to obtain “prior express written consent” from their patients before sending them a text, provided other aspects of the TCPA are complied with.
Health care providers are still able to utilize the health care messages exception to the TCPA, which allows health care providers to place artificial/prerecorded voice calls to cellphones, without the patient’s prior express consent, in order to convey important informational “health care messages.” Examples include appointment confirmations, prescription notifications, and exam reminders. Under the “health care messages” exemption, there are restrictions (e.g., patient-users cannot be “charged” for the call or text message; no more than three messages initiated per week; content of messages must be strictly limited to allowed purposes and cannot include marketing, advertising, billing, etc.).
Companies should note that the prohibition against pre-recorded or artificial voice calls without prior express written consent remains, as does the prohibition on unsolicited telemarketing phone calls to phone numbers on the national Do Not Call Registry or company-specific do-not-call lists.
All messaging must also comply with HIPAA privacy and security requirements. If your organization sends or is considering sending text messages that contain unencrypted PHI, it should (1) warn patients of the risks of communicating for healthcare purposes using unencrypted text messaging (or emails), (2) obtain patients’ preference and consent with respect to messages with unencrypted PHI, and (3) document the patient’s preference and consent, as well as the organization’s compliance efforts in this regard.
As text messaging continues to be the preferred method of communication by patients, digital health companies will be able to better engage with their patients going forward. The ability to engage through exchanging educational and informative health care information in the way that patients consume information, will increase patient engagement and positively impact health care outcomes.
For more information on telemedicine, telehealth, virtual care, remote patient monitoring, digital health, and other health innovations, including the team, publications, and representative experience, visit Foley’s Telemedicine & Digital Health Industry Team.
Let’s Talk Compliance | Provider Relief Fund: Reporting Requirements and Compliance Concerns